Latest CVE Feed
-
10.0
HIGHCVE-2015-7938
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.... Read more
- Published: Jan. 09, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to a... Read more
- Published: Jan. 27, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-6543
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine... Read more
- Published: Feb. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.... Read more
Affected Products : router_manager- Published: Oct. 29, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-29495
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the ... Read more
- Published: Jan. 14, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2009-4919
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.... Read more
Affected Products : asa_5580- Published: Jun. 29, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2009-5052
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.... Read more
Affected Products : smarty- Published: Feb. 03, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie t... Read more
Affected Products : cloud- Published: Mar. 23, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3673
u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind... Read more
Affected Products : qca6390_firmware qca6574au_firmware sa6155p_firmware sa8155p_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware +70 more products- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-3926
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as ... Read more
- Published: Apr. 30, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-3950
Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to.... Read more
Affected Products : vmb3010_firmware vmb4000_firmware vmb3500_firmware vmb4500_firmware vmb5000_firmware vmb3010 vmb4000 vmb3500 vmb4500 vmb5000- Published: Jul. 09, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-9114
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qsee_query_counter syscall could le... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_425_firmware sd_430_firmware sd_650_firmware sd_652_firmware sd_425 sd_430 +6 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-3984
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.... Read more
- Published: Dec. 31, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3628
Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20... Read more
- Published: Jun. 22, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-9164
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, ... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware msm8909w_firmware sd_410_firmware sd_412_firmware sd_210_firmware sd_212_firmware sd_205_firmware +34 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-9182
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, S... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware sd_410_firmware sd_412_firmware +44 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-9190
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and ... Read more
Affected Products : android msm8909w_firmware ipq4019_firmware mdm9206_firmware mdm9607_firmware mdm9635m_firmware mdm9615_firmware mdm9625_firmware sd_410_firmware sd_412_firmware +29 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-5561
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more
Affected Products : keijiban_tsumiki- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-6760
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.... Read more
- Published: Feb. 06, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-6961
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability ex... Read more
Affected Products : apexpro_telemetry_server_firmware carescape_central_station_mai700_firmware carescape_central_station_mas700_firmware clinical_information_center_mp100d_firmware clinical_information_center_mp100r_firmware carescape_telemetry_server_mp100r_firmware apexpro_telemetry_server carescape_central_station_mai700 carescape_central_station_mas700 clinical_information_center_mp100d +2 more products- Published: Jan. 24, 2020
- Modified: Nov. 21, 2024