Latest CVE Feed
-
10.0
HIGHCVE-2019-10557
Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... Read more
Affected Products : qca6574au_firmware sdx55_firmware sdm660_firmware msm8996au_firmware apq8096au_firmware qca6174a_firmware qca9377_firmware qcs605_firmware apq8009_firmware mdm9650_firmware +36 more products- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-21505
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to th... Read more
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-39720
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A... Read more
Affected Products : android- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-6969
It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.... Read more
- Published: Feb. 05, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-6963
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, ... Read more
Affected Products : apexpro_telemetry_server_firmware carescape_central_station_mai700_firmware carescape_central_station_mas700_firmware clinical_information_center_mp100d_firmware clinical_information_center_mp100r_firmware carescape_telemetry_server_mp100r_firmware apexpro_telemetry_server carescape_central_station_mai700 carescape_central_station_mas700 clinical_information_center_mp100d +2 more products- Published: Jan. 24, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2007-4982
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the arg... Read more
Affected Products : qrcode_activex- Published: Sep. 19, 2007
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.... Read more
- Published: May. 23, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2014-1635
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.... Read more
- Published: Nov. 12, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-7985
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.... Read more
Affected Products : espocrm- Published: Oct. 31, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-5053
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attack... Read more
Affected Products : gpu_driver- Published: Nov. 24, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2019-11081
A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server.... Read more
Affected Products : sidexis- Published: Apr. 24, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2018-21268
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command ... Read more
Affected Products : traceroute- Published: Jun. 25, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-9458
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.... Read more
Affected Products : ida- Published: Jan. 02, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2010-0140
Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to ... Read more
Affected Products : unified_meetingplace- Published: Jan. 28, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2002-2236
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.... Read more
Affected Products : apt-www-proxy- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
10.0
CRITICALCVE-2021-43984
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more
Affected Products : mypro- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-7292
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.... Read more
Affected Products : fire_os- Published: Apr. 10, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2008-2832
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request ... Read more
Affected Products : aspwebcalendar2008- Published: Jun. 24, 2008
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2014-0604
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.... Read more
Affected Products : reflection_ftp_client- Published: Feb. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2017-18145
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework e... Read more
Affected Products : android sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware msm8909w_firmware sd_210_firmware sd_212_firmware sd_205_firmware sd_615_firmware +19 more products- Published: Apr. 11, 2018
- Modified: Nov. 21, 2024