Latest CVE Feed
-
10.0
HIGHCVE-2019-9160
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password con... Read more
- EPSS Score: %1.82
- Published: Apr. 18, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-11448
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently ... Read more
- EPSS Score: %22.68
- Published: Apr. 22, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-19442
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/m... Read more
- EPSS Score: %18.24
- Published: Apr. 25, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-18369
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and ... Read more
- EPSS Score: %87.54
- Published: May. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-15128
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.... Read more
- EPSS Score: %1.55
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-19987
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPoint... Read more
Affected Products : dir-822_firmware dir-880l_firmware dir-822_firmware dir-818lw_firmware dir-860l_firmware dir-868l_firmware dir-890l\/r_firmware dir-860l dir-868l dir-822 +3 more products- EPSS Score: %81.83
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-19986
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in ... Read more
- EPSS Score: %54.88
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An at... Read more
- EPSS Score: %0.43
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2018-4029
An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to me... Read more
- EPSS Score: %0.61
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.... Read more
Affected Products : percona_server- EPSS Score: %0.30
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-11937
Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +50 more products- EPSS Score: %0.27
- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2245
Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware mdm9650_firmware +72 more products- EPSS Score: %0.33
- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGH- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2019-12165
MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful expl... Read more
- EPSS Score: %0.78
- Published: May. 29, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-9891
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.... Read more
Affected Products : advanced_bash-scripting_guide- EPSS Score: %0.74
- Published: May. 31, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-6725
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be ... Read more
- EPSS Score: %0.44
- Published: May. 31, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-14853
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid out... Read more
Affected Products : siteomat- EPSS Score: %2.18
- Published: Jun. 03, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-11944
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more
Affected Products : intelligent_management_center- EPSS Score: %33.04
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-11945
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more
Affected Products : intelligent_management_center- EPSS Score: %62.70
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-5352
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more
Affected Products : intelligent_management_center- EPSS Score: %19.03
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024