Latest CVE Feed
-
10.0
HIGHCVE-2019-5356
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more
Affected Products : intelligent_management_center- EPSS Score: %19.72
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-10171
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivil... Read more
Affected Products : mackeeper- EPSS Score: %0.30
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-1999-0599
A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.... Read more
Affected Products :- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2009-5156
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.... Read more
- EPSS Score: %6.88
- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-20841
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.... Read more
- EPSS Score: %34.12
- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2019-10959
BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 a... Read more
Affected Products : alaris_gateway_workstation_firmware alaris_gs_syringe_pump_firmware alaris_gh_syringe_pump_firmware alaris_cc_syringe_pump_firmware alaris_tiva_syringe_pump_firmware alaris_gateway_workstation alaris_gs_syringe_pump alaris_gh_syringe_pump alaris_cc_syringe_pump alaris_tiva_syringe_pump- EPSS Score: %1.06
- Published: Jun. 13, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-13911
Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware +82 more products- EPSS Score: %0.33
- Published: Jun. 14, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2255
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware +60 more products- EPSS Score: %0.66
- Published: Jun. 14, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12549
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.... Read more
- EPSS Score: %0.84
- Published: Jun. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12550
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.... Read more
- EPSS Score: %0.58
- Published: Jun. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-6971
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.... Read more
- EPSS Score: %12.24
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who k... Read more
- EPSS Score: %15.52
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address... Read more
- EPSS Score: %20.08
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2007
In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User inte... Read more
Affected Products : android- EPSS Score: %0.16
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12920
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET lo... Read more
- EPSS Score: %0.35
- Published: Jun. 20, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-16618
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are c... Read more
- EPSS Score: %16.17
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-1999-0580
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.... Read more
Affected Products :- EPSS Score: %0.35
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2018-15556
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.... Read more
- EPSS Score: %2.54
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-8408
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials ... Read more
- EPSS Score: %21.11
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-7261
Linear eMerge E3-Series devices have Hard-coded Credentials.... Read more
- EPSS Score: %2.64
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024