The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request...
8.8CVSS
8.5AI Score
0.001EPSS
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary...
8.8CVSS
8.6AI Score
0.001EPSS
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing...
7.5CVSS
7.5AI Score
0.001EPSS
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...
5.9CVSS
5.6AI Score
0.001EPSS
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...
7.1CVSS
5.6AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6.5CVSS
6.4AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory...
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched...
7.4CVSS
6.7AI Score
0.0004EPSS
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
6.4AI Score
0.001EPSS
Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local...
7.3CVSS
7.3AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...
7.8CVSS
7.8AI Score
0.0004EPSS
Information Disclosure in Qualcomm IPC while reading values from shared memory in...
6.1CVSS
5.3AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory Corruption in Core due to secure memory access by user while loading modem...
8.4CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
An authenticated XCC user can change permissions for any user through a crafted API...
8.8CVSS
8.4AI Score
0.001EPSS
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a.....
6.5CVSS
6.4AI Score
0.0004EPSS
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific.....
7.5CVSS
7.4AI Score
0.0005EPSS
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP...
8.8CVSS
8.5AI Score
0.007EPSS
6.5CVSS
6.8AI Score
0.001EPSS
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File...
9.8CVSS
9.3AI Score
0.001EPSS
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the...
9.8CVSS
9.5AI Score
0.002EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...
8.2CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
9.8CVSS
9.3AI Score
0.001EPSS
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...
8.8CVSS
9AI Score
0.001EPSS
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an...
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously...
9.8CVSS
9.7AI Score
0.001EPSS
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...
6.5CVSS
6.5AI Score
0.0005EPSS
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA...
7.5CVSS
7.5AI Score
0.0005EPSS
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...
5.9CVSS
5.6AI Score
0.0004EPSS
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...
7.5CVSS
7.6AI Score
0.001EPSS
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service...
8.1CVSS
8AI Score
0.0004EPSS
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
9.2AI Score
0.001EPSS
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in...
5.9CVSS
5.7AI Score
0.0004EPSS
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is...