Huawei Data Communication: Side-Channel Vulnerability Variants 3a and 4 (huawei-sa-20180615-01-cpu)
Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and...
5.5CVSS
7.7AI Score
0.003EPSS
7.4AI Score
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be...
0.9AI Score
0.975EPSS
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be...
0.4AI Score
0.975EPSS
Some Huawei products have a memory leak...
7.5CVSS
7.6AI Score
0.001EPSS
WordPress Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Exploit
Exploit for php platform in category web...
7.1AI Score
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive...
6.5CVSS
6.8AI Score
0.009EPSS
There is a weak algorithm vulnerability in some Huawei...
5.9CVSS
5.8AI Score
0.002EPSS
Huawei Data Communication: DoS Vulnerability in Huawei Switches (huawei-sa-20161130-01-switch)
There is a denial of service (DoS) vulnerability in Huawei switches due to improper management of system...
6.5CVSS
6.5AI Score
0.001EPSS
Multiple Huawei products are prone to a denial of service vulnerability in the IPv6 Neighbor Discovery packet...
7.5CVSS
7.4AI Score
0.015EPSS
Huawei Data Communication: Memory Leak Vulnerability (huawei-sa-20161221-01-ldp)
Some Huawei products are prone to a memory leak...
4.3CVSS
4.6AI Score
0.001EPSS
Some Huawei products have a memory leak...
5.3CVSS
5.3AI Score
0.001EPSS
Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF...
7.5CVSS
7.6AI Score
0.001EPSS
Some Huawei devices have an integer overflow...
5.9CVSS
6AI Score
0.002EPSS
CVE-2020-12800 POC Script for...
9.8CVSS
9.3AI Score
0.975EPSS
Description of the security update for SharePoint Foundation 2013: May 12, 2020
Description of the security update for SharePoint Foundation 2013: May 12, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
7.1AI Score
0.014EPSS
Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management
Summary There are multiple vulnerabilities in Mozilla Firefox used by IBM® Cloud App Management. IBM Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details ** CVEID: CVE-2020-6796 DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute...
8.8CVSS
2.2AI Score
0.013EPSS
9.8CVSS
8.8AI Score
0.534EPSS
Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin.....
9.8CVSS
9.4AI Score
0.534EPSS
Releases Ubuntu 16.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...
9.8CVSS
10AI Score
0.534EPSS
Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of...
2.1AI Score
0.022EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...
8.2CVSS
6.2AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...
5.3CVSS
6AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....
5.3CVSS
6.1AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...
5.3CVSS
6.2AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...
8.2CVSS
6AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....
5.3CVSS
6.2AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...
5.3CVSS
6.1AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....
5.3CVSS
6.2AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...
8.2CVSS
6.2AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through....
6.1AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue...
6.1AI Score
0.004EPSS
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or...
6.2AI Score
0.004EPSS
Description of the security update for SharePoint Foundation 2013: April 14, 2020
Description of the security update for SharePoint Foundation 2013: April 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
6.7AI Score
0.089EPSS
9.8CVSS
7.6AI Score
0.526EPSS
Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4328-1)
It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...
9.8CVSS
8.8AI Score
0.526EPSS
MS15-099: Description of the security update for SharePoint Foundation 2013: September 8, 2015
Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...
-0.4AI Score
Releases Ubuntu 19.10 Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792)...
9.8CVSS
9.6AI Score
0.526EPSS
An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January...
5.3CVSS
5.2AI Score
0.001EPSS
Synergy Systems & Solutions HUSKY RTU (Update A)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Synergy Systems & Solutions (SSS) Equipment: HUSKY RTU --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Improper Authentication, Improper Input Validation, Missing Authentication...
9.8CVSS
8AI Score
0.004EPSS
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code...
9.8CVSS
9.8AI Score
0.008EPSS
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code...
9.8CVSS
9.8AI Score
0.008EPSS
FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server
FProbe - Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some...
7.3AI Score
A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted...
6.5CVSS
3.5AI Score
0.011EPSS
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-6796, CVE-2020-6800, CVE-2020-6798 Vulnerability Details ** CVEID: CVE-2020-6796 DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds...
8.8CVSS
2.9AI Score
0.013EPSS
Customers created via the Customer Portal do not trigger an email verification
In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: * version < 3.16.13 * 4.0.0 ≤ version < 4.5.3 * 4.6.0 ≤ version < 4.7.0 ...
5.4AI Score
Customers created via the Customer Portal do not trigger an email verification
In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: * version < 3.16.13 * 4.0.0 ≤ version < 4.5.3 * 4.6.0 ≤ version < 4.7.0 ...
5.4AI Score
Amazon Linux 2 : thunderbird (ALAS-2020-1408)
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. (CVE-2020-6792) When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory...
8.8CVSS
8.3AI Score
0.013EPSS
Issue Overview: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. (CVE-2020-6792) When processing an email message with an ill-formed envelope, Thunderbird could read data from a...
8.8CVSS
8.8AI Score
0.013EPSS
GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-10 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be...
9.8CVSS
0.8AI Score
0.526EPSS