Moxa MB3xxx Series Protocol Gateways

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: MB3170 series, MB3180 series, MB3270 series, MB3280 series, MB3480 series, and MB3660 series Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow to Buffer Overflow,...

Lenovo XClarity Administrator Access Control Error Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. An access control error vulnerability exists in Lenovo XClarity Administrator LX...

CVE-2020-6769

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway VSG allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded...

Authentication flaw

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway VSG allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded...

CVE-2020-6769 Missing Authentication for Critical Function in Bosch Video Streaming Gateway

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway VSG allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded...

CVE-2019-19822

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 allows remote attackers to retrieve the configuration, including sensitive data usernames and passwords. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R...

CVE-2019-17635

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted...

Deserialization of untrusted data

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted...

CVE-2019-17635

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted...

CVE-2019-6331

An issue was found in Samsung Mobile Print Android versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information...

Unspecified Vulnerability in Forcepoint NGFW Security Management Center

Forcepoint NGFW Security Management Center SMC is a Forcepoint product that provides unified, centralized management capabilities for Forcepoint's next-generation firewalls. A security vulnerability exists in Forcepoint NGFW SMC versions prior to 6.5.12 and prior to 6.7.1. An attacker could explo...

CVE-2019-3992

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2019-3989

The Blink XT2 Sync Module firmware (pre-2.13.11) is affected by CVE-2019-3989, a remote OS command injection due to improper sanitization of internal network data. The vulnerability arises when the device constructs and executes OS commands from external input (notably via get_network()/get_netwo...

CVE-2019-13557

In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information...

Unspecified Vulnerability in CloudBees Jenkins Global Post Script Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Global Post Script Plugin is used in which a...

CVE-2019-13525

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...

CVE-2019-13525

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...

Authentication flaw

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...

CVE-2019-13525

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...