SaltStack Salt API Arbitrary Code Execution Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. An input validation vulnerability exists in the SaltStack Salt API that can be exploited by a remote attacker to submit a special request for unauthorized access to arbitrary code...

CVE-2020-3458

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

CVE-2020-8574 affects NetApp Active IQ Unified Manager for Linux prior to 9.6, where the Java Management Extensions (JMX) RMI service is enabled, enabling unauthorized code execution by local users. The connected sources confirm the issue is tied to the pre-9.6 Linux builds and describe local acc...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

GRUB2 Vulnerability – AKA

Lenovo Security Advisory: LEN-34794 Potential Impact: Escalation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-10713 Summary Description: Lenovo is aware of a vulnerability in GRUB2, an open source bootloader commonly used by Linux, that could allow Secure Bo...

CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

Command injection

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047 exacqVision Software - Improper Verification of Cryptographic Signature

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047

Exacqvision Web Service <= 20.06.3.0 and ExacqVision Enterprise Manager

CVE-2020-11999

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

Code injection

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

CVE-2020-11999

Rockwell Automation CVE-2020-11999 affects FactoryTalk Linx software versions 6.00/6.10/6.11 and related components (RSLinx Classic, CCS Workbench, ControlFLASH/ControlFLASH Plus, FactoryTalk Asset Centre, Linx CommDTM, Studio/Logix tools). The root cause is improper input validation in an expose...

Multiple Rockwell Automation Products Input Validation Error Vulnerability

Rockwell Automation RSLinx Classic is an industrial communications solution.Rockwell Automation RSLinx Classic is an industrial communications solution.Rockwell Automation FactoryTalk Linx is an industrial communications solution.Rockwell Automation ControlFLASH is a firmware update...

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

HPSBHF03663 rev. 1 - HP Sure Sense Unauthorized Code Execution

Potential Security Impact Unauthorized Code Execution Source: HP, HP Product Security Response Team PSRT Reported By: Flavio Baldassi of Horizon Security VULNERABILITY SUMMARY A potential security vulnerability in the HP Sure Sense driver may allow Unauthorized Code Execution. RESOLUTION note: Th...

CVE-2019-19089

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text...

Type confusion

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text...

CVE-2019-19089 eSOMS: X-Content-Type-Options Header Missing

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text...