Trend Micro Apex One Elevation of Privilege Vulnerability

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the ApexOne Security Agent in Trend Micro Apex One. An...

CVE-2019-11859

A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2020-10924

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2020-10925

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files vi...

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue...

CVE-2020-15420

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loaderajax.php. When parsing the line parameter, the process does not...

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...

CVE-2020-15922

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. Authentication is required...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary code.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code with root privileges...

CVE-2020-4363

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960...

The vulnerability of the TCL-script interpreter used by Cisco IOS and Cisco IOS XE operating systems allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the TCL-script interpreter for Cisco IOS and Cisco IOS XE operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges on the base operating system...

Cisco Unified Contact Center Express Input Validation Error Vulnerability (CNVD-2020-29593)

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

Vulnerability in Trust Management Issues in Multiple NETGEAR Products (CNVD-2020-33660)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi A trust management...

CVE-2020-2015

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 version...

CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...

Input Validation Error Vulnerability in Multiple Cisco Products (CNVD-2020-31998)

Cisco IP Phone 7811 and others are an IP phone from Cisco USA. An input validation error vulnerability exists in the web server of multiple Cisco products, which arises from the program failing to properly validate input for HTTP requests. The vulnerability can be exploited to execute code with...

Palo Alto Networks PAN-OS Formatting String Error Vulnerability (CNVD-2020-22957)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A Formatting String Error vulnerability exists in the Varrcvr daemon in PAN-OS version 9.0 prior to 9.0.7 and version 9.1 prior to 9.1.2 in Palo Alto Networks. A remote attacker could...

CVE-2020-1990

The CVE-2020-1990 issue is a stack-based buffer overflow in PAN-OS management server. Affected: Palo Alto Networks PAN-OS 8.1.x before 8.1.13 and 9.0.x before 9.0.7 (not affecting 7.1). Exploitation requires authentication and can allow uploading a corrupted PAN-OS configuration with potential co...