Lucene search
K

344 matches found

UbuntuCve
UbuntuCve
added 2020/06/30 12:15 p.m.26 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.3AI score0.00538EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/06/18 12:0 a.m.20 views

SUSE SLES12 Security Update : krb5-appl (SUSE-SU-2020:1533-1)

This update for krb5-appl fixes the following issues : CVE-2020-10188: Fixed a remote root execution bsc1165787. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...

10CVSS7.7AI score0.74513EPSS
Exploits2References4
OSV
OSV
added 2020/06/04 8:31 a.m.1 views

SUSE-SU-2020:1533-1 Security update for krb5-appl

This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution bsc1165787...

10CVSS9.5AI score0.74513EPSS
Exploits2References3
Zero Day Initiative
Zero Day Initiative
added 2020/05/28 12:0 a.m.95 views

(Pwn2Own) Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file...

7.8CVSS3.7AI score0.03667EPSS
Exploits3References1
CNVD
CNVD
added 2020/04/15 12:0 a.m.4 views

SAP Landscape Management Elevation of Privilege Vulnerability

SAP Landscape Management is a centralized SAP product management system from SAP. The system is used to centrally manage and configure SAP software systems running in physical, virtual, and cloud infrastructures. A security vulnerability exists in SAP Landscape Management version 3.0 and SAP...

7.2CVSS7.1AI score0.01236EPSS
Exploits0
OSV
OSV
added 2020/04/14 7:15 p.m.7 views

CVE-2020-6236

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admingroup privileges to change ownership and permissions including S-user ID bit s-bit of arbitrary files remotely. This results in the possibility to execute these files as root user from a...

7.2CVSS7.3AI score0.01236EPSS
Exploits0References2
OSV
OSV
added 2020/04/03 1:15 p.m.2 views

CVE-2020-4273

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977...

7.8CVSS5.9AI score0.00401EPSS
Exploits0References2
Prion
Prion
added 2020/03/30 10:15 p.m.14 views

Command injection

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

9CVSS7.4AI score0.02149EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2020/03/13 12:0 a.m.27 views

VMware Workstation Virtual Printer External Control of File Name Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Virtual Print...

7.8CVSS4.6AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/24 12:0 a.m.4 views

D-Link DAP-2610 Authentication Bypass Vulnerability

The D-Link DAP-2610 is a wireless AC1300 Wave 2 dual-band PoE access point. An authentication bypass vulnerability exists in the handling of passwords in the D-Link DAP-2610 2.01RC067. The vulnerability stems from a lack of proper password checking. An attacker can exploit the vulnerability to...

8.8CVSS8.2AI score0.13343EPSS
Exploits0References1
OSV
OSV
added 2020/02/14 6:15 p.m.4 views

CVE-2020-8858

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...

8.8CVSS7.6AI score0.07439EPSS
Exploits0References2
NVD
NVD
added 2020/01/09 5:15 p.m.25 views

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

7.8CVSS7.6AI score0.01537EPSS
Exploits1References1
OSV
OSV
added 2020/01/09 5:15 p.m.2 views

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

8.8CVSS7.4AI score0.02238EPSS
Exploits1References1
NVD
NVD
added 2020/01/09 5:15 p.m.22 views

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

9CVSS8.7AI score0.02238EPSS
Exploits1References1
Prion
Prion
added 2020/01/09 5:15 p.m.26 views

Design/Logic Flaw

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

9CVSS8.6AI score0.02238EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/01/09 5:15 p.m.21 views

Hardcoded credentials

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

7.2CVSS7.5AI score0.01537EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/01/09 4:24 p.m.31 views

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

8.8AI score0.02238EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/09 4:22 p.m.28 views

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

7.6AI score0.01537EPSS
Exploits1References1
CVE
CVE
added 2020/01/09 4:22 p.m.53 views

CVE-2019-14919

The CVE concerns the Billion Smart Energy Router SG600R2 (firmware v3.02.rc6). An exposed Telnet service allows a local attacker to authenticate using hardcoded credentials, gaining root execution privileges on the device. This directly enables privileged control from the local network. The avail...

7.8CVSS7.5AI score0.01537EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/19 3:45 p.m.20 views

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection vulnerability (CVE-2016-0236)

Summary IBM Security Guardium Database Activity Monitor could allow an authenticated attacker to injection commands into the search field that will be executed as root. Vulnerability Details CVEID: CVE-2016-0236 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow an...

9CVSS1.4AI score0.0255EPSS
Exploits0Affected Software1
Rows per page
Query Builder