NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004
Overview : A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that
Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers
Overview : Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,
Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated
Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key
Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key,
MongoDB Enterprise Kubernetes Operator 1.2.5
Overview : X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes
The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.
Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to
Multiple vulnerabilities in EasyBlocks IPv6
Overview : Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.
Overview : Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to
Vulnerabilities Discovered in CIPAce Enterprise Platform
Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP
Data Center Security Privilege Escalation
Overview : Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers
Overview : PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server
security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
Overview : A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula.
Overview : The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be
PRTG-Network-Monitor-Information-Disclosure
Overview : PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server
unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by
Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection
Overview : In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually
Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.
Overview : Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.
Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can
CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056
Overview : ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions 9.5