C in Cesanta Mongoose Embedded Web Server Library.7 and earlier and Mongoose.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data post request without a mime boundary string.
7.2 CVE BID confirm cisco - A vulnerability in the futura t medium font local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (ngfw and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection.
9.0 CVE misc a livraria 24 horas do mr. penumbra pdf summer_infant - Summer Baby Zoom Wifi Monitor Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.
4.0 CVE BID confirm cisco - registered_envelope_service A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect.6.5 CVE misc paessler - prtg Paessler prtg before 45 has XSS via snmp.9.3 CVE BID confirm linux - linux_kernel An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.4.6 CVE misc BID dell - Dell Integrated Remote Access Controller (idrac) 6 before.80 allows remote attackers to execute arbitrary administrative http commands.More Information: CSCvb61351 CSCvb61637.7.2 CVE BID confirm cisco - A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (ngfw and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka.Known Fixed Releases:.2(1.105).1(1.1733).1(1.69).7.6 CVE BID confirm linux - linux_kernel An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.4.3 CVE confirm confirm confirm imagemagick - imagemagick coders/rle.
7.6 CVE BID confirm gynoii - gcw-1010 Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
7.2 CVE misc Back to top Medium Vulnerabilities Primary Vendor - Product Description Published cvss Score Source Patch Info apache - ignite Apache Ignite before.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
6.8 CVE BID misc netapp - clustered_data_ontap NetApp Clustered Data ontap.1 through.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
Note: this issue exists because of an incomplete fix for CVE.
6.5 CVE misc BID BID dell - Dell Integrated Remote Access Controller (idrac) 6 before.85 and 7/8 before has XSS.CVE, exploit-DB botan_project - botan botan before.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.6.5 CVE misc swagger_project - swagger-ui Swagger-UI before.2.1 has XSS via the Default field in the Definitions section.7.2 CVE BID confirm cisco - firepower_management_center A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes.7.5 CVE misc sierrawireless - aleos_firmware Sierra Wireless GX 440 devices with aleos firmware.3.2 execute the management web application as root.CVE, mISC atlassian - jira, the jira Workflow Designer Plugin in Atlassian jira Server before.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java.5.8 CVE BID confirm cisco - unified_communications_manager A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.