| Page(s) : 1 ... 837 838 839 840 841 842 843 844 845 846 [847] 848 849 850 851 852 853 854 855 856 857 ... | Result(s) : 43550 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.6 | 2020-10-09 | CVE-2020-26928 | cve | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK... |
| 9.8 | 2020-10-08 | CVE-2020-25273 | cve | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. |
| 9.8 | 2020-10-08 | CVE-2020-1914 | cve | A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially... |
| 9.8 | 2020-10-08 | CVE-2020-15243 | cve | Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and act... |
| 9.8 | 2020-10-07 | CVE-2020-11800 | cve | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. |
| 9.1 | 2020-10-07 | CVE-2020-13347 | cve | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker ex... |
| 9.1 | 2020-10-07 | CVE-2020-15175 | cve | In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete ... |
| 9.8 | 2020-10-06 | CVE-2020-7465 | cve | The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or c... |
| 9.8 | 2020-10-06 | CVE-2020-1907 | cve | A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iO... |
| 9.8 | 2020-10-06 | CVE-2020-26607 | cve | An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacke... |
| 9.8 | 2020-10-06 | CVE-2020-24217 | cve | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send a... |
| 9.8 | 2020-10-06 | CVE-2020-24214 | cve | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer ov... |
| 9.8 | 2020-10-06 | CVE-1999-0199 | cve | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allo... |
| 9.8 | 2020-10-06 | CVE-2020-8782 | cve | Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. |
| 9.8 | 2020-10-06 | CVE-2020-24215 | cve | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any admin... |
| 9.6 | 2020-10-06 | CVE-2020-26574 | cve | Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is r... |
| 9.8 | 2020-10-06 | CVE-2020-24218 | cve | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. |
| 9.8 | 2020-10-05 | CVE-2020-6875 | cve | A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerabil... |
| 9.8 | 2020-10-05 | CVE-2020-4493 | cve | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. |
| 9.8 | 2020-10-05 | CVE-2020-16226 | cve | Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary com... |
| Page(s) : 1 ... 837 838 839 840 841 842 843 844 845 846 [847] 848 849 850 851 852 853 854 855 856 857 ... | Result(s) : 43550 |
