| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. |
| A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. |
| Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. |
| Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. |
| Cisco ACE A2(3.6) allows log retention DoS. |
| ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities |
| A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. |
| IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability |
| oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation |
| NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. |
| haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections |
| cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. |
| D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. |
| Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. |
| Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. |
