The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.
d393eda92218fb28d4719259401d1db3e0731edb5b930170f2f951494d02fbc7
Poly Studio X30, Studio X50, Studio X70, and G7500 versions 3.4.0-292042, 3.5.0-344025, and 3.6.0 suffers from an authenticated command injection vulnerability.
924a951f490c6e59775e62eb12780f10e62f6d7f2146393b9885a0aa17849cbd
Poly EagleEye Director II version 2.2.1.1 suffers from multiple authenticated remote command injection vulnerabilities as well as an authentication bypass vulnerability.
65f5c3af9c0467b68e4a064f7a3e889a40685745b50fa1cc3d5360a1e5ea20c4
Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities.
57e210f71bf42a3b11e36e7813fbbb82fccbd07555cd2d876285ea9c410da45c
Miele Benchmark Programming Tool versions 1.1.49 and 1.2.71 suffer from a privilege escalation vulnerability.
d9c54518c9774d14210fa309ae32ce7bf54eac2d1ed82cd249dec9506f8662c7
Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, and IoT Interface 3124.300.
9d5e13a39f03bb1911253ad043b021ed88fe002de985be551eb7fc9a7aafa105
ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
f632ef85f28ad70bb9342601a5f35a98d661dd706019e37f2cc899fa7c91121f