Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.
37f85d55bff56ee29347e72ef5b07144
CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
1e03b7ce73404f389184d11c6489d8e8
Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
7ea2efd5fece16f023d6a11fbc170dd9
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
61e40633787cc4e53f3c37f19e049211
Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
5cad18f5b078e0d55bd9a0c74f26e7cc
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
bf9ed2614877e99c373ab955e1c3e901
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
e0df0d3b74fa1ecc2091d30eb9104327
ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.
21d4d95e72ff845d830ec7e7c0d06a11
D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.
d17784050df3ae3fb82535964cf33f9c
Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
bfca5d508c2cc0dae73d25b180e60694
SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
57b583fec32a0c97cd4069def2bbac44
QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d0c0ba61b46957bc948ee79547357e3f
Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
40e0fc0c417670b30bccdf9097a9a547
Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
fa95a83ac5f5a79ab8497701933a0dc5
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
2bd5d4a8164df05c24571e8ef90378b4
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
b7e22648d2a91d8ab369593f7eabdb11
Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
223e4ef70d15bf9047b6fde86990def0
Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
035ddfcb8a7d024e325b9f233a3d9bcf
Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.
04398c48a2c352c40a07dcb4a1897e4f
Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
0e10fe92b1e5418787878b2ed8d69361
Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
834309bd7c681fce682800c2b27a31c0
Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
351e7980ee3be97f07ceb95ec237ce90
Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
3d6f950a9eef0caafbc05be378131051
Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
75bd302689d825abf438d908c7aeabce
Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e711534cc773eca194793a6b82ce5f46