Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.
37f85d55bff56ee29347e72ef5b07144CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
1e03b7ce73404f389184d11c6489d8e8Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
7ea2efd5fece16f023d6a11fbc170dd9A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
61e40633787cc4e53f3c37f19e049211Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
5cad18f5b078e0d55bd9a0c74f26e7ccMultiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
bf9ed2614877e99c373ab955e1c3e901A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
e0df0d3b74fa1ecc2091d30eb9104327ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.
21d4d95e72ff845d830ec7e7c0d06a11D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.
d17784050df3ae3fb82535964cf33f9cOpsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
bfca5d508c2cc0dae73d25b180e60694SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
57b583fec32a0c97cd4069def2bbac44QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d0c0ba61b46957bc948ee79547357e3fQuest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
40e0fc0c417670b30bccdf9097a9a547Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
fa95a83ac5f5a79ab8497701933a0dc5TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
2bd5d4a8164df05c24571e8ef90378b4A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
b7e22648d2a91d8ab369593f7eabdb11Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
223e4ef70d15bf9047b6fde86990def0Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
035ddfcb8a7d024e325b9f233a3d9bcfKaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.
04398c48a2c352c40a07dcb4a1897e4fTrend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
0e10fe92b1e5418787878b2ed8d69361Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
834309bd7c681fce682800c2b27a31c0Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
351e7980ee3be97f07ceb95ec237ce90Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
3d6f950a9eef0caafbc05be378131051Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
75bd302689d825abf438d908c7aeabceCore Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e711534cc773eca194793a6b82ce5f46
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed