Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.
ec35943a76a3c284d24b95110cd826800beebfcbda0fb782c4dc64877ec72836
CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672
Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8
Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6a
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2a
ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.
3b57e1d843a64059edf1200acba22a276913db2838fb449328d307badda0ce0e
D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.
0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115
Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1
SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998
Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
c5187235d9542ea658539bfb88cc9cb5ce9f82fc8cafd49e9eb8cb63664932db
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428
Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.
1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6
Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
149823a62c0b55b825b4c969054429d6a9537f6a010bb018f45e836ab0ce649f
Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0
Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
8e879696170b8b1f6b2ecc8c0d882967bb47bb12e348f1e061c984909eef85df
Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
a3d3c8ab85600ad227bf0c9e7815c6b6891b9a726516893c8a904650f83bd791
Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7
Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701