| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\. |
| The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. |
| A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. |
| The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. |
| The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. |
| The R programming languageās default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. |
| In Contiki 4.5, TCP ISNs are improperly random. |
| In FNET 4.6.3, TCP ISNs are improperly random. |
| In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. |
| In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. |
| In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. |
| JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. |
| In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. |
