| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. |
| A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. |
| A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. |
| Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( |
| Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources. |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. |
| Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. |
| Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. |
| Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. |
| An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. |
| Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. |
| In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. |
| EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. |
| A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |