CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2020-7156 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1202 CVE-2020-7155 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1203 CVE-2020-7154 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1204 CVE-2020-7153 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1205 CVE-2020-7152 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1206 CVE-2020-7151 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1207 CVE-2020-7150 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1208 CVE-2020-7149 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1209 CVE-2020-7148 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1210 CVE-2020-7147 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1211 CVE-2020-7146 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1212 CVE-2020-7145 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1213 CVE-2020-7144 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1214 CVE-2020-7143 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1215 CVE-2020-7142 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1216 CVE-2020-7141 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1217 CVE-2020-7136 2020-04-30 2020-05-07
10.0
None Remote Low Not required Complete Complete Complete
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
1218 CVE-2020-7131 862 Mem. Corr. 2020-04-24 2020-05-14
9.0
None Remote Low ??? Complete Complete Complete
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).
1219 CVE-2020-7129 77 Exec Code 2020-11-04 2020-11-09
9.0
None Remote Low ??? Complete Complete Complete
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1220 CVE-2020-7128 77 Exec Code 2020-11-04 2020-11-09
10.0
None Remote Low Not required Complete Complete Complete
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1221 CVE-2020-7117 Exec Code 2020-06-03 2020-06-04
9.0
None Remote Low ??? Complete Complete Complete
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
1222 CVE-2020-7116 20 Exec Code 2020-06-03 2020-06-05
9.0
None Remote Low ??? Complete Complete Complete
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
1223 CVE-2020-7115 306 Exec Code Bypass 2020-06-03 2020-07-08
10.0
None Remote Low Not required Complete Complete Complete
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
1224 CVE-2020-7085 787 Exec Code Overflow 2020-04-17 2020-04-21
9.3
None Remote Medium Not required Complete Complete Complete
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
1225 CVE-2020-7082 416 Exec Code 2020-04-17 2020-04-23
9.3
None Remote Medium Not required Complete Complete Complete
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
1226 CVE-2020-7081 704 2020-04-17 2020-04-23
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
1227 CVE-2020-7080 120 Exec Code Overflow 2020-04-17 2020-04-21
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
1228 CVE-2020-7055 434 Exec Code 2020-04-22 2020-04-28
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
1229 CVE-2020-7040 59 2020-01-21 2020-09-17
9.3
None Remote Medium Not required Complete Complete Complete
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
1230 CVE-2020-7034 78 Exec Code 2021-04-23 2021-04-30
9.0
None Remote Low ??? Complete Complete Complete
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
1231 CVE-2020-7007 787 Exec Code 2020-03-24 2020-03-25
10.0
None Remote Low Not required Complete Complete Complete
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
1232 CVE-2020-6990 798 2020-03-16 2020-03-20
10.0
None Remote Low Not required Complete Complete Complete
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
1233 CVE-2020-6985 798 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
1234 CVE-2020-6981 798 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
1235 CVE-2020-6969 522 2020-02-05 2020-02-14
10.0
None Remote Low Not required Complete Complete Complete
It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.
1236 CVE-2020-6967 502 2020-03-23 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.
1237 CVE-2020-6966 326 Exec Code +Info 2020-01-24 2020-03-17
10.0
None Remote Low Not required Complete Complete Complete
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
1238 CVE-2020-6963 20 Exec Code 2020-01-24 2020-03-17
10.0
None Remote Low Not required Complete Complete Complete
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.
1239 CVE-2020-6962 20 Exec Code +Info 2020-01-24 2020-03-17
10.0
None Remote Low Not required Complete Complete Complete
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.
1240 CVE-2020-6939 2020-11-23 2020-12-08
10.0
None Remote Low Not required Complete Complete Complete
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
1241 CVE-2020-6932 20 Exec Code 2020-08-12 2020-08-17
10.0
None Remote Low Not required Complete Complete Complete
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
1242 CVE-2020-6852 287 2020-04-02 2020-04-03
10.0
None Remote Low Not required Complete Complete Complete
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.
1243 CVE-2020-6842 78 Exec Code 2020-02-21 2020-02-25
9.0
None Remote Low ??? Complete Complete Complete
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
1244 CVE-2020-6841 78 Exec Code 2020-02-21 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
1245 CVE-2020-6779 798 Exec Code 2021-01-26 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.
1246 CVE-2020-6770 502 Exec Code 2020-02-07 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.
1247 CVE-2020-6760 78 Exec Code 2020-02-06 2020-02-11
10.0
None Remote Low Not required Complete Complete Complete
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
1248 CVE-2020-6572 416 Exec Code 2021-01-14 2021-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1249 CVE-2020-6559 416 2020-09-21 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1250 CVE-2020-6556 787 Overflow 2020-09-21 2021-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.