An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.