Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.