An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This affects the package multi-ini before 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
An authenticated user might execute malicious code under the user context and take control of the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. Rated high severity (CVSS 7.0). No vendor patch available.