|
CVE-2020-8468
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape... |
Trend Micro |
Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-24557
|
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a... |
Trend Micro |
Trend Micro Apex One, Trend Micro Worry-Free Business Security |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-8599
|
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an... |
Trend Micro |
Trend Micro OfficeScan, Trend Micro Apex One |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-36742
|
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1... |
Trend Micro |
Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-36741
|
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1... |
Trend Micro |
Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2019-20085
|
TVT NVMS-1000 devices allow GET /.. Directory Traversal |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-5849
|
Unraid 6.8.0 allows authentication bypass. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-5847
|
Unraid through 6.8.0 allows Remote Code Execution. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2019-16759
|
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-17496
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel... |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2019-5544
|
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the... |
n/a |
ESXi and Horizon DaaS |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-3992
|
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a... |
n/a |
VMware ESXi |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-3950
|
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before... |
n/a |
VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-22005
|
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on... |
n/a |
VMware vCenter Server, VMware Cloud Foundation |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-3952
|
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does... |
n/a |
VMware vCenter Server |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-21972
|
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port... |
n/a |
VMware vCenter Server, VMware Cloud Foundation |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-21985
|
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in... |
n/a |
VMware vCenter Server and VMware Cloud Foundation |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-4006
|
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. |
n/a |
VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-25213
|
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it... |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-11738
|
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file... |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-27561
|
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2021-40539
|
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-10189
|
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the... |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2019-8394
|
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |
|
CVE-2020-29583
|
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account... |
n/a |
n/a |
2021-11-03 00:00:00 UTC |
CISA |