Total
23736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6609 | 1 Jsp Tickets Project | 1 Jsp Tickets | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. | |||||
CVE-2017-8274 | 1 Qualcomm | 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core. | |||||
CVE-2018-5379 | 5 Canonical, Debian, Quagga and 2 more | 10 Ubuntu Linux, Debian Linux, Quagga and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. | |||||
CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
CVE-2018-6512 | 1 Puppet | 3 Pe-razor-server, Puppet Enterprise, Razor-server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. | |||||
CVE-2018-6638 | 1 Wiris | 1 Mathtype | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | |||||
CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | |||||
CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
CVE-2017-12180 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2015-9206 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Sd 205 and 27 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large. | |||||
CVE-2017-5823 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2014-3990 | 1 Opencart | 1 Opencart | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
CVE-2017-5460 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-5804 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
CVE-2018-11560 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | |||||
CVE-2018-10621 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. | |||||
CVE-2017-7785 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2017-5413 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. |