Total
23752 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
CVE-2018-6512 | 1 Puppet | 3 Pe-razor-server, Puppet Enterprise, Razor-server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. | |||||
CVE-2018-6638 | 1 Wiris | 1 Mathtype | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | |||||
CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | |||||
CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
CVE-2017-12180 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2015-9206 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Sd 205 and 27 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large. | |||||
CVE-2017-5823 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
CVE-2014-3990 | 1 Opencart | 1 Opencart | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
CVE-2017-5460 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-5804 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
CVE-2018-11560 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | |||||
CVE-2018-10621 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. | |||||
CVE-2017-7785 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2017-5413 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
CVE-2018-5183 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
CVE-2018-4164 | 1 Apple | 1 Xcode | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component. | |||||
CVE-2017-5805 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. |