Total
23734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3762 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | |||||
CVE-2020-9021 | 1 Postoaktraffic | 2 Awam Bluetooth Field Device, Awam Bluetooth Field Device Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | |||||
CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | |||||
CVE-2013-1744 | 1 Iris Citations Management Tool Project | 1 Iris Citations Management Tool | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | |||||
CVE-2019-16724 | 1 Upredsun | 1 File Sharing Wizard | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. | |||||
CVE-2013-2259 | 1 Cryptocat Project | 1 Cryptocat | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview | |||||
CVE-2019-10776 | 1 Git-diff-apply Project | 1 Git-diff-apply | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | |||||
CVE-2019-9459 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79593569 | |||||
CVE-2011-4094 | 1 Jara Project | 1 Jara | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Jara 1.6 has a SQL injection vulnerability. | |||||
CVE-2019-7193 | 1 Qnap | 1 Qts | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | |||||
CVE-2019-17539 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | |||||
CVE-2019-13116 | 1 Mulesoft | 1 Mule Runtime | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections | |||||
CVE-2020-3750 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-3763 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. | |||||
CVE-2019-10505 | 1 Qualcomm | 88 Mdm9150, Mdm9150 Firmware, Mdm9206 and 85 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
CVE-2020-10232 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | |||||
CVE-2020-10225 | 1 Phpgurukul | 1 Job Portal | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | |||||
CVE-2019-8562 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
CVE-2009-3887 | 1 Ytnef Project | 1 Ytnef | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ytnef has directory traversal |