Total
23703 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19994 | 1 Seling | 1 Visual Access Manager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php. | |||||
CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
BabyGekko before 1.2.4 allows PHP file inclusion. | |||||
CVE-2019-18355 | 1 Thycotic | 1 Secret Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | |||||
CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-12-10 | 7.5 HIGH | 9.1 CRITICAL |
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | |||||
CVE-2019-16662 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
CVE-2019-14005 | 1 Qualcomm | 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
CVE-2019-15683 | 1 Turbovnc | 1 Turbovnc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. | |||||
CVE-2019-8661 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2019-17320 | 1 Netsarang | 1 Xftp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | |||||
CVE-2019-20489 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie. | |||||
CVE-2019-18624 | 1 Opera | 1 Mini | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. | |||||
CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||||
CVE-2019-18283 | 1 Siemens | 1 Sppa-t3000 Application Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2019-10749 | 1 Sequelizejs | 1 Sequelize | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | |||||
CVE-2019-19333 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | |||||
CVE-2020-3923 | 1 Tonnet | 16 Tat-70432n, Tat-70432n Firmware, Tat-71416g1 and 13 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. | |||||
CVE-2019-18925 | 1 Systematic | 1 Iris Webforms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. | |||||
CVE-2019-15859 | 1 Socomec | 2 Diris A-40, Diris A-40 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. |