Total
23573 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16735 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | |||||
CVE-2019-11400 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. | |||||
CVE-2019-11043 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | |||||
CVE-2019-16674 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. | |||||
CVE-2019-16517 | 1 Connectwise | 1 Control | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. | |||||
CVE-2019-16932 | 1 Themeisle | 1 Visualizer | 2023-12-10 | 5.8 MEDIUM | 10.0 CRITICAL |
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. | |||||
CVE-2011-5266 | 1 Imperva | 1 Securesphere Web Application Firewall | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | |||||
CVE-2016-9652 | 1 Google | 1 Chrome | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | |||||
CVE-2013-6792 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
CVE-2014-2228 | 1 Talend | 1 Restlet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | |||||
CVE-2019-16410 | 1 Suricata-ids | 1 Suricata | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. | |||||
CVE-2019-0403 | 1 Sap | 1 Enable Now | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | |||||
CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | |||||
CVE-2012-3807 | 1 Samsung | 1 Kies | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | |||||
CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | |||||
CVE-2019-18858 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. | |||||
CVE-2016-2031 | 2 Arubanetworks, Siemens | 5 Airwave, Aruba Instant, Arubaos and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | |||||
CVE-2019-16444 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
CVE-2019-18465 | 1 Ipswitch | 1 Moveit Transfer | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. | |||||
CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. |