Vulnerabilities (CVE)

Total 23573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16735 2 Petwant, Skymee 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
CVE-2019-11400 1 Trendnet 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.
CVE-2019-11043 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2023-12-10 7.5 HIGH 9.8 CRITICAL
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2019-16674 1 Weidmueller 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
CVE-2019-16517 1 Connectwise 1 Control 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.
CVE-2019-16932 1 Themeisle 1 Visualizer 2023-12-10 5.8 MEDIUM 10.0 CRITICAL
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
CVE-2011-5266 1 Imperva 1 Securesphere Web Application Firewall 2023-12-10 7.5 HIGH 9.8 CRITICAL
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
CVE-2016-9652 1 Google 1 Chrome 2023-12-10 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
CVE-2013-6792 1 Google 1 Android 2023-12-10 7.5 HIGH 9.8 CRITICAL
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
CVE-2014-2228 1 Talend 1 Restlet 2023-12-10 7.5 HIGH 9.8 CRITICAL
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
CVE-2019-16410 1 Suricata-ids 1 Suricata 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.
CVE-2019-0403 1 Sap 1 Enable Now 2023-12-10 7.5 HIGH 9.8 CRITICAL
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
CVE-2014-5007 1 Zohocorp 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers 2023-12-10 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
CVE-2012-3807 1 Samsung 1 Kies 2023-12-10 7.5 HIGH 9.8 CRITICAL
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
CVE-2014-8739 2 Creative-solutions, Jquery File Upload Project 2 Creative Contact Form, Jquery File Upload 2023-12-10 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVE-2019-18858 1 Codesys 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVE-2016-2031 2 Arubanetworks, Siemens 5 Airwave, Aruba Instant, Arubaos and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
CVE-2019-16444 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-18465 1 Ipswitch 1 Moveit Transfer 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
CVE-2013-6362 1 Xerox 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.