Vulnerabilities (CVE)

Total 23576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16444 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-18465 1 Ipswitch 1 Moveit Transfer 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
CVE-2013-6362 1 Xerox 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
CVE-2019-18322 1 Siemens 1 Sppa-t3000 Ms3000 Migration Server 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2014-2650 1 Atos 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
CVE-2019-14514 1 Microvirt 1 Memu 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.
CVE-2011-2897 3 Debian, Gnome, Redhat 3 Debian Linux, Gdk-pixbuf, Enterprise Linux 2023-12-10 7.5 HIGH 9.8 CRITICAL
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVE-2020-7060 5 Debian, Opensuse, Oracle and 2 more 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2013-2681 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2023-12-10 4.3 MEDIUM 9.8 CRITICAL
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
CVE-2019-11171 1 Intel 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.
CVE-2019-11526 1 Softing 2 Uagate Si, Uagate Si Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
CVE-2019-5870 1 Google 1 Chrome 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2019-17195 3 Apache, Connect2id, Oracle 15 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 12 more 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-8169 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-11325 1 Sensiolabs 1 Symfony 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-19735 1 Mfscripts 1 Yetishare 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
CVE-2020-3743 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-1947 1 Apache 1 Shardingsphere 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
CVE-2015-2784 1 Papercrop Project 1 Papercrop 2023-12-10 7.5 HIGH 9.8 CRITICAL
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.
CVE-2016-2360 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.