Total
23732 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16699 | 1 Sr Freecap Project | 1 Sr Freecap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution. | |||||
CVE-2019-1353 | 2 Git-scm, Opensuse | 2 Git, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | |||||
CVE-2013-6236 | 1 Izoncam | 2 Izon Ip, Izon Ip Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
IZON IP 2.0.2: hard-coded password vulnerability | |||||
CVE-2011-2715 | 1 Drupal | 2 Data, Drupal | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | |||||
CVE-2018-0729 | 1 Qnap | 2 Music Station, Qts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | |||||
CVE-2019-8206 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-18374 | 1 Broadcom | 1 Symantec Critical System Protection | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | |||||
CVE-2019-19907 | 1 Kopano | 1 Groupware Core | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. | |||||
CVE-2019-17571 | 6 Apache, Canonical, Debian and 3 more | 17 Bookkeeper, Log4j, Ubuntu Linux and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | |||||
CVE-2020-9757 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | |||||
CVE-2019-12204 | 1 Silverstripe | 1 Silverstripe | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | |||||
CVE-2019-10590 | 1 Qualcomm | 94 Apq8009, Apq8009 Firmware, Apq8017 and 91 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-10781 | 1 Schema-inspector Project | 1 Schema-inspector | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | |||||
CVE-2020-4222 | 1 Ibm | 1 Spectrum Protect | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. | |||||
CVE-2019-10759 | 1 Safer-eval Project | 1 Safer-eval | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |||||
CVE-2019-17354 | 1 Zyxel | 2 Nbg-418n V2, Nbg-418n V2 Firmware | 2023-12-10 | 7.5 HIGH | 9.4 CRITICAL |
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | |||||
CVE-2020-3754 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2013-5122 | 1 Cisco | 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access |