Total
23723 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9812 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 5.8 MEDIUM | 9.3 CRITICAL |
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. | |||||
CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||||
CVE-2015-9471 | 1 Digitalzoomstudio | 1 Zoomsounds | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | |||||
CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | |||||
CVE-2019-14004 | 1 Qualcomm | 92 Apq8009, Apq8009 Firmware, Apq8017 and 89 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | |||||
CVE-2020-10189 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. | |||||
CVE-2019-17574 | 1 Code-atlantic | 1 Popup Maker | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file"). | |||||
CVE-2019-10780 | 1 Bibtex-ruby Project | 1 Bibtex-ruby | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | |||||
CVE-2019-11733 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2. | |||||
CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | |||||
CVE-2019-5521 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2023-12-10 | 5.5 MEDIUM | 9.6 CRITICAL |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | |||||
CVE-2020-8657 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | |||||
CVE-2018-7282 | 1 Titool | 1 Printmonitor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. | |||||
CVE-2019-16535 | 1 Yandex | 1 Clickhouse | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | |||||
CVE-2019-16451 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-19502 | 1 Maleck | 1 Image Uploader And Browser For Ckeditor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | |||||
CVE-2019-6334 | 1 Hp | 730 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 727 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | |||||
CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
CVE-2019-19634 | 2 Getk2, Verot Project | 2 K2, Verot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. |