Total
23726 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6334 | 1 Hp | 730 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 727 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | |||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
| CVE-2019-19634 | 2 Getk2, Verot Project | 2 K2, Verot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. | |||||
| CVE-2020-8963 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | |||||
| CVE-2019-17542 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | |||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | |||||
| CVE-2019-3766 | 1 Dell | 1 Emc Elastic Cloud Storage | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. | |||||
| CVE-2020-4211 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | |||||
| CVE-2019-17392 | 1 Progress | 1 Sitefinity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | |||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | |||||
| CVE-2019-18418 | 1 Clonos | 1 Clonos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | |||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | |||||
| CVE-2019-19896 | 1 Ixpdata | 1 Easyinstall | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | |||||
| CVE-2007-4773 | 1 Systrace Project | 1 Systrace | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Systrace before 1.6.0 has insufficient escape policy enforcement. | |||||
| CVE-2019-10611 | 1 Qualcomm | 80 Apq8009, Apq8009 Firmware, Apq8017 and 77 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-16722 | 1 Zzzcms | 1 Zzzphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | |||||
| CVE-2014-9753 | 1 Atutor | 1 Atutor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | |||||
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | |||||
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||