Total
23717 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2228 | 1 Talend | 1 Restlet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | |||||
CVE-2019-16410 | 1 Suricata-ids | 1 Suricata | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. | |||||
CVE-2019-0403 | 1 Sap | 1 Enable Now | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | |||||
CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | |||||
CVE-2012-3807 | 1 Samsung | 1 Kies | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | |||||
CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | |||||
CVE-2019-18858 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. | |||||
CVE-2016-2031 | 2 Arubanetworks, Siemens | 5 Airwave, Aruba Instant, Arubaos and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | |||||
CVE-2019-16444 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
CVE-2019-18465 | 1 Ipswitch | 1 Moveit Transfer | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. | |||||
CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||||
CVE-2019-18322 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2014-2650 | 1 Atos | 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | |||||
CVE-2019-14514 | 1 Microvirt | 1 Memu | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters. | |||||
CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
CVE-2020-7060 | 5 Debian, Opensuse, Oracle and 2 more | 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2023-12-10 | 4.3 MEDIUM | 9.8 CRITICAL |
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | |||||
CVE-2019-11171 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | |||||
CVE-2019-11526 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. | |||||
CVE-2019-5870 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |