Total
23790 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15064 | 1 Hinet | 2 Gpon, Gpon Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | |||||
CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||||
CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||
CVE-2019-10807 | 1 Blamer Project | 1 Blamer | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. | |||||
CVE-2019-8136 | 1 Magento | 1 Magento | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | |||||
CVE-2020-8768 | 1 Phoenixcontact | 4 Ilc 2050 Bi, Ilc 2050 Bi-l, Ilc 2050 Bi-l Firmware and 1 more | 2023-12-10 | 7.5 HIGH | 9.4 CRITICAL |
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. | |||||
CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
CVE-2019-2324 | 1 Qualcomm | 66 Mdm9150, Mdm9150 Firmware, Mdm9206 and 63 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 | |||||
CVE-2014-2072 | 1 3ds | 1 Catia | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | |||||
CVE-2019-18326 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2014-1860 | 1 Contao | 1 Contao Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | |||||
CVE-2019-3989 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | |||||
CVE-2019-16454 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-8012 | 1 Broadcom | 1 Unified Infrastructure Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | |||||
CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | |||||
CVE-2020-5253 | 1 Nethack | 1 Nethack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | |||||
CVE-2006-3100 | 1 Termpkg Project | 1 Termpkg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
termpkg 3.3 suffers from buffer overflow. | |||||
CVE-2020-6835 | 1 Bftpd Project | 1 Bftpd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. | |||||
CVE-2019-10762 | 1 Medoo | 1 Medoo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | |||||
CVE-2020-5203 | 1 Fatfreeframework | 1 Fat-free Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. |