Total
23717 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16278 | 1 Nazgul | 1 Nostromo Nhttpd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | |||||
CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||||
CVE-2013-1400 | 1 Cardozatechnologies | 1 Wordpress Poll | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | |||||
CVE-2020-3742 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2017-10992 | 1 Hp | 1 Storage Essentials | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. | |||||
CVE-2019-15940 | 1 Govicture | 2 Pc530, Pc530 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Victure PC530 devices allow unauthenticated TELNET access as root. | |||||
CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||||
CVE-2020-3718 | 1 Magento | 1 Magento | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
CVE-2019-10458 | 1 Jenkins | 1 Puppet Enterprise Pipeline | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | |||||
CVE-2020-9758 | 1 Livezilla | 1 Livezilla | 2023-12-10 | 4.3 MEDIUM | 9.6 CRITICAL |
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. | |||||
CVE-2019-6188 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | |||||
CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | |||||
CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | |||||
CVE-2019-5080 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
CVE-2014-4967 | 1 Redhat | 1 Ansible | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
CVE-2019-16462 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-3752 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-19950 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | |||||
CVE-2011-4943 | 1 Impresspages | 1 Impresspages Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) |