Total
23733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10992 | 1 Hp | 1 Storage Essentials | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. | |||||
CVE-2019-15940 | 1 Govicture | 2 Pc530, Pc530 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Victure PC530 devices allow unauthenticated TELNET access as root. | |||||
CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||||
CVE-2020-3718 | 1 Magento | 1 Magento | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
CVE-2019-10458 | 1 Jenkins | 1 Puppet Enterprise Pipeline | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | |||||
CVE-2020-9758 | 1 Livezilla | 1 Livezilla | 2023-12-10 | 4.3 MEDIUM | 9.6 CRITICAL |
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. | |||||
CVE-2019-6188 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | |||||
CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | |||||
CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | |||||
CVE-2019-5080 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
CVE-2014-4967 | 1 Redhat | 1 Ansible | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
CVE-2019-16462 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-3752 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-19950 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | |||||
CVE-2011-4943 | 1 Impresspages | 1 Impresspages Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) | |||||
CVE-2013-7171 | 1 Slackware | 1 Slackware Linux | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. | |||||
CVE-2020-6760 | 1 Schmid-telecom | 2 Zi 620 V400, Zi 620 V400 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | |||||
CVE-2019-10765 | 1 Iobroker | 1 Iobroker.admin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory. | |||||
CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. |