Total
23576 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1372 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'. | |||||
CVE-2019-14016 | 1 Qualcomm | 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 | |||||
CVE-2020-4207 | 2 Ibm, Linux | 3 Iot Messagesight, Watson Iot Platform - Message Gateway, Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. | |||||
CVE-2019-17266 | 2 Canonical, Gnome | 2 Ubuntu Linux, Libsoup | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. | |||||
CVE-2019-15913 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages. | |||||
CVE-2019-16463 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2013-2018 | 1 Berkeley | 1 Boinc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2019-8613 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2019-8255 | 4 Adobe, Apple, Linux and 1 more | 4 Brackets, Mac Os X, Linux Kernel and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-10109 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | |||||
CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
CVE-2019-18325 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | |||||
CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |||||
CVE-2011-2523 | 2 Debian, Vsftpd Project | 2 Debian Linux, Vsftpd | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | |||||
CVE-2019-20361 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | |||||
CVE-2019-16464 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-5613 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. | |||||
CVE-2019-10784 | 1 Phppgadmin Project | 1 Phppgadmin | 2023-12-10 | 9.3 HIGH | 9.6 CRITICAL |
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. | |||||
CVE-2019-10612 | 1 Qualcomm | 34 Mdm9205, Mdm9205 Firmware, Mdm9650 and 31 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |