Vulnerabilities (CVE)

Total 23576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1372 1 Microsoft 1 Azure App Service On Azure Stack 2023-12-10 10.0 HIGH 10.0 CRITICAL
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.
CVE-2019-14016 1 Qualcomm 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130
CVE-2020-4207 2 Ibm, Linux 3 Iot Messagesight, Watson Iot Platform - Message Gateway, Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.
CVE-2019-17266 2 Canonical, Gnome 2 Ubuntu Linux, Libsoup 2023-12-10 7.5 HIGH 9.8 CRITICAL
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVE-2019-15913 1 Mi 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.
CVE-2019-16463 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2013-2018 1 Berkeley 1 Boinc 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-8613 1 Apple 3 Iphone Os, Tvos, Watchos 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8255 4 Adobe, Apple, Linux and 1 more 4 Brackets, Mac Os X, Linux Kernel and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-10109 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
CVE-2016-4401 1 Arubanetworks 1 Clearpass 2023-12-10 10.0 HIGH 9.8 CRITICAL
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
CVE-2019-18325 1 Siemens 1 Sppa-t3000 Ms3000 Migration Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2012-6094 2 Apple, Debian 2 Cups, Debian Linux 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
CVE-2013-4462 1 Portable Phpmyadmin Project 1 Portable Phpmyadmin 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability
CVE-2011-2523 2 Debian, Vsftpd Project 2 Debian Linux, Vsftpd 2023-12-10 10.0 HIGH 9.8 CRITICAL
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVE-2019-20361 1 Icegram 1 Email Subscribers \& Newsletters 2023-12-10 7.5 HIGH 9.8 CRITICAL
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVE-2019-16464 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-5613 1 Freebsd 1 Freebsd 2023-12-10 7.5 HIGH 9.8 CRITICAL
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
CVE-2019-10784 1 Phppgadmin Project 1 Phppgadmin 2023-12-10 9.3 HIGH 9.6 CRITICAL
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.
CVE-2019-10612 1 Qualcomm 34 Mdm9205, Mdm9205 Firmware, Mdm9650 and 31 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130