Total
23716 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8612 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2023-12-10 | 6.0 MEDIUM | 9.0 CRITICAL |
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | |||||
CVE-2019-17601 | 1 Minishare Project | 1 Minishare | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued. | |||||
CVE-2019-19919 | 2 Handlebars.js Project, Tenable | 2 Handlebars.js, Tenable.sc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. | |||||
CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
CVE-2019-13025 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. | |||||
CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
CVE-2019-16265 | 1 Codesys | 2 Codesys, Eni Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | |||||
CVE-2019-13581 | 1 Marvell | 2 88w8688, 88w8688 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. | |||||
CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
CVE-2019-15932 | 1 Intesync | 1 Solismed | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Intesync Solismed 3.3sp has Incorrect Access Control. | |||||
CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | |||||
CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Déjà Vu Crescendo Sales CRM has remote SQL Injection | |||||
CVE-2019-17240 | 1 Bludit | 1 Bludit | 2023-12-10 | 4.3 MEDIUM | 9.8 CRITICAL |
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | |||||
CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | |||||
CVE-2019-10500 | 1 Qualcomm | 104 Apq8009, Apq8009 Firmware, Apq8017 and 101 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
CVE-2019-1365 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'. | |||||
CVE-2009-5043 | 2 Burn Project, Debian | 2 Burn, Debian Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
burn allows file names to escape via mishandled quotation marks | |||||
CVE-2013-3941 | 1 Xnview | 1 Xnview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. | |||||
CVE-2019-5138 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. | |||||
CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." |