Total
23862 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | |||||
CVE-2019-17382 | 1 Zabbix | 1 Zabbix | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. | |||||
CVE-2019-16656 | 1 Joyplus Project | 1 Joyplus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | |||||
CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | |||||
CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
CVE-2011-5331 | 1 Distributed Ruby Project | 1 Distributed Ruby | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. | |||||
CVE-2013-2571 | 1 Hcomm | 1 Xpient Iris | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | |||||
CVE-2019-19949 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | |||||
CVE-2019-10587 | 1 Qualcomm | 106 Apq8009, Apq8009 Firmware, Apq8017 and 103 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
CVE-2019-10533 | 1 Qualcomm | 78 Mdm9206, Mdm9206 Firmware, Mdm9607 and 75 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | |||||
CVE-2019-13652 | 1 Tp-link | 2 M7350, M7350 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | |||||
CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | |||||
CVE-2019-16644 | 1 Tuzicms | 1 Tuzicms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | |||||
CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2020-8087 | 1 Smc | 2 D3g0804w, D3g0804w Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. | |||||
CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
CVE-2019-10760 | 1 Safer-eval Project | 1 Safer-eval | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |||||
CVE-2019-14045 | 1 Qualcomm | 10 Apq8096au, Apq8096au Firmware, Qcs605 and 7 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130 | |||||
CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. |