Total
23753 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10757 | 1 Knexjs | 1 Knex | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | |||||
CVE-2019-8648 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2019-15609 | 1 Kill-port-process Project | 1 Kill-port-process | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | |||||
CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | |||||
CVE-2014-5091 | 1 Status2k | 1 Status2k | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | |||||
CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | |||||
CVE-2019-1449 | 1 Microsoft | 2 Office, Office 365 Proplus | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | |||||
CVE-2019-3025 | 1 Oracle | 1 Hospitality Res 3700 | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2019-15748 | 1 Sitos | 1 Sitos Six | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code. | |||||
CVE-2019-10789 | 1 Curling Project | 1 Curling | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | |||||
CVE-2019-5161 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. | |||||
CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | |||||
CVE-2015-5626 | 1 Yokogawa | 29 B\/m9000 Vp, B\/m9000 Vp Firmware, B\/m9000cs and 26 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. | |||||
CVE-2019-8600 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution. | |||||
CVE-2013-3492 | 1 Xnview | 1 Xnview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XnView 2.03 has a stack-based buffer overflow vulnerability | |||||
CVE-2019-18324 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2013-5027 | 1 O-dyn | 1 Collabtive | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Collabtive 1.0 has incorrect access control | |||||
CVE-2020-2587 | 1 Oracle | 1 Human Resources | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L). | |||||
CVE-2019-10758 | 1 Mongo-express Project | 1 Mongo-express | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. | |||||
CVE-2019-18835 | 1 Matrix | 1 Synapse | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. |