Total
23885 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19010 | 2 Fedoraproject, Limnoria Project | 2 Fedora, Limnoria | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | |||||
CVE-2018-8879 | 1 Asus | 2 Rt-ac66u, Rt-ac66u Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. | |||||
CVE-2019-18225 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. | |||||
CVE-2019-14892 | 3 Apache, Fasterxml, Redhat | 8 Geode, Jackson-databind, Decision Manager and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | |||||
CVE-2019-7192 | 1 Qnap | 2 Photo Station, Qts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. | |||||
CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 10 Fedora, Openslp, Enterprise Linux Desktop and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | |||||
CVE-2019-1373 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||||
CVE-2011-3584 | 1 Guidestar | 1 Wec Discussion Forum | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | |||||
CVE-2020-7048 | 1 Webfactoryltd | 1 Wp Database Reset | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. | |||||
CVE-2020-10108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | |||||
CVE-2019-17552 | 1 Idreamsoft | 1 Icms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | |||||
CVE-2020-8656 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | |||||
CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | |||||
CVE-2019-8161 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-5128 | 1 Youphptube | 1 Youphptube Encoder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. | |||||
CVE-2019-5093 | 1 Leadtools | 1 Leadtools | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. | |||||
CVE-2019-9365 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537 | |||||
CVE-2019-7290 | 1 Apple | 1 Shortcuts | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
CVE-2019-13560 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | |||||
CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). |