Total
23887 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13560 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | |||||
CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | |||||
CVE-2019-11234 | 4 Canonical, Fedoraproject, Freeradius and 1 more | 4 Ubuntu Linux, Fedora, Freeradius and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | |||||
CVE-2019-10991 | 1 Advantech | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-13352 | 1 Wolfvision | 1 Cynap | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access. | |||||
CVE-2019-7051 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | |||||
CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | |||||
CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | |||||
CVE-2019-8274 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. | |||||
CVE-2018-11779 | 1 Apache | 1 Storm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | |||||
CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | |||||
CVE-2018-15519 | 1 Lexmark | 64 6500, 6500 Firmware, Cx310 and 61 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Various Lexmark devices have a Buffer Overflow (issue 1 of 2). | |||||
CVE-2018-4023 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. | |||||
CVE-2019-5347 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2019-10063 | 1 Flatpak | 1 Flatpak | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI. | |||||
CVE-2018-19466 | 1 Portainer | 1 Portainer | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | |||||
CVE-2019-10661 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | |||||
CVE-2019-12450 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | |||||
CVE-2019-16192 | 1 Doccms | 1 Doccms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. |