Total
23703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11035 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. | |||||
| CVE-2019-7263 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have a Version Control Failure. | |||||
| CVE-2019-11018 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | |||||
| CVE-2019-3888 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | |||||
| CVE-2018-20356 | 1 Cesanta | 1 Mongoose | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2019-6695 | 1 Fortinet | 1 Fortimanager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | |||||
| CVE-2018-11425 | 1 Moxa | 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424. | |||||
| CVE-2019-7975 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-14236 | 1 St | 12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | |||||
| CVE-2019-14968 | 1 Txjia | 1 Imcat | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | |||||
| CVE-2019-7124 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2015-9316 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. | |||||
| CVE-2019-7080 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2019-11565 | 1 Print My Blog Project | 1 Print My Blog | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | |||||
| CVE-2019-12042 | 1 Pandasecurity | 6 Panda Antivirus, Panda Antivirus Pro, Panda Dome and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. | |||||
| CVE-2019-7807 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-8280 | 1 Uvnc | 1 Ultravnc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. | |||||
| CVE-2018-11949 | 1 Qualcomm | 54 Mdm9150, Mdm9150 Firmware, Mdm9206 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2019-14532 | 2 Fedoraproject, Sleuthkit | 2 Fedora, The Sleuth Kit | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. | |||||
| CVE-2018-20995 | 1 Slice-deque Project | 1 Slice-deque | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. | |||||