Total
23733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11403 | 1 Gradle | 2 Build Cache Node, Enterprise | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. | |||||
CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2023-12-10 | 5.8 MEDIUM | 9.3 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. | |||||
CVE-2019-1010306 | 1 Teller | 1 Slanger | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3. | |||||
CVE-2019-1010176 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0. | |||||
CVE-2019-7834 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | |||||
CVE-2019-4013 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. | |||||
CVE-2019-7054 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2019-5597 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. | |||||
CVE-2019-7050 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2012-6712 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |||||
CVE-2019-11035 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. | |||||
CVE-2019-7263 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Linear eMerge E3-Series devices have a Version Control Failure. | |||||
CVE-2019-11018 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | |||||
CVE-2019-3888 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | |||||
CVE-2018-20356 | 1 Cesanta | 1 Mongoose | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
CVE-2019-6695 | 1 Fortinet | 1 Fortimanager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | |||||
CVE-2018-11425 | 1 Moxa | 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424. | |||||
CVE-2019-7975 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-14236 | 1 St | 12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. |