Total
23734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20979 | 1 Rocklobster | 1 Contact Form 7 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | |||||
| CVE-2019-11208 | 1 Tibco | 1 Api Exchange Gateway | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions. | |||||
| CVE-2019-10979 | 1 Sick | 2 Msc800, Msc800 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | |||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||||
| CVE-2019-16190 | 1 Dlink | 6 Dir-868l, Dir-868l Firmware, Dir-885l and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | |||||
| CVE-2019-8017 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2019-5420 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | |||||
| CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | |||||
| CVE-2018-17374 | 1 Thephpfactory | 1 Auction Factory | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2019-6168 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | |||||
| CVE-2019-3925 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | |||||
| CVE-2019-15780 | 1 Strategy11 | 1 Formidable Form Builder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | |||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | |||||
| CVE-2019-15052 | 1 Gradle | 1 Gradle | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. | |||||
| CVE-2019-7973 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-10069 | 1 Godotengine | 1 Godot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. | |||||
| CVE-2019-7260 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | |||||
| CVE-2019-2047 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414 | |||||
| CVE-2018-21000 | 1 Safe-transmute Project | 1 Safe-transmute | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. | |||||
| CVE-2019-9870 | 1 Oembed Project | 1 Oembed | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |||||