Vulnerabilities (CVE)

Total 23574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12530 1 Glpi Dashboard Project 1 Glpi Dashboard 2023-12-10 7.5 HIGH 9.8 CRITICAL
Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.
CVE-2019-13020 1 Trms 1 Tightrope Media Carousel 2023-12-10 6.4 MEDIUM 10.0 CRITICAL
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.
CVE-2019-14529 1 Open-emr 1 Openemr 2023-12-10 7.5 HIGH 9.8 CRITICAL
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
CVE-2019-10137 1 Redhat 2 Satellite, Spacewalk 2023-12-10 7.5 HIGH 9.8 CRITICAL
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
CVE-2019-16261 1 Tripplite 2 Pdumh15at, Pdumh15at Firmware 2023-12-10 8.5 HIGH 9.1 CRITICAL
Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.
CVE-2019-12241 1 Carts.guru 1 Carts Guru 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
CVE-2019-1010178 1 Modx 1 Fred 2023-12-10 7.5 HIGH 9.8 CRITICAL
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.
CVE-2019-14230 1 Onionbuzz 1 Onionbuzz 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
CVE-2019-14363 1 Netgear 2 Wndr3400v3, Wndr3400v3 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
CVE-2011-3145 1 Mount.ecrpytfs Private Project 1 Mount.ecrpytfs Private 2023-12-10 7.5 HIGH 9.8 CRITICAL
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
CVE-2016-10972 1 Tagdiv 1 Newspaper 2023-12-10 7.5 HIGH 9.8 CRITICAL
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CVE-2019-5434 1 Revive-sas 1 Revive Adserver 2023-12-10 7.5 HIGH 9.8 CRITICAL
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.
CVE-2017-8404 1 Dlink 2 Dcs-1130, Dcs-1130 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.
CVE-2019-7321 1 Artifex 1 Mupdf 2023-12-10 7.5 HIGH 9.8 CRITICAL
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
CVE-2019-6140 1 Forcepoint 1 Email Security 2023-12-10 7.5 HIGH 9.8 CRITICAL
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
CVE-2019-9677 1 Dahuasecurity 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
CVE-2019-10866 1 10web 1 Form Maker 2023-12-10 7.5 HIGH 9.8 CRITICAL
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVE-2019-1010234 1 Linuxfoundation 1 Open Network Operating System 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.
CVE-2019-15505 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-12-10 10.0 HIGH 9.8 CRITICAL
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2019-14746 1 Kuaifan 1 Kuaifancms 2023-12-10 7.5 HIGH 9.8 CRITICAL
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.