Total
23733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15825 | 1 Wpserveur | 1 Wps Hide Login | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | |||||
| CVE-2019-14709 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
| CVE-2016-10922 | 1 Visser | 1 Store Toolkit For Woocommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2023-12-10 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-10750 | 1 Deeply Project | 1 Deeply | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | |||||
| CVE-2015-5297 | 1 Pixman | 1 Pixman | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. | |||||
| CVE-2019-13598 | 1 Getvera | 2 Vera Edge, Vera Edge Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. | |||||
| CVE-2019-2256 | 1 Qualcomm | 70 Mdm9650, Mdm9650 Firmware, Msm8909w and 67 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-7992 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-11887 | 1 Simplybook | 1 Simplybook | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
| CVE-2019-0192 | 2 Apache, Netapp | 2 Solr, Storage Automation Store | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | |||||
| CVE-2019-8030 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2017-5210 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | |||||
| CVE-2019-1010039 | 1 Ulaunchelf Project | 1 Ulaunchelf | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line. | |||||
| CVE-2019-9748 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
| In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products." | |||||
| CVE-2019-12723 | 1 Teclib-edition | 1 Fields | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | |||||
| CVE-2019-13507 | 1 Hidea | 1 Az Admin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. | |||||
| CVE-2018-20162 | 1 Digi | 2 Transport Lr54, Transport Lr54 Firmware | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
| Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | |||||