Vulnerabilities (CVE)

Total 23573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12994 1 Zohocorp 1 Manageengine Assetexplorer 2023-12-10 6.5 MEDIUM 9.1 CRITICAL
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
CVE-2019-8069 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2017-14199 1 Zephyrproject 1 Zephyr 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
CVE-2015-9352 1 Wp-polls Project 1 Wp-polls 2023-12-10 7.5 HIGH 9.8 CRITICAL
The wp-polls plugin before 2.72 for WordPress has SQL injection.
CVE-2019-7257 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2023-12-10 7.5 HIGH 10.0 CRITICAL
Linear eMerge E3-Series devices allow Unrestricted File Upload.
CVE-2016-10887 1 Tipsandtricks-hq 1 All In One Wp Security \& Firewall 2023-12-10 7.5 HIGH 9.8 CRITICAL
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVE-2019-15319 1 Optiontree Project 1 Optiontree 2023-12-10 7.5 HIGH 9.8 CRITICAL
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
CVE-2014-5401 1 Hospira 1 Mednet 2023-12-10 10.0 HIGH 9.8 CRITICAL
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
CVE-2015-9323 1 Duckdev 1 404 To 301 2023-12-10 7.5 HIGH 9.8 CRITICAL
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVE-2016-10942 1 Podlove 1 Podlove Podcast Publisher 2023-12-10 7.5 HIGH 9.8 CRITICAL
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
CVE-2019-8009 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-11185 1 3cx 1 Live Chat 2023-12-10 7.5 HIGH 9.8 CRITICAL
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.
CVE-2018-12178 1 Tianocore 1 Edk Ii 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
CVE-2019-8981 1 Axtls Project 1 Axtls 2023-12-10 7.5 HIGH 9.8 CRITICAL
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
CVE-2019-11580 1 Atlassian 1 Crowd 2023-12-10 7.5 HIGH 9.8 CRITICAL
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
CVE-2019-11652 1 Microfocus 1 Netiq Self Service Password Reset 2023-12-10 7.5 HIGH 9.8 CRITICAL
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
CVE-2018-6634 3 Canonical, Microsoft, Parsecgaming 3 Ubuntu Linux, Windows, Parsec 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
CVE-2019-7998 3 Adobe, Apple, Microsoft 3 Photoshop Cc, Macos, Windows 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-10053 1 Suricata-ids 1 Suricata 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
CVE-2019-3932 1 Crestron 4 Am-100, Am-100 Firmware, Am-101 and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.