Total
23715 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8268 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207. | |||||
CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | |||||
CVE-2019-10306 | 1 Jenkins | 1 Ontrack | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | |||||
CVE-2019-5067 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | |||||
CVE-2019-12255 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | |||||
CVE-2007-6762 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. | |||||
CVE-2017-8229 | 1 Amcrest | 2 Ipm-721s, Ipm-721s Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. | |||||
CVE-2019-11766 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | |||||
CVE-2019-3930 | 8 Barco, Blackbox, Crestron and 5 more | 24 Wepresent Wipg-1000p, Wepresent Wipg-1000p Firmware, Wepresent Wipg-1600w and 21 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint. | |||||
CVE-2019-11692 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
CVE-2019-14379 | 7 Apple, Debian, Fasterxml and 4 more | 25 Xcode, Debian Linux, Jackson-databind and 22 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | |||||
CVE-2017-18368 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter. | |||||
CVE-2019-11713 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
CVE-2018-15868 | 1 Chronoscan | 1 Chronoscan | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | |||||
CVE-2019-11944 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2019-15111 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. | |||||
CVE-2019-11523 | 1 Anviz | 2 M3, M3 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). | |||||
CVE-2018-20218 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form. | |||||
CVE-2019-16239 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | |||||
CVE-2019-2309 | 1 Qualcomm | 48 Mdm9150, Mdm9150 Firmware, Mdm9206 and 45 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20 |