Total
23703 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13808 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
CVE-2019-11703 | 1 Mozilla | 1 Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | |||||
CVE-2015-1006 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
CVE-2018-11800 | 1 Apache | 1 Fineract | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | |||||
CVE-2019-9820 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
CVE-2019-16224 | 1 Py-lmdb Project | 1 Py-lmdb | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |||||
CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-12272 | 1 Openwrt | 1 Luci | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||||
CVE-2018-7846 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. | |||||
CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
CVE-2019-2130 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132073833. | |||||
CVE-2018-4286 | 1 Apple | 1 Mac Os X | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
CVE-2015-9344 | 1 Perafox | 1 Link Log | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The link-log plugin before 2.1 for WordPress has SQL injection. | |||||
CVE-2019-2279 | 1 Qualcomm | 76 Mdm9150, Mdm9150 Firmware, Mdm9607 and 73 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016 | |||||
CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2023-12-10 | 9.0 HIGH | 9.8 CRITICAL |
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | |||||
CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | |||||
CVE-2019-12525 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1. | |||||
CVE-2019-7765 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-10760 | 1 Seowonintech | 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. | |||||
CVE-2019-2287 | 1 Qualcomm | 84 Mdm9150, Mdm9150 Firmware, Mdm9206 and 81 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |