Total
23734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3918 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | |||||
CVE-2014-5432 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | |||||
CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | |||||
CVE-2019-7772 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7551 | 1 Cantemo | 1 Portal | 2023-12-10 | 6.0 MEDIUM | 9.0 CRITICAL |
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. | |||||
CVE-2019-14231 | 1 Onionbuzz | 1 Onionbuzz | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. | |||||
CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | |||||
CVE-2018-14528 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Invoxia NVX220 devices allow TELNET access as admin with a default password. | |||||
CVE-2019-11411 | 1 Artifex | 1 Mujs | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. | |||||
CVE-2019-7095 | 2 Adobe, Microsoft | 2 Digital Editions, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-16114 | 1 Atutor | 1 Atutor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php. | |||||
CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
CVE-2019-9895 | 3 Fedoraproject, Opengroup, Putty | 3 Fedora, Unix, Putty | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | |||||
CVE-2019-11460 | 1 Gnome | 1 Gnome-desktop | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
CVE-2019-10664 | 1 Domoticz | 1 Domoticz | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | |||||
CVE-2019-13585 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. | |||||
CVE-2017-12795 | 1 Openmrs | 1 Openmrs-module-htmlformentry | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | |||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
CVE-2019-15824 | 1 Wpserveur | 1 Wps Hide Login | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | |||||
CVE-2018-18472 | 1 Westerndigital | 2 My Book Live, My Book Live Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands, |