Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16140 | 1 Isahc Project | 1 Isahc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | |||||
CVE-2019-9884 | 1 Eclass | 1 Eclass Ip | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | |||||
CVE-2019-12771 | 1 Thinstation Project | 1 Thinstation | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring. | |||||
CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | |||||
CVE-2019-9885 | 1 Eclass | 1 Eclass Ip | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. | |||||
CVE-2019-10149 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |||||
CVE-2018-17179 | 1 Open-emr | 1 Openemr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. | |||||
CVE-2019-15088 | 1 Prise | 1 Adas | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. | |||||
CVE-2018-19442 | 1 Neatorobotics | 2 Botvac Connected, Botvac Connected Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443). | |||||
CVE-2019-11535 | 1 Linksys | 4 Re6300, Re6300 Firmware, Re6400 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. | |||||
CVE-2018-19971 | 1 Jfrog | 1 Artifactory | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | |||||
CVE-2019-14537 | 1 Yourls | 1 Yourls | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | |||||
CVE-2019-1010298 | 1 Linaro | 1 Op-tee | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
CVE-2019-3935 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. | |||||
CVE-2019-1010161 | 1 Perl-crypt-jwt Project | 1 Perl-crypt-jwt | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023. | |||||
CVE-2019-7763 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-16642 | 1 Yejiao | 1 Tuzicms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. | |||||
CVE-2019-10708 | 1 S-cms | 1 S-cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
CVE-2017-12758 | 1 Joomlaextensions | 1 Component Appointment | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component. | |||||
CVE-2019-15567 | 1 Openforis | 1 Arena | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. |