Search
Total
753 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8120 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2018-6835 | 1 Etherpad | 1 Etherpad | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2017-10700 | 1 Qnap | 1 Qts | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |||||
| CVE-2017-8129 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8128 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8126 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8124 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-16935 | 1 Ametys | 1 Ametys | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request. | |||||
| CVE-2018-7739 | 1 Antsle | 1 Antman | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation. | |||||
| CVE-2017-8123 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8122 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8117 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-8119 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2018-17472 | 4 Apple, Debian, Google and 1 more | 6 Iphone Os, Debian Linux, Chrome and 3 more | 2019-10-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. | |||||
| CVE-2017-11402 | 1 Belden | 2 Tofino Xenon Security Appliance, Tofino Xenon Security Appliance Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift. | |||||
| CVE-2017-11771 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | |||||
| CVE-2019-10538 | 1 Qualcomm | 54 Msm8909w, Msm8909w Firmware, Msm8996au and 51 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24 | |||||
| CVE-2018-7784 | 1 Schneider-electric | 1 U.motion | 2019-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. | |||||
| CVE-2018-7081 | 1 Arubanetworks | 1 Arubaos | 2019-09-16 | 9.3 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. | |||||
| CVE-2019-16142 | 1 Renderdocs-rs Project | 1 Renderdocs-rs | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. | |||||
| CVE-2019-9850 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-9851 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2018-14671 | 1 Yandex | 1 Clickhouse | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | |||||
| CVE-2013-7483 | 1 Hbwsl | 1 Slidedeck 2 | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. | |||||
| CVE-2016-10930 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number. | |||||
| CVE-2015-9351 | 1 Slickremix | 1 Feed Them Social | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. | |||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | |||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | |||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | |||||
| CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | |||||
| CVE-2017-18580 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2019-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | |||||
| CVE-2019-7959 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-20973 | 1 Codeermeneer | 1 Companion Auto Update | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. | |||||
| CVE-2019-14771 | 1 Backdropcms | 1 Backdrop Cms | 2019-08-19 | 9.3 HIGH | 9.8 CRITICAL |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) | |||||
| CVE-2019-11714 | 1 Mozilla | 1 Firefox | 2019-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-11708 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-08-15 | 10.0 HIGH | 10.0 CRITICAL |
| Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. | |||||
| CVE-2017-12611 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | |||||
| CVE-2016-4438 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | |||||
| CVE-2016-3087 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | |||||
| CVE-2016-10858 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.3 HIGH | 9.8 CRITICAL |
| cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | |||||
| CVE-2018-11773 | 1 Apache | 1 Virtual Computing Lab | 2019-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2016-10824 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.3 HIGH | 9.8 CRITICAL |
| cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||||
| CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | |||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | |||||
| CVE-2016-1291 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 9.3 HIGH | 9.8 CRITICAL |
| Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | |||||
| CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | |||||
| CVE-2019-1072 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1109 | 1 Microsoft | 2 Office, Office 365 | 2019-07-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. | |||||
| CVE-2018-11686 | 1 Flowpaper | 1 Flexpaper | 2019-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. | |||||
| CVE-2018-20813 | 1 Pulsesecure | 1 Pulse Connect Secure | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | |||||