Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19010 2 Fedoraproject, Limnoria Project 2 Fedora, Limnoria 2020-08-24 7.5 HIGH 9.8 CRITICAL
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-19012 4 Debian, Fedoraproject, Oniguruma Project and 1 more 4 Debian Linux, Fedora, Oniguruma and 1 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
CVE-2019-18933 1 Zulip 1 Zulip Server 2020-08-24 7.5 HIGH 9.8 CRITICAL
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
CVE-2019-18925 1 Systematic 1 Iris Webforms 2020-08-24 7.5 HIGH 9.8 CRITICAL
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
CVE-2019-18889 2 Fedoraproject, Sensiolabs 2 Fedora, Symfony 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
CVE-2019-18852 1 Dlink 14 Dir-600 B1, Dir-600 B1 Firmware, Dir-615 J1 and 11 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
CVE-2019-18802 1 Envoyproxy 1 Envoy 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
CVE-2019-18801 1 Envoyproxy 1 Envoy 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
CVE-2019-18780 3 Linux, Microsoft, Veritas 8 Linux Kernel, Windows, Access and 5 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
CVE-2019-18225 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
CVE-2019-17601 1 Minishare Project 1 Minishare 2020-08-24 7.5 HIGH 9.8 CRITICAL
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.
CVE-2019-17526 1 Sagemath 1 Sagemathcell 2020-08-24 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained.
CVE-2019-17373 1 Netgear 20 Dgn2200, Dgn2200 Firmware, Dgn2200m and 17 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
CVE-2019-17354 1 Zyxel 2 Nbg-418n V2, Nbg-418n V2 Firmware 2020-08-24 7.5 HIGH 9.4 CRITICAL
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
CVE-2019-17216 1 Vzug 2 Combi-stream Mslq, Combi-stream Mslq Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
CVE-2019-17215 1 Vzug 2 Combi-stream Mslq, Combi-stream Mslq Firmware 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
CVE-2019-17212 1 Mbed 1 Mbed 2020-08-24 10.0 HIGH 9.8 CRITICAL
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.
CVE-2019-17059 1 Sophos 2 Cyberoam, Cyberoamos 2020-08-24 10.0 HIGH 9.8 CRITICAL
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVE-2019-16885 1 Okay-cms 1 Okaycms 2020-08-24 7.5 HIGH 9.8 CRITICAL
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.
CVE-2019-16650 1 Supermicro 526 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 523 more 2020-08-24 7.5 HIGH 10.0 CRITICAL
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
CVE-2019-16399 1 Westerndigital 2 Wd My Book, Wd My Book Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
CVE-2019-16273 1 Dten 4 D5, D5 Firmware, D7 and 1 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS.
CVE-2019-16272 1 Dten 4 D5, D5 Firmware, D7 and 1 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
CVE-2019-16257 1 Motorola 2 Motorola, Motorola Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
CVE-2019-16256 1 Samsung 2 Samsung, Samsung Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
CVE-2019-17662 1 Cybelsoft 1 Thinvnc 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
CVE-2019-16192 1 Doccms 1 Doccms 2020-08-24 7.5 HIGH 9.8 CRITICAL
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
CVE-2019-16184 1 Limesurvey 1 Limesurvey 2020-08-24 7.5 HIGH 9.8 CRITICAL
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
CVE-2019-16060 1 Airbrake 1 Airbrake Ruby 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
CVE-2019-15932 1 Intesync 1 Solismed 2020-08-24 7.5 HIGH 9.8 CRITICAL
Intesync Solismed 3.3sp has Incorrect Access Control.
CVE-2019-15846 2 Debian, Exim 2 Debian Linux, Exim 2020-08-24 10.0 HIGH 9.8 CRITICAL
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-1584 1 Zingbox 1 Inspector 2020-08-24 6.8 MEDIUM 9.8 CRITICAL
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
CVE-2019-15823 1 Wpserveur 1 Wps Hide Login 2020-08-24 7.5 HIGH 9.8 CRITICAL
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
CVE-2019-15746 1 Sitos 1 Sitos Six 2020-08-24 10.0 HIGH 9.8 CRITICAL
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
CVE-2019-15741 1 Gitlab 1 Omnibus 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-15657 1 Eslint-utils Project 1 Eslint-utils 2020-08-24 7.5 HIGH 9.8 CRITICAL
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
CVE-2019-15753 1 Openstack 1 Os-vif 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.
CVE-2018-1000059 1 Validformbuilder 1 Validform Builder 2020-08-24 7.5 HIGH 9.8 CRITICAL
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.
CVE-2018-1000300 2 Canonical, Haxx 2 Ubuntu Linux, Curl 2020-08-24 7.5 HIGH 9.8 CRITICAL
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
CVE-2018-1000525 1 Openpsa2 1 Openpsa 2020-08-24 7.5 HIGH 9.8 CRITICAL
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.
CVE-2018-1000544 3 Debian, Redhat, Rubyzip Project 3 Debian Linux, Cloudforms, Rubyzip 2020-08-24 7.5 HIGH 9.8 CRITICAL
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
CVE-2018-1000618 1 Eosio Project 1 Eos 2020-08-24 7.5 HIGH 9.8 CRITICAL
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .
CVE-2018-1000641 1 Yeswiki 1 Yeswiki 2020-08-24 7.5 HIGH 9.8 CRITICAL
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.
CVE-2018-1000851 1 Copay 1 Copay Bitcoin Wallet 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .
CVE-2018-1000884 1 Vestacp 1 Vesta Control Panel 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19.
CVE-2018-10171 1 Kromtech 1 Mackeeper 2020-08-24 10.0 HIGH 9.8 CRITICAL
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.
CVE-2019-15554 1 Servo 1 Smallvec 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
CVE-2018-10698 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
CVE-2018-10771 1 Moinejf 1 Abcm2ps 2020-08-24 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-10718 1 Activision 1 Call Of Duty Modern Warfare 2 2020-08-24 10.0 HIGH 10.0 CRITICAL
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.