Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19115 3 Debian, Keepalived, Redhat 7 Debian Linux, Keepalived, Enterprise Linux Server and 4 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
CVE-2018-18810 1 Tibco 2 Managed File Transfer Command Center, Managed File Transfer Internet Server 2020-08-24 4.0 MEDIUM 9.9 CRITICAL
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0.
CVE-2018-13874 1 Hdfgroup 1 Hdf5 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.
CVE-2018-13876 1 Hdfgroup 1 Hdf5 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.
CVE-2018-13924 1 Qualcomm 112 Ipq8074, Ipq8074 Firmware, Mdm9150 and 109 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
CVE-2018-18748 1 Sandboxie 1 Sandboxie 2020-08-24 10.0 HIGH 10.0 CRITICAL
** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality.
CVE-2018-18602 1 Guardzilla 12 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 9 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVE-2018-14599 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVE-2018-14786 1 Bd 8 Alaris Cc, Alaris Cc Firmware, Alaris Gh and 5 more 2020-08-24 7.5 HIGH 9.4 CRITICAL
Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.
CVE-2019-9217 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
CVE-2019-9218 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).
CVE-2019-9795 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2020-08-24 7.5 HIGH 9.8 CRITICAL
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
CVE-2019-9123 1 D-link 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
CVE-2019-9124 1 D-link 2 Dir-878, Dir-878 Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
CVE-2019-9125 1 D-link 2 Dir-878, Dir-878 Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
CVE-2019-9121 1 Motorola 4 C1, C1 Firmware, M2 and 1 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field.
CVE-2019-9161 1 Xinruidz 2 Sundray Wan Controller, Sundray Wan Controller Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)
CVE-2019-9546 1 Solarwinds 1 Orion Platform 2020-08-24 7.5 HIGH 9.8 CRITICAL
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2019-9960 1 Limesurvey 1 Limesurvey 2020-08-24 7.5 HIGH 9.8 CRITICAL
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
CVE-2019-9653 1 Nuuo 2 Network Video Recorder, Network Video Recorder Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
CVE-2019-9687 2 Fedoraproject, Podofo Project 2 Fedora, Podofo 2020-08-24 7.5 HIGH 9.8 CRITICAL
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
CVE-2019-9901 1 Envoyproxy 1 Envoy 2020-08-24 7.5 HIGH 10.0 CRITICAL
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
CVE-2019-9893 1 Libseccomp Project 1 Libseccomp 2020-08-24 7.5 HIGH 9.8 CRITICAL
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
CVE-2019-9891 1 Tldp 1 Advanced Bash-scripting Guide 2020-08-24 10.0 HIGH 9.8 CRITICAL
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.
CVE-2019-9805 1 Mozilla 1 Firefox 2020-08-24 7.5 HIGH 9.8 CRITICAL
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
CVE-2019-8985 1 Netis-systems 4 Wf2411, Wf2411 Firmware, Wf2880 and 1 more 2020-08-24 9.0 HIGH 9.8 CRITICAL
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
CVE-2019-9485 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVE-2018-1337 1 Apache 1 Directory Ldap Api 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
CVE-2020-24208 1 Online Shopping Alphaware Project 1 Online Shopping Alphaware 2020-08-21 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.
CVE-2020-9233 1 Huawei 1 Fusioncompute 2020-08-21 6.4 MEDIUM 9.1 CRITICAL
FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal.
CVE-2020-12606 1 Dbsoft 1 Sglac 2020-08-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.
CVE-2020-17474 1 Zkteco 3 Facedepot 7b, Facedepot 7b Firmware, Zkbiosecurity Server 2020-08-21 7.5 HIGH 9.8 CRITICAL
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
CVE-2020-15781 1 Siemens 2 Sicam A8000, Sicam A8000 Firmware 2020-08-21 6.8 MEDIUM 9.6 CRITICAL
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
CVE-2020-10055 1 Siemens 2 Desigo Consumption Control, Desigo Consumption Control Compact 2020-08-21 9.3 HIGH 9.8 CRITICAL
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.
CVE-2020-15142 1 Openapi-python-client Project 1 Openapi-python-client 2020-08-20 6.0 MEDIUM 9.0 CRITICAL
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.
CVE-2020-8212 1 Citrix 1 Xenmobile Server 2020-08-20 7.5 HIGH 9.8 CRITICAL
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
CVE-2020-8211 1 Citrix 1 Xenmobile Server 2020-08-20 7.5 HIGH 9.8 CRITICAL
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
CVE-2018-15751 1 Saltstack 1 Salt 2020-08-20 7.5 HIGH 9.8 CRITICAL
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVE-2016-6809 1 Apache 2 Nutch, Tika 2020-08-19 7.5 HIGH 9.8 CRITICAL
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
CVE-2017-8021 1 Dell 1 Elastic Cloud Storage 2020-08-19 10.0 HIGH 9.8 CRITICAL
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.
CVE-2020-17479 1 Json Pattern Validator Project 1 Json Pattern Validator 2020-08-19 7.5 HIGH 9.8 CRITICAL
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
CVE-2019-16374 1 Pega 1 Platform 2020-08-19 7.5 HIGH 9.8 CRITICAL
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
CVE-2017-15982 1 Geniusocean 1 News 2020-08-19 7.5 HIGH 9.8 CRITICAL
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15981 1 Geniusocean 1 Newspaper 2020-08-19 7.5 HIGH 9.8 CRITICAL
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15971 1 Softdatepro 1 Same Date Pro 2020-08-19 7.5 HIGH 9.8 CRITICAL
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2020-5415 1 Pivotal Software 1 Concourse 2020-08-19 6.4 MEDIUM 10.0 CRITICAL
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
CVE-2020-12107 1 Stengg 2 Vpncrypt M10, Vpncrypt M10 Firmware 2020-08-19 7.5 HIGH 9.8 CRITICAL
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
CVE-2019-10197 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2020-08-18 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
CVE-2010-0748 3 Debian, Linux, Transmissionbt 3 Debian Linux, Linux Kernel, Transmission 2020-08-18 7.5 HIGH 9.8 CRITICAL
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
CVE-2007-0899 2 Clamav, Debian 2 Clamav, Debian Linux 2020-08-18 7.5 HIGH 9.8 CRITICAL
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.