Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | |||||
| CVE-2014-2727 | 1 Trustwave | 1 Mailmarshal | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | |||||
| CVE-2020-6841 | 1 D-link | 2 Dch-m225, Dch-m225 Firmware | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | |||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | |||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2020-02-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||||
| CVE-2020-3765 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-8990 | 1 Western Digital | 2 Ibi, My Cloud Home | 2020-02-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | |||||
| CVE-2014-3622 | 1 Php | 1 Php | 2020-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | |||||
| CVE-2015-8972 | 1 Gnu | 1 Chess | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | |||||
| CVE-2018-12848 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-5070 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12755 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12754 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5069 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-11574 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. | |||||
| CVE-2020-8129 | 1 Script-manager Project | 1 Script-manager | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | |||||
| CVE-2013-3323 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2020-02-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | |||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | |||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2020-02-21 | 10.0 HIGH | 9.8 CRITICAL |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | |||||
| CVE-2013-4454 | 1 Getbutterfly | 1 Portable-phpmyadmin | 2020-02-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | |||||
| CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | |||||
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | |||||
| CVE-2013-2018 | 1 Berkeley | 1 Boinc | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7098 | 1 Infradead | 1 Openconnect | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | |||||
| CVE-2020-9021 | 1 Postoaktraffic | 2 Awam Bluetooth Field Device, Awam Bluetooth Field Device Firmware | 2020-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | |||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | |||||
| CVE-2020-1693 | 1 Redhat | 1 Spacewalk | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. | |||||
| CVE-2013-7173 | 1 Belkin | 2 N750, N750 Firmware | 2020-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin n750 routers have a buffer overflow. | |||||
| CVE-2014-9614 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | |||||
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2014-9613 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | |||||
| CVE-2014-9612 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | |||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2020-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | |||||
| CVE-2014-2595 | 1 Barracuda | 1 Web Application Firewall | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | |||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2020-02-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |||||
| CVE-2020-8612 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2020-02-20 | 6.0 MEDIUM | 9.0 CRITICAL |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | |||||
| CVE-2018-5986 | 1 Easycarscript | 1 Easycarscript | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. | |||||
| CVE-2018-6180 | 1 Themashabrand | 1 Online Voting Platform | 2020-02-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | |||||
| CVE-2014-3919 | 1 Netgear | 2 Cg3100, Cg3100 Firmware | 2020-02-19 | 4.3 MEDIUM | 9.3 CRITICAL |
| A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | |||||
| CVE-2014-4170 | 1 Freereprintables | 1 Articlefr | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | |||||
| CVE-2014-4198 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2020-02-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | |||||
| CVE-2020-9020 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | |||||
| CVE-2020-9026 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. | |||||
| CVE-2020-9027 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. | |||||
| CVE-2020-8803 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | |||||
| CVE-2020-8802 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||||
| CVE-2013-1401 | 1 Cardozatechnologies | 1 Wordpress Poll | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | |||||
| CVE-2013-1400 | 1 Cardozatechnologies | 1 Wordpress Poll | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | |||||