Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2019-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2019-18985 | 1 Pimcore | 1 Pimcore | 2019-11-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | |||||
| CVE-2013-4108 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. | |||||
| CVE-2019-17415 | 1 Upredsun | 1 File Sharing Wizard | 2019-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331. | |||||
| CVE-2019-17330 | 1 Tibco | 1 Ebx | 2019-11-18 | 4.3 MEDIUM | 9.6 CRITICAL |
| The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. | |||||
| CVE-2019-16948 | 1 Enghouse | 1 Web Chat | 2019-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not. | |||||
| CVE-2019-18240 | 1 Fujielectric | 1 V-server | 2019-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2018-14403 | 1 Techsmith | 1 Mp4v2 | 2019-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. | |||||
| CVE-2018-14054 | 1 Techsmith | 1 Mp4v2 | 2019-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | |||||
| CVE-2019-17600 | 1 Intelbras | 2 Iwr 1000n, Iwr 1000n Firmware | 2019-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||||
| CVE-2019-18952 | 1 Sibsoft | 1 Xfilesharing | 2019-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2019-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2019-11-15 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | |||||
| CVE-2019-18839 | 1 Fudforum | 1 Fudforum | 2019-11-15 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2019-12719 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2019-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter. | |||||
| CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2019-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | |||||
| CVE-2019-1373 | 1 Microsoft | 1 Exchange Server | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0721 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | |||||
| CVE-2019-0719 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | |||||
| CVE-2019-18425 | 1 Xen | 1 Xen | 2019-11-14 | 9.3 HIGH | 9.8 CRITICAL |
| An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. | |||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
| CVE-2019-18658 | 1 Helm | 1 Helm | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue. | |||||
| CVE-2011-2337 | 1 Google | 1 Blink | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. | |||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||||
| CVE-2018-9556 | 1 Google | 1 Android | 2019-11-13 | 10.0 HIGH | 9.8 CRITICAL |
| In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184. | |||||
| CVE-2011-1460 | 1 Google | 1 Blink | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. | |||||
| CVE-2018-9578 | 1 Google | 1 Android | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928. | |||||
| CVE-2019-17211 | 1 Mbed | 1 Mbed | 2019-11-13 | 10.0 HIGH | 9.8 CRITICAL |
| An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message. | |||||
| CVE-2011-2936 | 1 Elgg | 1 Elgg | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| Elgg through 1.7.10 has a SQL injection vulnerability | |||||
| CVE-2019-7265 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | |||||
| CVE-2018-11091 | 1 Mybiz | 1 Myprocurenet | 2019-11-12 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server. | |||||
| CVE-2019-7274 | 1 Optergy | 2 Enterprise, Proton | 2019-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | |||||
| CVE-2019-7261 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Hard-coded Credentials. | |||||
| CVE-2019-7257 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-11-12 | 7.5 HIGH | 10.0 CRITICAL |
| Linear eMerge E3-Series devices allow Unrestricted File Upload. | |||||
| CVE-2019-18623 | 1 Energycap | 1 Energycap | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. | |||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |||||
| CVE-2007-3915 | 1 Mandriva | 1 Mondo | 2019-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Mondo 2.24 has insecure handling of temporary files. | |||||
| CVE-2008-7291 | 2 Debian, Gri Project | 2 Debian Linux, Gri | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| gri before 2.12.18 generates temporary files in an insecure way. | |||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
| CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2019-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable. | |||||
| CVE-2019-8136 | 1 Magento | 1 Magento | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | |||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | |||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
| CVE-2005-2354 | 1 Nvu | 1 Nvu | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | |||||
| CVE-2006-0061 | 1 Sillycycle | 1 Xlockmore | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | |||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Rbot Reaction plugin allows command execution | |||||
| CVE-2011-1134 | 1 S9y | 1 Serendipity | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | |||||
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||||
| CVE-2019-2249 | 1 Qualcomm | 54 Ipq8074, Ipq8074 Firmware, Mdm9205 and 51 more | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||