Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5649 | 1 Netgear | 4 Dgn2200, Dgn2200 Firmware, Dgnd3700 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. | |||||
| CVE-2016-1579 | 1 Canonical | 1 Ubuntu Download Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user. | |||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | |||||
| CVE-2016-10553 | 1 Sequelizejs | 1 Sequelize | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier. | |||||
| CVE-2016-10554 | 1 Sequelizejs | 1 Sequelize | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping. | |||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | |||||
| CVE-2016-10546 | 1 Pouchdb | 1 Pouchdb | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. | |||||
| CVE-2016-10551 | 1 Balderdash | 1 Waterline-sequel | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database. | |||||
| CVE-2016-10550 | 1 Sequelizejs | 1 Sequelize | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier. | |||||
| CVE-2016-10329 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | |||||
| CVE-2015-9235 | 1 Auth0 | 1 Jsonwebtoken | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | |||||
| CVE-2015-5297 | 1 Pixman | 1 Pixman | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. | |||||
| CVE-2015-3956 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2015-3954 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2015-3953 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2015-1006 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2014-9189 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9187 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-5433 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | |||||
| CVE-2014-5401 | 1 Hospira | 1 Mednet | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1. | |||||
| CVE-2014-5432 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | |||||
| CVE-2014-5434 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | |||||
| CVE-2014-5435 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-0593 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server. | |||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | |||||
| CVE-2011-3145 | 1 Mount.ecrpytfs Private Project | 1 Mount.ecrpytfs Private | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. | |||||
| CVE-2019-17269 | 1 Intelliantech | 1 Remote Access | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. | |||||
| CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | |||||
| CVE-2019-15748 | 1 Sitos | 1 Sitos Six | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code. | |||||
| CVE-2019-15751 | 1 Sitos | 1 Sitos Six | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application. | |||||
| CVE-2016-10764 | 1 Linux | 1 Linux Kernel | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | |||||
| CVE-2015-9452 | 1 Nex-forms - Ultimate Form Builder Project | 1 Nex-forms - Ultimate Form Builder | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | |||||
| CVE-2015-9451 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | |||||
| CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||||
| CVE-2019-10750 | 1 Deeply Project | 1 Deeply | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | |||||
| CVE-2019-17197 | 1 Open-emr | 1 Openemr | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | |||||
| CVE-2018-10238 | 1 Bacnet Protocol Stack Project | 1 Bacnet Protocol Stack | 2019-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6. | |||||
| CVE-2019-4013 | 1 Ibm | 1 Bigfix Platform | 2019-10-07 | 9.0 HIGH | 9.9 CRITICAL |
| IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887. | |||||
| CVE-2019-17040 | 1 Rsyslog | 1 Rsyslog | 2019-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. | |||||
| CVE-2019-16941 | 1 Nsa | 1 Ghidra | 2019-10-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call). | |||||
| CVE-2019-15940 | 1 Govicture | 2 Pc530, Pc530 Firmware | 2019-10-04 | 10.0 HIGH | 9.8 CRITICAL |
| Victure PC530 devices allow unauthenticated TELNET access as root. | |||||
| CVE-2019-16932 | 1 Themeisle | 1 Visualizer | 2019-10-04 | 5.8 MEDIUM | 10.0 CRITICAL |
| A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. | |||||
| CVE-2016-10722 | 1 Partclone Project | 1 Partclone | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | |||||
| CVE-2019-16676 | 1 Plataformatec | 1 Simple Form | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. | |||||
| CVE-2019-13957 | 1 Umbraco | 1 Umbraco | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | |||||
| CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | |||||
| CVE-2019-2294 | 1 Qualcomm | 94 Mdm9205, Mdm9205 Firmware, Mdm9206 and 91 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-7251 | 1 Anchorcms | 1 Anchor | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. | |||||