Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8932 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2019-10-03 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. | |||||
| CVE-2018-8933 | 1 Amd | 2 Epyc Server, Epyc Server Firmware | 2019-10-03 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. | |||||
| CVE-2018-8934 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2019-10-03 | 9.3 HIGH | 9.0 CRITICAL |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. | |||||
| CVE-2018-9059 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. | |||||
| CVE-2018-9091 | 1 Kemptechnologies | 1 Loadmaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. | |||||
| CVE-2018-9580 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | |||||
| CVE-2018-9845 | 1 Etherpad | 1 Etherpad Lite | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Etherpad Lite before 1.6.4 is exploitable for admin access. | |||||
| CVE-2016-6090 | 1 Ibm | 1 Websphere Commerce | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. | |||||
| CVE-2015-9435 | 1 Dash10 | 1 Oauth Server | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | |||||
| CVE-2019-16999 | 1 Idcos | 1 Cloudboot | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. | |||||
| CVE-2019-10539 | 1 Qualcomm | 98 Ipq8074, Ipq8074 Firmware, Mdm9206 and 95 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 | |||||
| CVE-2019-10538 | 1 Qualcomm | 54 Msm8909w, Msm8909w Firmware, Msm8996au and 51 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24 | |||||
| CVE-2019-10509 | 1 Qualcomm | 64 Msm8909w, Msm8909w Firmware, Msm8996au and 61 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
| CVE-2019-16755 | 1 Bmc | 1 Myit Digital Workplace | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability. | |||||
| CVE-2019-16411 | 1 Suricata-ids | 1 Suricata | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead. | |||||
| CVE-2018-7811 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | |||||
| CVE-2019-16692 | 1 Phpipam | 1 Phpipam | 2019-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | |||||
| CVE-2019-1913 | 1 Cisco | 22 Sf-220-24, Sf-220-24 Firmware, Sf220-24p and 19 more | 2019-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS. | |||||
| CVE-2019-6446 | 2 Fedoraproject, Numpy | 2 Fedora, Numpy | 2019-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources. | |||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2019-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
| CVE-2018-7784 | 1 Schneider-electric | 1 U.motion | 2019-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. | |||||
| CVE-2007-6762 | 1 Linux | 1 Linux Kernel | 2019-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. | |||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2019-09-27 | 9.0 HIGH | 9.9 CRITICAL |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | |||||
| CVE-2013-6014 | 1 Juniper | 1 Junos | 2019-09-27 | 6.1 MEDIUM | 9.3 CRITICAL |
| Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2019-09-27 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2019-7551 | 1 Cantemo | 1 Portal | 2019-09-27 | 6.0 MEDIUM | 9.0 CRITICAL |
| Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. | |||||
| CVE-2019-16880 | 1 Linea Project | 1 Linea | 2019-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | |||||
| CVE-2018-1000804 | 1 Contiki-ng | 1 Contiki-ng | 2019-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). | |||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | |||||
| CVE-2011-5327 | 1 Linux | 1 Linux Kernel | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. | |||||
| CVE-2018-1000639 | 1 Latexdraw Project | 1 Latexdraw | 2019-09-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. | |||||
| CVE-2019-16868 | 1 Emlog | 1 Emlog | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | |||||
| CVE-2018-5989 | 1 Chillcreations | 1 Ccnewsletter | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | |||||
| CVE-2019-16724 | 1 Upredsun | 1 File Sharing Wizard | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. | |||||
| CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | |||||
| CVE-2019-5485 | 1 Gitlabhook Project | 1 Gitlabhook | 2019-09-25 | 10.0 HIGH | 10.0 CRITICAL |
| NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2019-15699 | 1 Suricata-ids | 1 Suricata | 2019-09-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. | |||||
| CVE-2019-9855 | 2 Libreoffice, Microsoft | 2 Libreoffice, Windows | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | |||||
| CVE-2019-13923 | 1 Siemens | 2 Ie\/wsn-pa Link Wirelesshart Gateway, Ie\/wsn-pa Link Wirelesshart Gateway Firmware | 2019-09-24 | 4.3 MEDIUM | 9.6 CRITICAL |
| A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2019-09-24 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2010-5333 | 2 Integard Home Project, Integard Pro Project | 2 Integard Home, Integard Pro | 2019-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow. | |||||
| CVE-2019-16748 | 1 Wolfssl | 1 Wolfssl | 2019-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. | |||||
| CVE-2018-1000823 | 1 Exist-db | 1 Exist | 2019-09-24 | 7.5 HIGH | 10.0 CRITICAL |
| exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |||||
| CVE-2018-21018 | 1 Joinmastodon | 1 Mastodon | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | |||||
| CVE-2019-16705 | 1 Libming | 1 Libming | 2019-09-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | |||||
| CVE-2019-16696 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | |||||
| CVE-2019-16695 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | |||||
| CVE-2019-16694 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | |||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | |||||