Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11569 | 1 Eventum Project | 1 Eventum | 2019-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. | |||||
| CVE-2019-13020 | 1 Trms | 1 Tightrope Media Carousel | 2019-09-06 | 6.4 MEDIUM | 10.0 CRITICAL |
| The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | |||||
| CVE-2019-11500 | 3 Debian, Dovecot, Fedoraproject | 4 Debian Linux, Dovecot, Pigeonhole and 1 more | 2019-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | |||||
| CVE-2019-13187 | 1 Symphonyextensions | 1 Rich Text Formatter | 2019-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | |||||
| CVE-2019-10709 | 1 Asus | 1 Precision Touchpad | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | |||||
| CVE-2019-15552 | 1 Libflate Project | 1 Libflate | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. | |||||
| CVE-2019-15872 | 1 Wpbrigade | 1 Loginpress | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. | |||||
| CVE-2019-13976 | 1 Egain | 1 Chat | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| eGain Chat 15.0.3 allows unrestricted file upload. | |||||
| CVE-2015-9344 | 1 Perafox | 1 Link Log | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| The link-log plugin before 2.1 for WordPress has SQL injection. | |||||
| CVE-2019-15497 | 2 Blackbox, Onelan | 4 Icompel, Icompel Firmware, Net-top-box and 1 more | 2019-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. | |||||
| CVE-2019-14943 | 1 Gitlab | 1 Gitlab | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | |||||
| CVE-2019-15074 | 1 Mantisbt | 1 Mantisbt | 2019-09-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. | |||||
| CVE-2019-15505 | 1 Linux | 1 Linux Kernel | 2019-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | |||||
| CVE-2019-15504 | 1 Linux | 1 Linux Kernel | 2019-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | |||||
| CVE-2019-14282 | 1 Simple Captcha2 Project | 1 Simple Captcha2 | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | |||||
| CVE-2019-15788 | 1 Nvidia | 1 Clara Genomics Analysis | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. | |||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | |||||
| CVE-2019-15786 | 1 Robotis | 1 Dynamixel Sdk | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | |||||
| CVE-2019-15783 | 1 Lute-tab Project | 1 Lute-tab | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. | |||||
| CVE-2019-15822 | 1 Wpserveur | 1 Wps Child Theme Generator | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | |||||
| CVE-2019-14281 | 1 Datagrid Project | 1 Datagrid | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | |||||
| CVE-2019-15555 | 1 Wellness Project | 1 Wellness | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | |||||
| CVE-2019-15557 | 1 Xm-online | 1 Xm\^online 2 User Account And Authentication Server | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | |||||
| CVE-2019-15551 | 1 Servo | 1 Smallvec | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. | |||||
| CVE-2019-9933 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Various Lexmark products have a Buffer Overflow (issue 3 of 3). | |||||
| CVE-2019-9932 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Various Lexmark products have a Buffer Overflow (issue 2 of 3). | |||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | |||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | |||||
| CVE-2018-21000 | 1 Safe-transmute Project | 1 Safe-transmute | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. | |||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | |||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | |||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | |||||
| CVE-2019-15651 | 1 Wolfssl | 1 Wolfssl | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. | |||||
| CVE-2019-15292 | 1 Linux | 1 Linux Kernel | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. | |||||
| CVE-2019-9851 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-9850 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-9852 | 3 Debian, Fedoraproject, Libreoffice | 3 Debian Linux, Fedora, Libreoffice | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-11772 | 1 Eclipse | 1 Openj9 | 2019-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager. | |||||
| CVE-2019-15558 | 1 Xm-online | 1 Xm\^online 2 - Common Utils And Endpoints | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. | |||||
| CVE-2018-20991 | 1 Servo | 1 Smallvec | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. | |||||
| CVE-2019-1935 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database. | |||||
| CVE-2019-1937 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device. | |||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | |||||
| CVE-2019-15503 | 1 Altavoz | 1 Prontuscms | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. | |||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | |||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | |||||
| CVE-2018-20995 | 1 Slice-deque Project | 1 Slice-deque | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. | |||||
| CVE-2019-11031 | 1 Mirasys | 1 Mirasys Vms | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges. | |||||
| CVE-2018-20996 | 1 Crossbeam Project | 1 Crossbeam | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. | |||||
| CVE-2018-20997 | 1 Openssl Project | 1 Openssl | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | |||||