Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13911 | 1 Qualcomm | 92 Mdm9150, Mdm9150 Firmware, Mdm9206 and 89 more | 2019-06-18 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2259 | 1 Qualcomm | 70 Msm8909w, Msm8909w Firmware, Msm8996au and 67 more | 2019-06-18 | 10.0 HIGH | 9.8 CRITICAL |
| Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-6714 | 1 Blogengine | 1 Blogengine.net | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. | |||||
| CVE-2018-14728 | 1 Tecrail | 1 Responsive Filemanager | 2019-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | |||||
| CVE-2019-12835 | 1 Leanify Project | 1 Leanify | 2019-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. | |||||
| CVE-2019-12153 | 1 Realobjects | 1 Pdfreactor | 2019-06-17 | 6.4 MEDIUM | 10.0 CRITICAL |
| Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content. | |||||
| CVE-2017-12194 | 1 Spice-gtk Project | 1 Spice-gtk | 2019-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. | |||||
| CVE-2019-12798 | 1 Artifex | 1 Mujs | 2019-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2019-06-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2019-11027 | 1 Openid | 1 Ruby-openid | 2019-06-14 | 10.0 HIGH | 9.8 CRITICAL |
| Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk. | |||||
| CVE-2019-11768 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |||||
| CVE-2014-9984 | 1 Gnu | 1 Glibc | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | |||||
| CVE-2014-9761 | 5 Canonical, Fedoraproject, Gnu and 2 more | 9 Ubuntu Linux, Fedora, Glibc and 6 more | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |||||
| CVE-2019-12154 | 1 Realobjects | 1 Pdfreactor | 2019-06-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions. | |||||
| CVE-2019-12149 | 1 Silverstripe | 2 Registry, Restfulserver | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2016-10760 | 1 Seowonintech | 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more | 2019-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. | |||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | |||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | |||||
| CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2019-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | |||||
| CVE-2009-5156 | 1 Veracomp | 2 Asmax Ar-804gu, Asmax Ar-804gu Firmware | 2019-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string. | |||||
| CVE-2019-5597 | 1 Freebsd | 1 Freebsd | 2019-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. | |||||
| CVE-2017-5953 | 1 Vim | 1 Vim | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | |||||
| CVE-2018-17198 | 1 Apache | 1 Roller | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> --> | |||||
| CVE-2016-10714 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | |||||
| CVE-2014-10071 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | |||||
| CVE-2018-11801 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | |||||
| CVE-2018-11800 | 1 Apache | 1 Fineract | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | |||||
| CVE-2019-9879 | 1 Wpgraphql | 1 Wpgraphql | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | |||||
| CVE-2019-9880 | 1 Wpgraphql | 1 Wpgraphql | 2019-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. | |||||
| CVE-2018-20355 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20356 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20354 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20353 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20091 | 1 Cloudera | 1 Data Science Workbench | 2019-06-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs. | |||||
| CVE-2019-12776 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2019-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products. | |||||
| CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | |||||
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||||
| CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||||
| CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2019-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | |||||
| CVE-2019-12300 | 1 Buildbot | 1 Buildbot | 2019-06-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim. | |||||
| CVE-2019-12196 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | |||||
| CVE-2019-8385 | 1 Thomsonreuters | 2 Concourse Matter Room, Firm Central Desktop | 2019-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution. | |||||
| CVE-2019-5356 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2016-5022 | 1 F5 | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more | 2019-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic. | |||||
| CVE-2018-7121 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-19864 | 1 Nuuo | 1 Nvrmini2 Firmware | 2019-06-04 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. | |||||
| CVE-2018-20434 | 1 Librenms | 1 Librenms | 2019-06-04 | 10.0 HIGH | 9.8 CRITICAL |
| LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | |||||
| CVE-2019-11185 | 1 Wp-livechat | 1 Wp Live Chat Support Pro | 2019-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension. | |||||
| CVE-2017-14851 | 1 Orpak | 1 Siteomat | 2019-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. | |||||
| CVE-2017-14728 | 1 Orpak | 1 Siteomat | 2019-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public. | |||||