Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18286 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-18285 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-11469 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | |||||
| CVE-2018-17057 | 2 Limesurvey, Tecnick | 2 Limesurvey, Tcpdf | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | |||||
| CVE-2017-16558 | 1 Contao | 1 Contao Cms | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | |||||
| CVE-2017-17612 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | |||||
| CVE-2018-5782 | 1 Mitel | 2 Connect Onsite, St14.2 | 2019-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | |||||
| CVE-2019-11217 | 1 Bonobogitserver | 1 Bonobo Git Server | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | |||||
| CVE-2016-7443 | 1 Exponentcms | 1 Exponent Cms | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | |||||
| CVE-2019-5672 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx2 | 2019-04-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. | |||||
| CVE-2019-9184 | 1 J2store | 1 J2store | 2019-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. | |||||
| CVE-2019-11072 | 1 Lighttpd | 1 Lighttpd | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit." | |||||
| CVE-2014-9654 | 2 Google, Icu-project | 2 Chrome, International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. | |||||
| CVE-2017-14952 | 1 Icu-project | 1 International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. | |||||
| CVE-2016-7415 | 1 Icu-project | 1 International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. | |||||
| CVE-2017-17484 | 1 Icu-project | 1 International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. | |||||
| CVE-2016-6293 | 1 Icu-project | 1 International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. | |||||
| CVE-2014-9911 | 1 Icu-project | 1 International Components For Unicode | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. | |||||
| CVE-2018-20818 | 1 Openplcproject | 4 Openplc V2, Openplc V2 Firmware, Openplc V3 and 1 more | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. | |||||
| CVE-2019-11418 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. | |||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | |||||
| CVE-2019-11450 | 1 Whatsns | 1 Whatsns | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | |||||
| CVE-2018-14618 | 4 Canonical, Debian, Haxx and 1 more | 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | |||||
| CVE-2015-4603 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2016-0749 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-4602 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2019-11344 | 1 Pluck-cms | 1 Pluck | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. | |||||
| CVE-2018-20817 | 1 Activision | 1 Call Of Duty\ | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2. | |||||
| CVE-2019-2030 | 1 Google | 1 Android | 2019-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119496789. | |||||
| CVE-2019-10641 | 1 Contao | 1 Contao Cms | 2019-04-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. | |||||
| CVE-2019-9160 | 1 Xinruidz | 2 Sundray Wan Controller, Sundray Wan Controller Firmware | 2019-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string). | |||||
| CVE-2017-17836 | 1 Apache | 1 Airflow | 2019-04-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system. | |||||
| CVE-2018-5923 | 1 Hp | 276 Color Laserjet Cm4540 Mfp, Color Laserjet Cm4540 Mfp Firmware, Color Laserjet Cp5525 and 273 more | 2019-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2018-19595 | 1 Pbootcms | 1 Pbootcms | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | |||||
| CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2019-04-17 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | |||||
| CVE-2019-10945 | 1 Joomla | 1 Joomla\! | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | |||||
| CVE-2019-9845 | 1 Miniblog.core Project | 1 Miniblog.core | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension. | |||||
| CVE-2015-9262 | 4 Canonical, Debian, Redhat and 1 more | 7 Ubuntu Linux, Debian Linux, Ansible Tower and 4 more | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | |||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2019-04-16 | 10.0 HIGH | 9.8 CRITICAL |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-18018 | 1 Tribulant | 1 Slideshow Gallery | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | |||||
| CVE-2018-20555 | 1 Designchemical | 1 Social Network Tabs | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover. | |||||
| CVE-2017-7774 | 2 Mozilla, Sil | 2 Firefox, Graphite2 | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. | |||||
| CVE-2016-6808 | 1 Apache | 1 Tomcat Jk Connector | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | |||||
| CVE-2016-7447 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-7446 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | |||||
| CVE-2019-3858 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3860 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||