Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3858 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3860 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2019-3861 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-8979 | 1 Kohanaframework | 1 Kohana | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | |||||
| CVE-2018-19300 | 1 D-link | 16 Dap-1530, Dap-1530 Firmware, Dap-1610 and 13 more | 2019-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. | |||||
| CVE-2019-6713 | 1 Thinkcmf | 1 Thinkcmf | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. | |||||
| CVE-2019-7412 | 1 Ps Phpcaptcha Wp Project | 1 Ps Phpcaptcha Wp | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | |||||
| CVE-2019-5715 | 1 Silverstripe | 1 Silverstripe | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | |||||
| CVE-2019-11014 | 1 Vstarcam | 1 Eye4 | 2019-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker's fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password). | |||||
| CVE-2019-10842 | 1 Getbootstrap | 1 Bootstrap-sass | 2019-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare. | |||||
| CVE-2005-3590 | 1 Gnu | 1 Glibc | 2019-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | |||||
| CVE-2018-19586 | 1 Silverpeas | 1 Silverpeas | 2019-04-11 | 9.0 HIGH | 9.9 CRITICAL |
| Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system. | |||||
| CVE-2018-19486 | 3 Canonical, Git-scm, Linux | 3 Ubuntu Linux, Git, Linux Kernel | 2019-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | |||||
| CVE-2018-12178 | 1 Tianocore | 1 Edk Ii | 2019-04-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. | |||||
| CVE-2019-10479 | 1 Glory-global | 2 Rbw-100, Rbw-100 Firmware | 2019-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface. | |||||
| CVE-2018-19282 | 1 Rockwellautomation | 2 Powerflex 525 Ac Drives, Powerflex 525 Ac Drives Firmware | 2019-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control. | |||||
| CVE-2018-10243 | 1 Oisf | 1 Libhtp | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. | |||||
| CVE-2018-4353 | 1 Apple | 1 Mac Os X | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2019-10011 | 1 Jenzabar | 1 Internet Campus Solution | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | |||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| XXE issue in Airsonic before 10.1.2 during parse. | |||||
| CVE-2018-10244 | 1 Suricata-ids | 1 Suricata | 2019-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. | |||||
| CVE-2018-11410 | 2 Canonical, Liblouis | 2 Ubuntu Linux, Liblouis | 2019-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2019-9895 | 3 Fedoraproject, Opengroup, Putty | 3 Fedora, Unix, Putty | 2019-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | |||||
| CVE-2019-6978 | 3 Canonical, Debian, Libgd | 3 Ubuntu Linux, Debian Linux, Libgd | 2019-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | |||||
| CVE-2018-4287 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2018-4286 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2018-4367 | 1 Apple | 1 Iphone Os | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1. | |||||
| CVE-2018-4331 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4332 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4288 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2018-4291 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2019-10686 | 1 Ctrip | 1 Apollo | 2019-04-04 | 7.5 HIGH | 10.0 CRITICAL |
| An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled. | |||||
| CVE-2018-4295 | 1 Apple | 1 Mac Os X | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4268 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2018-4259 | 1 Apple | 1 Mac Os X | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2015-5463 | 1 Axiomsl | 1 Axiom | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | |||||
| CVE-2017-8023 | 1 Dell | 1 Emc Networker | 2019-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. | |||||
| CVE-2019-5523 | 1 Vmware | 1 Vcloud Director | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session. | |||||
| CVE-2017-16748 | 1 Tridium | 2 Niagara, Niagara Ax Framework | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. | |||||
| CVE-2019-10707 | 1 Mkcms Project | 1 Mkcms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| MKCMS V5.0 has SQL injection via the bplay.php play parameter. | |||||
| CVE-2019-10684 | 1 74cms | 1 74cms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. | |||||
| CVE-2019-10708 | 1 S-cms | 1 S-cms | 2019-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | |||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | |||||
| CVE-2017-3248 | 1 Oracle | 1 Weblogic Server | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2018-18500 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. | |||||
| CVE-2018-18501 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2019-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. | |||||
| CVE-2016-3510 | 1 Oracle | 1 Weblogic Server | 2019-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586. | |||||
| CVE-2018-3985 | 1 Getcujo | 1 Smart Firewall | 2019-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | |||||
| CVE-2019-10276 | 1 Cobub | 1 Razor | 2019-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. | |||||