Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0670 | 1 Mnc | 1 Inplc-rt | 2019-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669. | |||||
| CVE-2018-0669 | 1 Mnc | 1 Inplc-rt | 2019-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670. | |||||
| CVE-2016-5636 | 1 Python | 1 Python | 2019-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. | |||||
| CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2019-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | |||||
| CVE-2018-16188 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2019-7587 | 1 Bo-blog | 1 Bw | 2019-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function. | |||||
| CVE-2019-7585 | 1 Bijiadao | 1 Waimai Super Cms | 2019-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. | |||||
| CVE-2018-20732 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | |||||
| CVE-2018-18504 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. | |||||
| CVE-2019-7568 | 1 Baijiacms Project | 1 Baijiacms | 2019-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. | |||||
| CVE-2018-1000836 | 1 Apereo | 1 Bw-calendar-engine | 2019-02-07 | 6.8 MEDIUM | 9.0 CRITICAL |
| bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server. | |||||
| CVE-2018-1000829 | 1 Anyplace Project | 1 Anyplace | 2019-02-07 | 6.8 MEDIUM | 9.0 CRITICAL |
| Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4. | |||||
| CVE-2018-18502 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-02-07 | 10.0 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. | |||||
| CVE-2018-1000833 | 1 Zoneminder | 1 Zoneminder | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | |||||
| CVE-2018-5203 | 1 Dextsolution | 1 Dextuploadx5 | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution. | |||||
| CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | |||||
| CVE-2019-1000023 | 1 Opt-net | 1 Ng-netms | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity. | |||||
| CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | |||||
| CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2018-15362 | 1 Ge | 1 Cimplicity | 2019-02-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | |||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | |||||
| CVE-2018-6152 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | |||||
| CVE-2018-20300 | 1 Phome | 1 Empirecms | 2019-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | |||||
| CVE-2019-7234 | 1 Idreamsoft | 1 Icms | 2019-02-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. | |||||
| CVE-2018-14708 | 1 Drobo | 2 5n2, 5n2 Firmware | 2019-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. | |||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2019-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | |||||
| CVE-2018-19127 | 1 Phpcms | 1 Phpcms | 2019-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. | |||||
| CVE-2018-19417 | 1 Contiki-ng | 1 Contiki-ng | 2019-02-04 | 10.0 HIGH | 10.0 CRITICAL |
| An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. | |||||
| CVE-2019-7160 | 1 Idreamsoft | 1 Icms | 2019-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | |||||
| CVE-2018-19646 | 1 Imperva | 1 Securesphere | 2019-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | |||||
| CVE-2018-1000827 | 1 Ubilling | 1 Ubilling | 2019-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | |||||
| CVE-2018-19047 | 1 Mpdf Project | 1 Mpdf | 2019-02-01 | 7.5 HIGH | 10.0 CRITICAL |
| ** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble." | |||||
| CVE-2018-1000824 | 1 Megamek | 1 Megamek | 2019-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | |||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2019-02-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | |||||
| CVE-2018-8021 | 1 Apache | 1 Superset | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. | |||||
| CVE-2019-5720 | 1 Frontaccounting | 1 Frontaccounting | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. | |||||
| CVE-2019-5748 | 1 Traccar | 1 Server | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | |||||
| CVE-2018-18933 | 1 Foxitsoftware | 2 Foxit Reader, U3d | 2019-01-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue. | |||||
| CVE-2018-6127 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2017-15402 | 1 Google | 2 Chrome, Chrome Os | 2019-01-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2019-6246 | 1 Svgpp | 1 Svgpp | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read. | |||||
| CVE-2018-15982 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Installer, Mac Os X and 8 more | 2019-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-18925 | 1 Gogs | 1 Gogs | 2019-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. | |||||
| CVE-2018-17298 | 1 Enalean | 1 Tuleap | 2019-01-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | |||||
| CVE-2018-18888 | 1 Laravelcms Project | 1 Laravelcms | 2019-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | |||||
| CVE-2018-18926 | 1 Gitea | 1 Gitea | 2019-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-18628 | 1 Pippo | 1 Pippo | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution. | |||||
| CVE-2017-18349 | 2 Alibaba, Pippo | 2 Fastjson, Pippo | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | |||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||