| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8110 | Hig | 0.50 | 8.8 | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | ||
| CVE-2019-8109 | Hig | 0.45 | 8.0 | 0.01 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | ||
| CVE-2019-8093 | Hig | 0.50 | 8.8 | 0.01 | Nov 5, 2019 | An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. | ||
| CVE-2019-8091 | Hig | 0.47 | 7.2 | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. | ||
| CVE-2019-5089 | Hig | 0.51 | 7.8 | 0.02 | Nov 5, 2019 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a… | ||
| CVE-2019-5088 | Hig | 0.51 | 7.8 | 0.02 | Nov 5, 2019 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this… | ||
| CVE-2019-16284 | Hig | 0.47 | 7.2 | 0.02 | Nov 5, 2019 | A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to… | ||
| CVE-2018-19167 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19166 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19165 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19164 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19163 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19162 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19161 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19160 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19159 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19157 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19156 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||
| CVE-2018-19155 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | ||
| CVE-2018-19154 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | ||
| CVE-2018-19153 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | ||
| CVE-2018-19152 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | ||
| CVE-2019-10084 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query… | ||
| CVE-2010-2222 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | ||
| CVE-2019-1789 | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | ||
| CVE-2019-15966 | Hig | 0.50 | 7.7 | 0.01 | Nov 5, 2019 | A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application.… | ||
| CVE-2019-12625 | Hig | 0.49 | 7.5 | 0.02 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | ||
| CVE-2019-18631 | Hig | 0.51 | 7.8 | 0.01 | Nov 5, 2019 | The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input… | ||
| CVE-2019-17062 | Hig | 0.57 | 8.8 | 0.01 | Nov 5, 2019 | An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users… | ||
| CVE-2019-17598 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 5, 2019 | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the… | |
| CVE-2019-17221 | — | Hig | 0.49 | 7.5 | 0.03 | Nov 5, 2019 | PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a… | |
| CVE-2013-6364 | Hig | 0.53 | 8.8 | 0.02 | Nov 5, 2019 | Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||
| CVE-2019-3685 | Hig | 0.48 | 7.4 | 0.01 | Nov 5, 2019 | Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | ||
| CVE-2010-3668 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | ||
| CVE-2013-4374 | Hig | 0.46 | 7.1 | 0.00 | Nov 4, 2019 | An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | ||
| CVE-2010-3663 | — | Hig | 0.57 | 8.8 | 0.02 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |
| CVE-2010-3662 | — | Hig | 0.57 | 8.8 | 0.01 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |
| CVE-2017-5333 | Hig | 0.51 | 7.8 | 0.02 | Nov 4, 2019 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | ||
| CVE-2017-5332 | Hig | 0.51 | 7.8 | 0.02 | Nov 4, 2019 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | ||
| CVE-2017-5331 | Hig | 0.51 | 7.8 | 0.00 | Nov 4, 2019 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | ||
| CVE-2019-18178 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the… | ||
| CVE-2019-17210 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),… | ||
| CVE-2013-4251 | Hig | 0.44 | 7.8 | 0.00 | Nov 4, 2019 | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||
| CVE-2005-4890 | Hig | 0.44 | 7.8 | 0.01 | Nov 4, 2019 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | ||
| CVE-2019-13496 | Hig | 0.53 | 8.1 | 0.01 | Nov 4, 2019 | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | ||
| CVE-2013-4105 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure | ||
| CVE-2013-2257 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2019 | Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | ||
| CVE-2019-18684 | Hig | 0.46 | 7.0 | 0.00 | Nov 4, 2019 | Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL)… | ||
| CVE-2019-18683 | Hig | 0.46 | 7.0 | 0.01 | Nov 4, 2019 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race… | ||
| CVE-2013-4104 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2019 | Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol |
- risk 0.50cvss 8.8epss 0.02
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
- risk 0.45cvss 8.0epss 0.01
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
- risk 0.50cvss 8.8epss 0.01
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
- risk 0.47cvss 7.2epss 0.02
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
- risk 0.51cvss 7.8epss 0.02
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a…
- risk 0.51cvss 7.8epss 0.02
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this…
- risk 0.47cvss 7.2epss 0.02
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to…
- risk 0.49cvss 7.5epss 0.01
CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.
- risk 0.49cvss 7.5epss 0.01
navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- risk 0.49cvss 7.5epss 0.01
HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- risk 0.49cvss 7.5epss 0.01
particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- risk 0.49cvss 7.5epss 0.01
emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- risk 0.49cvss 7.5epss 0.01
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query…
- risk 0.49cvss 7.5epss 0.01
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
- risk 0.49cvss 7.5epss 0.01
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- risk 0.50cvss 7.7epss 0.01
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application.…
- risk 0.49cvss 7.5epss 0.02
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- risk 0.51cvss 7.8epss 0.01
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the…
- risk 0.49cvss 7.5epss 0.03
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a…
- risk 0.53cvss 8.8epss 0.02
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
- risk 0.48cvss 7.4epss 0.01
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
- risk 0.49cvss 7.5epss 0.01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
- risk 0.46cvss 7.1epss 0.00
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
- risk 0.57cvss 8.8epss 0.02
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
- risk 0.57cvss 8.8epss 0.01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
- risk 0.51cvss 7.8epss 0.02
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
- risk 0.51cvss 7.8epss 0.02
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
- risk 0.51cvss 7.8epss 0.00
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
- risk 0.49cvss 7.5epss 0.01
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the…
- risk 0.49cvss 7.5epss 0.01
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),…
- risk 0.44cvss 7.8epss 0.00
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
- risk 0.44cvss 7.8epss 0.01
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
- risk 0.53cvss 8.1epss 0.01
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
- risk 0.49cvss 7.5epss 0.01
Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure
- risk 0.49cvss 7.5epss 0.02
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness
- risk 0.46cvss 7.0epss 0.00
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL)…
- risk 0.46cvss 7.0epss 0.01
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race…
- risk 0.49cvss 7.5epss 0.01
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol