| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14467 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). | ||
| CVE-2018-14466 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). | ||
| CVE-2018-14465 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | ||
| CVE-2018-14464 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). | ||
| CVE-2018-14463 | Hig | 0.42 | 7.5 | 0.05 | Oct 3, 2019 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. | ||
| CVE-2018-14462 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). | ||
| CVE-2018-14461 | Hig | 0.42 | 7.5 | 0.04 | Oct 3, 2019 | The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). | ||
| CVE-2019-4422 | Hig | 0.57 | 8.8 | 0.02 | Oct 3, 2019 | IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. | ||
| CVE-2019-3834 | Hig | 0.48 | 7.3 | 0.01 | Oct 3, 2019 | It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as… | ||
| CVE-2019-16407 | Hig | 0.47 | 7.3 | 0.00 | Oct 2, 2019 | JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. | ||
| CVE-2019-15256 | Hig | 0.56 | 8.6 | 0.02 | Oct 2, 2019 | A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a… | ||
| CVE-2019-15040 | Hig | 0.57 | 8.8 | 0.01 | Oct 2, 2019 | JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | ||
| CVE-2019-15036 | Hig | 0.47 | 7.2 | 0.02 | Oct 2, 2019 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | ||
| CVE-2019-14958 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | ||
| CVE-2019-12706 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2019 | A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the… | ||
| CVE-2019-12699 | Hig | 0.51 | 7.8 | 0.00 | Oct 2, 2019 | Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to… | ||
| CVE-2019-12698 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to… | ||
| CVE-2019-12697 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2019 | Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section… | ||
| CVE-2019-12696 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2019 | Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section… | ||
| CVE-2019-12690 | Hig | 0.47 | 7.2 | 0.04 | Oct 2, 2019 | A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to… | ||
| CVE-2019-12689 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient… | ||
| CVE-2019-12688 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability… | ||
| CVE-2019-12687 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability… | ||
| CVE-2019-12686 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12685 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12684 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12683 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12682 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12681 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12680 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12679 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2019 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input… | ||
| CVE-2019-12678 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an… | ||
| CVE-2019-12676 | Hig | 0.48 | 7.4 | 0.01 | Oct 2, 2019 | A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a… | ||
| CVE-2019-12675 | Hig | 0.57 | 8.8 | 0.00 | Oct 2, 2019 | Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These… | ||
| CVE-2019-12674 | Hig | 0.53 | 8.2 | 0.00 | Oct 2, 2019 | Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These… | ||
| CVE-2019-12673 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due… | ||
| CVE-2019-8462 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2019 | In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. | ||
| CVE-2019-5031 | Hig | 0.58 | 8.8 | 0.06 | Oct 2, 2019 | An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution.… | ||
| CVE-2019-13343 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this… | ||
| CVE-2019-4539 | Hig | 0.46 | 7.1 | 0.01 | Oct 2, 2019 | IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. | ||
| CVE-2019-4538 | Hig | 0.53 | 8.2 | 0.01 | Oct 2, 2019 | IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a… | ||
| CVE-2019-4520 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. | ||
| CVE-2019-17080 | Hig | 0.54 | 7.8 | 0.08 | Oct 2, 2019 | mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports. | ||
| CVE-2019-17075 | Hig | 0.49 | 7.5 | 0.06 | Oct 1, 2019 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable… | ||
| CVE-2019-8291 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2019 | Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. | ||
| CVE-2019-0231 | Hig | 0.49 | 7.5 | 0.02 | Oct 1, 2019 | Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should… | ||
| CVE-2019-17069 | Hig | 0.49 | 7.5 | 0.02 | Oct 1, 2019 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | ||
| CVE-2019-17068 | Hig | 0.49 | 7.5 | 0.02 | Oct 1, 2019 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||
| CVE-2019-15042 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2019 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | ||
| CVE-2019-15038 | Hig | 0.49 | 7.5 | 0.01 | Oct 1, 2019 | An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. |
- risk 0.42cvss 7.5epss 0.04
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
- risk 0.42cvss 7.5epss 0.04
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
- risk 0.42cvss 7.5epss 0.04
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
- risk 0.42cvss 7.5epss 0.04
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
- risk 0.42cvss 7.5epss 0.05
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
- risk 0.42cvss 7.5epss 0.04
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
- risk 0.42cvss 7.5epss 0.04
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
- risk 0.57cvss 8.8epss 0.02
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.
- risk 0.48cvss 7.3epss 0.01
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as…
- risk 0.47cvss 7.3epss 0.00
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
- risk 0.56cvss 8.6epss 0.02
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a…
- risk 0.57cvss 8.8epss 0.01
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
- risk 0.49cvss 7.5epss 0.02
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the…
- risk 0.51cvss 7.8epss 0.00
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to…
- risk 0.49cvss 7.5epss 0.01
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section…
- risk 0.49cvss 7.5epss 0.01
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section…
- risk 0.47cvss 7.2epss 0.04
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a…
- risk 0.57cvss 8.8epss 0.00
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These…
- risk 0.53cvss 8.2epss 0.00
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…
- risk 0.49cvss 7.5epss 0.01
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.
- risk 0.58cvss 8.8epss 0.06
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution.…
- risk 0.49cvss 7.5epss 0.02
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this…
- risk 0.46cvss 7.1epss 0.01
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
- risk 0.53cvss 8.2epss 0.01
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…
- risk 0.49cvss 7.5epss 0.02
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
- risk 0.54cvss 7.8epss 0.08
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
- risk 0.49cvss 7.5epss 0.06
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable…
- risk 0.49cvss 7.5epss 0.01
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
- risk 0.49cvss 7.5epss 0.02
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should…
- risk 0.49cvss 7.5epss 0.02
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
- risk 0.49cvss 7.5epss 0.02
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.