| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12657 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this… | ||
| CVE-2019-12656 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport… | ||
| CVE-2019-12655 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected… | ||
| CVE-2019-12654 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to… | ||
| CVE-2019-12653 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket… | ||
| CVE-2019-12652 | Hig | 0.49 | 7.5 | 0.03 | Sep 25, 2019 | A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper… | ||
| CVE-2019-6656 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2019 | BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and… | ||
| CVE-2019-16889 | Hig | 0.49 | 7.5 | 0.05 | Sep 25, 2019 | Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a… | ||
| CVE-2019-14666 | Hig | 0.57 | 8.8 | 0.02 | Sep 25, 2019 | GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary… | ||
| CVE-2019-12651 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2019 | Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section… | ||
| CVE-2019-12650 | Hig | 0.60 | 8.8 | 0.29 | Sep 25, 2019 | Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section… | ||
| CVE-2019-12648 | Hig | 0.57 | 8.8 | 0.02 | Sep 25, 2019 | A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access… | ||
| CVE-2019-12647 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL… | ||
| CVE-2019-12646 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2019 | A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper… | ||
| CVE-2019-16887 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2019 | In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | ||
| CVE-2019-16884 | — | Hig | 0.42 | 7.5 | 0.04 | Sep 25, 2019 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |
| CVE-2019-16882 | — | Hig | 0.42 | 7.5 | 0.02 | Sep 25, 2019 | An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | |
| CVE-2019-16188 | Hig | 0.46 | 7.1 | 0.01 | Sep 25, 2019 | HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in… | ||
| CVE-2019-16701 | Hig | 0.55 | 8.8 | 0.20 | Sep 25, 2019 | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | ||
| CVE-2019-10428 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2019 | Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-10412 | Hig | 0.42 | 7.5 | 0.01 | Sep 25, 2019 | Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-10411 | Hig | 0.42 | 7.5 | 0.01 | Sep 25, 2019 | Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-5094 | Hig | 0.49 | 7.5 | 0.01 | Sep 24, 2019 | An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | ||
| CVE-2019-13527 | Hig | 0.51 | 7.8 | 0.05 | Sep 24, 2019 | In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. | ||
| CVE-2019-16754 | Hig | 0.00 | 7.5 | 0.01 | Sep 24, 2019 | RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT… | ||
| CVE-2019-14753 | Hig | 0.49 | 7.5 | 0.01 | Sep 24, 2019 | SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | ||
| CVE-2019-13357 | Hig | 0.51 | 7.8 | 0.01 | Sep 24, 2019 | In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the… | ||
| CVE-2019-13356 | Hig | 0.51 | 7.8 | 0.00 | Sep 24, 2019 | In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | ||
| CVE-2019-13355 | Hig | 0.51 | 7.8 | 0.00 | Sep 24, 2019 | In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the… | ||
| CVE-2019-16729 | Hig | 0.51 | 7.8 | 0.00 | Sep 24, 2019 | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | ||
| CVE-2019-10754 | — | Hig | 0.46 | 8.1 | 0.02 | Sep 23, 2019 | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | |
| CVE-2019-1367 | Hig | 0.71 | 7.5 | 0.53 | KEV | Sep 23, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | |
| CVE-2019-1255 | Hig | 0.49 | 7.5 | 0.04 | Sep 23, 2019 | A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | ||
| CVE-2019-11277 | Hig | 0.53 | 8.1 | 0.02 | Sep 23, 2019 | Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space… | ||
| CVE-2019-10996 | Hig | 0.51 | 7.8 | 0.01 | Sep 23, 2019 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | ||
| CVE-2019-10984 | Hig | 0.51 | 7.8 | 0.01 | Sep 23, 2019 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | ||
| CVE-2019-10978 | Hig | 0.51 | 7.8 | 0.01 | Sep 23, 2019 | Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | ||
| CVE-2018-21019 | — | Hig | 0.42 | 7.5 | 0.02 | Sep 23, 2019 | Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | |
| CVE-2019-13063 | Hig | 0.54 | 7.5 | 0.27 | Sep 23, 2019 | Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be… | ||
| CVE-2019-16720 | Hig | 0.49 | 7.5 | 0.01 | Sep 23, 2019 | ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | ||
| CVE-2019-16718 | Hig | 0.44 | 7.8 | 0.02 | Sep 23, 2019 | In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for… | ||
| CVE-2019-16714 | Hig | 0.42 | 7.5 | 0.03 | Sep 23, 2019 | In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | ||
| CVE-2019-16706 | Hig | 0.57 | 8.8 | 0.01 | Sep 23, 2019 | kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | ||
| CVE-2019-16660 | Hig | 0.57 | 8.8 | 0.01 | Sep 21, 2019 | joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||
| CVE-2019-16659 | Hig | 0.57 | 8.8 | 0.01 | Sep 21, 2019 | TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||
| CVE-2019-16658 | Hig | 0.57 | 8.8 | 0.01 | Sep 21, 2019 | TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||
| CVE-2019-16655 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2019 | joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | ||
| CVE-2019-15138 | — | Hig | 0.42 | 7.5 | 0.02 | Sep 20, 2019 | The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | |
| CVE-2015-9406 | Hig | 0.56 | 7.5 | 0.55 | Sep 20, 2019 | Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | ||
| CVE-2014-10397 | Hig | 0.49 | 7.5 | 0.03 | Sep 20, 2019 | The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. |
- risk 0.49cvss 7.5epss 0.02
A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper…
- risk 0.49cvss 7.5epss 0.01
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and…
- risk 0.49cvss 7.5epss 0.05
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a…
- risk 0.57cvss 8.8epss 0.02
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary…
- risk 0.57cvss 8.8epss 0.03
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section…
- risk 0.60cvss 8.8epss 0.29
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper…
- risk 0.51cvss 7.8epss 0.02
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
- risk 0.42cvss 7.5epss 0.04
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
- risk 0.46cvss 7.1epss 0.01
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in…
- risk 0.55cvss 8.8epss 0.20
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
- risk 0.49cvss 7.5epss 0.01
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- risk 0.42cvss 7.5epss 0.01
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- risk 0.42cvss 7.5epss 0.01
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- risk 0.49cvss 7.5epss 0.01
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
- risk 0.51cvss 7.8epss 0.05
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
- risk 0.00cvss 7.5epss 0.01
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT…
- risk 0.49cvss 7.5epss 0.01
SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow
- risk 0.51cvss 7.8epss 0.01
In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the…
- risk 0.51cvss 7.8epss 0.00
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL.
- risk 0.51cvss 7.8epss 0.00
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the…
- risk 0.51cvss 7.8epss 0.00
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
- risk 0.46cvss 8.1epss 0.02
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
- risk 0.71cvss 7.5epss 0.53
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
- risk 0.49cvss 7.5epss 0.04
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
- risk 0.53cvss 8.1epss 0.02
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space…
- risk 0.51cvss 7.8epss 0.01
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.
- risk 0.51cvss 7.8epss 0.01
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.
- risk 0.51cvss 7.8epss 0.01
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
- risk 0.42cvss 7.5epss 0.02
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
- risk 0.54cvss 7.5epss 0.27
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be…
- risk 0.49cvss 7.5epss 0.01
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.
- risk 0.44cvss 7.8epss 0.02
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for…
- risk 0.42cvss 7.5epss 0.03
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
- risk 0.57cvss 8.8epss 0.01
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.
- risk 0.57cvss 8.8epss 0.01
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
- risk 0.57cvss 8.8epss 0.01
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
- risk 0.57cvss 8.8epss 0.01
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
- risk 0.49cvss 7.5epss 0.01
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
- risk 0.42cvss 7.5epss 0.02
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
- risk 0.56cvss 7.5epss 0.55
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
- risk 0.49cvss 7.5epss 0.03
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.