| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12179 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2019 | Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | ||
| CVE-2017-7655 | Hig | 0.49 | 7.5 | 0.02 | Mar 27, 2019 | In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | ||
| CVE-2019-10237 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2019 | S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | ||
| CVE-2019-1000031 | Hig | 0.49 | 7.5 | 0.04 | Mar 27, 2019 | A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in. | ||
| CVE-2018-19016 | Hig | 0.49 | 7.5 | 0.03 | Mar 27, 2019 | Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to… | ||
| CVE-2018-18994 | Hig | 0.46 | 7.1 | 0.01 | Mar 27, 2019 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. | ||
| CVE-2018-12551 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2019 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs,… | ||
| CVE-2018-12550 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2019 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour… | ||
| CVE-2019-10233 | Hig | 0.00 | 8.1 | 0.01 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. | ||
| CVE-2017-2748 | Hig | 0.49 | 7.5 | 0.02 | Mar 27, 2019 | A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. | ||
| CVE-2017-18364 | Hig | 0.48 | 7.4 | 0.01 | Mar 27, 2019 | phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. | ||
| CVE-2019-6536 | Hig | 0.51 | 7.8 | 0.01 | Mar 27, 2019 | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | ||
| CVE-2018-5927 | Hig | 0.47 | 7.3 | 0.00 | Mar 27, 2019 | HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. | ||
| CVE-2019-9860 | Hig | 0.49 | 7.5 | 0.01 | Mar 27, 2019 | Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the… | ||
| CVE-2019-5927 | Hig | 0.49 | 7.5 | 0.03 | Mar 27, 2019 | Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2019-5419 | — | Hig | 0.42 | 7.5 | 0.09 | Mar 27, 2019 | There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | |
| CVE-2019-5418 | — | Hig | 0.65 | 7.5 | 0.99 | KEV | Mar 27, 2019 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. |
| CVE-2019-3821 | Hig | 0.00 | 7.5 | 0.03 | Mar 27, 2019 | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of… | ||
| CVE-2019-3817 | Hig | 0.00 | 7.5 | 0.02 | Mar 27, 2019 | A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. | ||
| CVE-2019-3814 | Hig | 0.50 | 7.7 | 0.02 | Mar 27, 2019 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | ||
| CVE-2019-7167 | Hig | 0.49 | 7.5 | 0.02 | Mar 27, 2019 | Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover… | ||
| CVE-2019-1572 | Hig | 0.49 | 7.5 | 0.02 | Mar 26, 2019 | PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. | ||
| CVE-2019-9744 | Hig | 0.57 | 8.8 | 0.02 | Mar 26, 2019 | An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is… | ||
| CVE-2019-9743 | Hig | 0.57 | 8.8 | 0.03 | Mar 26, 2019 | An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. | ||
| CVE-2019-8988 | Hig | 0.53 | 8.1 | 0.02 | Mar 26, 2019 | The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may… | ||
| CVE-2019-3878 | Hig | 0.00 | 8.1 | 0.03 | Mar 26, 2019 | A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start… | ||
| CVE-2019-3849 | Hig | 0.50 | 8.8 | 0.01 | Mar 26, 2019 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | ||
| CVE-2019-3830 | Hig | 0.44 | 7.8 | 0.00 | Mar 26, 2019 | A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | ||
| CVE-2019-3804 | Hig | 0.00 | 7.5 | 0.05 | Mar 26, 2019 | It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to… | ||
| CVE-2019-3606 | Hig | 0.50 | 7.7 | 0.00 | Mar 26, 2019 | Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI… | ||
| CVE-2013-2805 | Hig | 0.49 | 7.5 | 0.04 | Mar 26, 2019 | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data… | ||
| CVE-2019-9061 | Hig | 0.57 | 8.8 | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | ||
| CVE-2019-9059 | Hig | 0.47 | 7.2 | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password"… | ||
| CVE-2019-9058 | Hig | 0.47 | 7.2 | 0.01 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. | ||
| CVE-2019-9057 | Hig | 0.57 | 8.8 | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | ||
| CVE-2019-9055 | Hig | 0.61 | 8.8 | 0.13 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the… | ||
| CVE-2019-9053 | Hig | 0.60 | 8.1 | 0.56 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | ||
| CVE-2013-2807 | Hig | 0.49 | 7.5 | 0.04 | Mar 26, 2019 | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size”… | ||
| CVE-2013-2806 | Hig | 0.49 | 7.5 | 0.04 | Mar 26, 2019 | Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record”… | ||
| CVE-2018-19856 | Hig | 0.49 | 7.5 | 0.02 | Mar 26, 2019 | GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | ||
| CVE-2019-9764 | Hig | 0.41 | 7.4 | 0.01 | Mar 26, 2019 | HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. | ||
| CVE-2019-7715 | Hig | 0.49 | 7.5 | 0.01 | Mar 26, 2019 | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar… | ||
| CVE-2019-7712 | Hig | 0.49 | 7.5 | 0.01 | Mar 26, 2019 | An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus… | ||
| CVE-2019-7711 | Hig | 0.49 | 7.5 | 0.01 | Mar 26, 2019 | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of… | ||
| CVE-2019-10060 | Hig | 0.53 | 8.1 | 0.02 | Mar 26, 2019 | The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this… | ||
| CVE-2019-7642 | Hig | 0.49 | 7.5 | 0.03 | Mar 25, 2019 | D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04),… | ||
| CVE-2019-0204 | — | Hig | 0.51 | 7.8 | 0.03 | Mar 25, 2019 | A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can… | |
| CVE-2019-10044 | Hig | 0.57 | 8.8 | 0.03 | Mar 25, 2019 | Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and… | ||
| CVE-2019-7613 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2019 | Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event. | ||
| CVE-2019-7611 | Hig | 0.46 | 8.1 | 0.02 | Mar 25, 2019 | A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to… |
- risk 0.51cvss 7.8epss 0.00
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
- risk 0.49cvss 7.5epss 0.02
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
- risk 0.57cvss 8.8epss 0.01
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
- risk 0.49cvss 7.5epss 0.04
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.
- risk 0.49cvss 7.5epss 0.03
Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to…
- risk 0.46cvss 7.1epss 0.01
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration.
- risk 0.53cvss 8.1epss 0.01
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs,…
- risk 0.53cvss 8.1epss 0.01
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour…
- risk 0.00cvss 8.1epss 0.01
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
- risk 0.49cvss 7.5epss 0.02
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
- risk 0.48cvss 7.4epss 0.01
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
- risk 0.51cvss 7.8epss 0.01
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
- risk 0.47cvss 7.3epss 0.00
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
- risk 0.49cvss 7.5epss 0.01
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the…
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.42cvss 7.5epss 0.09
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
- risk 0.65cvss 7.5epss 0.99
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
- risk 0.00cvss 7.5epss 0.03
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of…
- risk 0.00cvss 7.5epss 0.02
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
- risk 0.50cvss 7.7epss 0.02
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
- risk 0.49cvss 7.5epss 0.02
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover…
- risk 0.49cvss 7.5epss 0.02
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
- risk 0.53cvss 8.1epss 0.02
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may…
- risk 0.00cvss 8.1epss 0.03
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start…
- risk 0.50cvss 8.8epss 0.01
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
- risk 0.44cvss 7.8epss 0.00
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
- risk 0.00cvss 7.5epss 0.05
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to…
- risk 0.50cvss 7.7epss 0.00
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI…
- risk 0.49cvss 7.5epss 0.04
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password"…
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
- risk 0.61cvss 8.8epss 0.13
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the…
- risk 0.60cvss 8.1epss 0.56
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
- risk 0.49cvss 7.5epss 0.04
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size”…
- risk 0.49cvss 7.5epss 0.04
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record”…
- risk 0.49cvss 7.5epss 0.02
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
- risk 0.41cvss 7.4epss 0.01
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of…
- risk 0.53cvss 8.1epss 0.02
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this…
- risk 0.49cvss 7.5epss 0.03
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04),…
- risk 0.51cvss 7.8epss 0.03
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can…
- risk 0.57cvss 8.8epss 0.03
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and…
- risk 0.49cvss 7.5epss 0.01
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
- risk 0.46cvss 8.1epss 0.02
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to…