| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7350 | Hig | 0.48 | 7.3 | 0.01 | Feb 4, 2019 | Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully… | ||
| CVE-2019-7347 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2019 | A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). | ||
| CVE-2019-7346 | Hig | 0.57 | 8.8 | 0.01 | Feb 4, 2019 | A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | ||
| CVE-2018-20751 | Hig | 0.57 | 8.8 | 0.02 | Feb 4, 2019 | An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this… | ||
| CVE-2019-3813 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2019 | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. | ||
| CVE-2019-3461 | Hig | 0.46 | 7.0 | 0.00 | Feb 4, 2019 | Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the… | ||
| CVE-2019-7323 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2019 | GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could… | ||
| CVE-2019-7310 | Hig | 0.51 | 7.8 | 0.02 | Feb 3, 2019 | In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as… | ||
| CVE-2018-16493 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 1, 2019 | A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. | |
| CVE-2018-16490 | — | Hig | 0.49 | 7.5 | 0.01 | Feb 1, 2019 | A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |
| CVE-2018-16483 | — | Hig | 0.57 | 8.8 | 0.01 | Feb 1, 2019 | A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | |
| CVE-2018-16482 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 1, 2019 | A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. | |
| CVE-2018-16479 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 1, 2019 | Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. | |
| CVE-2018-0722 | Hig | 0.49 | 7.5 | 0.02 | Feb 1, 2019 | Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | ||
| CVE-2018-18988 | Hig | 0.57 | 8.8 | 0.03 | Feb 1, 2019 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. | ||
| CVE-2019-7301 | Hig | 0.47 | 7.2 | 0.03 | Feb 1, 2019 | Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. | ||
| CVE-2019-7300 | Hig | 0.47 | 7.2 | 0.03 | Feb 1, 2019 | Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | ||
| CVE-2017-18361 | Hig | 0.42 | 7.5 | 0.02 | Feb 1, 2019 | In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. | ||
| CVE-2019-7298 | Hig | 0.53 | 8.1 | 0.10 | Feb 1, 2019 | An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with… | ||
| CVE-2018-6241 | Hig | 0.51 | 7.8 | 0.00 | Jan 31, 2019 | NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High… | ||
| CVE-2018-15517 | Hig | 0.59 | 8.6 | 0.44 | Jan 31, 2019 | The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/… | ||
| CVE-2018-15515 | Hig | 0.51 | 7.8 | 0.02 | Jan 31, 2019 | The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | ||
| CVE-2019-7283 | Hig | 0.48 | 7.4 | 0.02 | Jan 31, 2019 | An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle… | ||
| CVE-2018-11790 | Hig | 0.51 | 7.8 | 0.01 | Jan 31, 2019 | When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. | ||
| CVE-2019-7216 | Hig | 0.51 | 7.8 | 0.02 | Jan 31, 2019 | An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. | ||
| CVE-2019-0190 | Hig | 0.54 | 7.5 | 0.60 | Jan 30, 2019 | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using… | ||
| CVE-2018-3956 | Hig | 0.50 | 7.1 | 0.50 | Jan 30, 2019 | An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in… | ||
| CVE-2018-17199 | Hig | 0.50 | 7.5 | 0.20 | Jan 30, 2019 | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. | ||
| CVE-2019-7237 | Hig | 0.49 | 7.5 | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | ||
| CVE-2019-7236 | Hig | 0.49 | 7.5 | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | ||
| CVE-2019-7235 | Hig | 0.49 | 7.5 | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | ||
| CVE-2019-7233 | Hig | 0.57 | 8.8 | 0.01 | Jan 30, 2019 | In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. | ||
| CVE-2018-19027 | Hig | 0.51 | 7.8 | 0.01 | Jan 30, 2019 | Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||
| CVE-2018-19858 | Hig | 0.56 | 8.6 | 0.03 | Jan 30, 2019 | PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access… | ||
| CVE-2019-3806 | Hig | 0.53 | 8.1 | 0.01 | Jan 29, 2019 | An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. | ||
| CVE-2018-16880 | Hig | 0.46 | 7.0 | 0.01 | Jan 29, 2019 | A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic.… | ||
| CVE-2018-19723 | Hig | 0.49 | 7.5 | 0.04 | Jan 28, 2019 | Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721. | ||
| CVE-2019-3462 | Hig | 0.54 | 8.1 | 0.15 | Jan 28, 2019 | Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. | ||
| CVE-2018-19012 | Hig | 0.51 | 7.8 | 0.00 | Jan 28, 2019 | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk… | ||
| CVE-2018-19015 | Hig | 0.48 | 7.3 | 0.01 | Jan 28, 2019 | An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | ||
| CVE-2019-3593 | Hig | 0.49 | 7.5 | 0.00 | Jan 28, 2019 | Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via… | ||
| CVE-2019-6986 | Hig | 0.42 | 7.5 | 0.03 | Jan 28, 2019 | SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | ||
| CVE-2019-6985 | Hig | 0.57 | 8.8 | 0.01 | Jan 28, 2019 | An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due… | ||
| CVE-2019-6977 | Hig | 0.58 | 8.8 | 0.65 | Jan 27, 2019 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an… | ||
| CVE-2018-19023 | Hig | 0.57 | 8.8 | 0.01 | Jan 25, 2019 | Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | ||
| CVE-2018-19009 | Hig | 0.51 | 7.8 | 0.00 | Jan 25, 2019 | Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI… | ||
| CVE-2018-16881 | Hig | 0.49 | 7.5 | 0.02 | Jan 25, 2019 | A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. | ||
| CVE-2019-6956 | Hig | 0.39 | 7.1 | 0.01 | Jan 25, 2019 | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. | ||
| CVE-2018-20743 | Hig | 0.00 | 7.5 | 0.04 | Jan 25, 2019 | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | ||
| CVE-2017-18359 | Hig | 0.49 | 7.5 | 0.03 | Jan 25, 2019 | PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. |
- risk 0.48cvss 7.3epss 0.01
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully…
- risk 0.49cvss 7.5epss 0.01
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).
- risk 0.57cvss 8.8epss 0.01
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this…
- risk 0.49cvss 7.5epss 0.01
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
- risk 0.46cvss 7.0epss 0.00
Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the…
- risk 0.49cvss 7.5epss 0.01
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could…
- risk 0.51cvss 7.8epss 0.02
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as…
- risk 0.49cvss 7.5epss 0.02
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
- risk 0.49cvss 7.5epss 0.01
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
- risk 0.57cvss 8.8epss 0.01
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
- risk 0.49cvss 7.5epss 0.02
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.
- risk 0.49cvss 7.5epss 0.02
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
- risk 0.49cvss 7.5epss 0.02
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
- risk 0.57cvss 8.8epss 0.03
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
- risk 0.47cvss 7.2epss 0.03
Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.
- risk 0.47cvss 7.2epss 0.03
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.
- risk 0.42cvss 7.5epss 0.02
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.
- risk 0.53cvss 8.1epss 0.10
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High…
- risk 0.59cvss 8.6epss 0.44
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/…
- risk 0.51cvss 7.8epss 0.02
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
- risk 0.48cvss 7.4epss 0.02
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle…
- risk 0.51cvss 7.8epss 0.01
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.
- risk 0.54cvss 7.5epss 0.60
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using…
- risk 0.50cvss 7.1epss 0.50
An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in…
- risk 0.50cvss 7.5epss 0.20
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.
- risk 0.57cvss 8.8epss 0.01
In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.
- risk 0.51cvss 7.8epss 0.01
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- risk 0.56cvss 8.6epss 0.03
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access…
- risk 0.53cvss 8.1epss 0.01
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
- risk 0.46cvss 7.0epss 0.01
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic.…
- risk 0.49cvss 7.5epss 0.04
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.
- risk 0.54cvss 8.1epss 0.15
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
- risk 0.51cvss 7.8epss 0.00
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk…
- risk 0.48cvss 7.3epss 0.01
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.
- risk 0.49cvss 7.5epss 0.00
Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via…
- risk 0.42cvss 7.5epss 0.03
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due…
- risk 0.58cvss 8.8epss 0.65
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an…
- risk 0.57cvss 8.8epss 0.01
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
- risk 0.51cvss 7.8epss 0.00
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI…
- risk 0.49cvss 7.5epss 0.02
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
- risk 0.39cvss 7.1epss 0.01
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
- risk 0.00cvss 7.5epss 0.04
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
- risk 0.49cvss 7.5epss 0.03
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.