| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0541 | Hig | 0.76 | 8.8 | 0.53 | KEV | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft… | |
| CVE-2019-0539 | Hig | 0.03 | 7.5 | 0.83 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567,… | ||
| CVE-2019-0538 | Hig | 0.52 | 7.8 | 0.21 | Jan 8, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows… | ||
| CVE-2019-0249 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2019 | Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. | ||
| CVE-2019-0243 | Hig | 0.57 | 8.8 | 0.02 | Jan 8, 2019 | Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||
| CVE-2019-0241 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2019 | SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||
| CVE-2019-0240 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2019 | SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. | ||
| CVE-2018-2499 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2019 | A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | ||
| CVE-2018-2484 | Hig | 0.57 | 8.8 | 0.01 | Jan 8, 2019 | SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting… | ||
| CVE-2019-5488 | Hig | 0.49 | 7.5 | 0.01 | Jan 7, 2019 | EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database. | ||
| CVE-2018-1320 | — | Hig | 0.42 | 7.5 | 0.08 | Jan 7, 2019 | Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production… | |
| CVE-2018-5481 | Hig | 0.48 | 7.4 | 0.01 | Jan 7, 2019 | OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | ||
| CVE-2018-5410 | Hig | 0.54 | 7.8 | 0.02 | Jan 7, 2019 | Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was… | ||
| CVE-2019-5009 | Hig | 0.51 | 7.2 | 0.10 | Jan 4, 2019 | Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a… | ||
| CVE-2019-5007 | Hig | 0.46 | 7.1 | 0.02 | Jan 3, 2019 | An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. | ||
| CVE-2018-19249 | Hig | 0.49 | 7.5 | 0.01 | Jan 3, 2019 | The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the… | ||
| CVE-2019-3575 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. | ||
| CVE-2018-19998 | Hig | 0.50 | 8.8 | 0.02 | Jan 3, 2019 | SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | ||
| CVE-2018-19994 | Hig | 0.50 | 8.8 | 0.02 | Jan 3, 2019 | An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||
| CVE-2018-16882 | Hig | 0.57 | 8.8 | 0.00 | Jan 3, 2019 | A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without… | ||
| CVE-2017-18330 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425,… | ||
| CVE-2017-18329 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415,… | ||
| CVE-2017-18328 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660,… | ||
| CVE-2017-18320 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD… | ||
| CVE-2017-18141 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions… | ||
| CVE-2019-3580 | Hig | 0.49 | 7.5 | 0.02 | Jan 3, 2019 | OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. | ||
| CVE-2018-20131 | Hig | 0.51 | 7.8 | 0.00 | Jan 3, 2019 | The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a… | ||
| CVE-2018-18264 | Hig | 0.06 | 7.5 | 0.70 | Jan 3, 2019 | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | ||
| CVE-2018-20211 | Hig | 0.51 | 7.8 | 0.01 | Jan 2, 2019 | ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010… | ||
| CVE-2018-20166 | Hig | 0.61 | 8.8 | 0.07 | Jan 2, 2019 | A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in… | ||
| CVE-2018-15490 | Hig | 0.46 | 7.1 | 0.01 | Jan 2, 2019 | An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over… | ||
| CVE-2019-3574 | Hig | 0.51 | 7.8 | 0.01 | Jan 2, 2019 | In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. | ||
| CVE-2018-20658 | Hig | 0.52 | 7.5 | 0.08 | Jan 2, 2019 | The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | ||
| CVE-2018-5197 | Hig | 0.51 | 7.8 | 0.01 | Jan 2, 2019 | A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters… | ||
| CVE-2018-20657 | Hig | 0.49 | 7.5 | 0.04 | Jan 2, 2019 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | ||
| CVE-2018-17188 | Hig | 0.47 | 7.2 | 0.03 | Jan 2, 2019 | Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other… | ||
| CVE-2019-3500 | Hig | 0.51 | 7.8 | 0.00 | Jan 2, 2019 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | ||
| CVE-2019-3494 | Hig | 0.49 | 7.5 | 0.01 | Jan 1, 2019 | Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter. | ||
| CVE-2018-6347 | Hig | 0.00 | 7.5 | 0.01 | Dec 31, 2018 | An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00. | ||
| CVE-2018-6346 | Hig | 0.00 | 7.5 | 0.01 | Dec 31, 2018 | A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00. | ||
| CVE-2018-6344 | Hig | 0.49 | 7.5 | 0.02 | Dec 31, 2018 | A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for… | ||
| CVE-2018-6343 | Hig | 0.00 | 7.5 | 0.01 | Dec 31, 2018 | Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from… | ||
| CVE-2018-6340 | Hig | 0.00 | 8.1 | 0.01 | Dec 31, 2018 | The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | ||
| CVE-2018-6337 | Hig | 0.00 | 7.5 | 0.02 | Dec 31, 2018 | folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and… | ||
| CVE-2018-6336 | Hig | 0.51 | 7.8 | 0.00 | Dec 31, 2018 | An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the… | ||
| CVE-2018-6335 | Hig | 0.00 | 7.5 | 0.01 | Dec 31, 2018 | A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. | ||
| CVE-2018-18601 | Hig | 0.53 | 8.1 | 0.01 | Dec 31, 2018 | The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. | ||
| CVE-2018-18600 | Hig | 0.53 | 8.1 | 0.02 | Dec 31, 2018 | The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | ||
| CVE-2018-20618 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2018 | ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. | ||
| CVE-2018-20617 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2018 | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. |
- risk 0.76cvss 8.8epss 0.53
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft…
- risk 0.03cvss 7.5epss 0.83
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567,…
- risk 0.52cvss 7.8epss 0.21
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…
- risk 0.49cvss 7.5epss 0.02
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
- risk 0.57cvss 8.8epss 0.02
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
- risk 0.49cvss 7.5epss 0.02
SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
- risk 0.49cvss 7.5epss 0.02
SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.
- risk 0.49cvss 7.5epss 0.02
A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.
- risk 0.57cvss 8.8epss 0.01
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting…
- risk 0.49cvss 7.5epss 0.01
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.
- risk 0.42cvss 7.5epss 0.08
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production…
- risk 0.48cvss 7.4epss 0.01
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.
- risk 0.54cvss 7.8epss 0.02
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was…
- risk 0.51cvss 7.2epss 0.10
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a…
- risk 0.46cvss 7.1epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.
- risk 0.49cvss 7.5epss 0.01
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the…
- risk 0.51cvss 7.8epss 0.00
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
- risk 0.50cvss 8.8epss 0.02
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
- risk 0.50cvss 8.8epss 0.02
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
- risk 0.57cvss 8.8epss 0.00
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without…
- risk 0.51cvss 7.8epss 0.00
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425,…
- risk 0.51cvss 7.8epss 0.00
Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415,…
- risk 0.51cvss 7.8epss 0.00
Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660,…
- risk 0.51cvss 7.8epss 0.00
QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD…
- risk 0.51cvss 7.8epss 0.00
When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions…
- risk 0.49cvss 7.5epss 0.02
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
- risk 0.51cvss 7.8epss 0.00
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a…
- risk 0.06cvss 7.5epss 0.70
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
- risk 0.51cvss 7.8epss 0.01
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010…
- risk 0.61cvss 8.8epss 0.07
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in…
- risk 0.46cvss 7.1epss 0.01
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over…
- risk 0.51cvss 7.8epss 0.01
In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
- risk 0.52cvss 7.5epss 0.08
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
- risk 0.51cvss 7.8epss 0.01
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters…
- risk 0.49cvss 7.5epss 0.04
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
- risk 0.47cvss 7.2epss 0.03
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other…
- risk 0.51cvss 7.8epss 0.00
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
- risk 0.49cvss 7.5epss 0.01
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.
- risk 0.00cvss 7.5epss 0.01
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.
- risk 0.00cvss 7.5epss 0.01
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
- risk 0.49cvss 7.5epss 0.02
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for…
- risk 0.00cvss 7.5epss 0.01
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from…
- risk 0.00cvss 8.1epss 0.01
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
- risk 0.00cvss 7.5epss 0.02
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the…
- risk 0.00cvss 7.5epss 0.01
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
- risk 0.53cvss 8.1epss 0.01
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
- risk 0.53cvss 8.1epss 0.02
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
- risk 0.57cvss 8.8epss 0.01
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.
- risk 0.57cvss 8.8epss 0.01
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.