| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1771 | Hig | 0.55 | 8.4 | 0.00 | Dec 20, 2018 | IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687. | ||
| CVE-2018-8653 | Hig | 0.63 | 7.5 | 0.30 | KEV | Dec 20, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is… | |
| CVE-2018-20303 | — | Hig | 0.42 | 7.5 | 0.03 | Dec 20, 2018 | In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | |
| CVE-2018-15801 | Hig | 0.41 | 7.4 | 0.01 | Dec 19, 2018 | Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could… | ||
| CVE-2018-15798 | — | Hig | 0.42 | 7.6 | 0.01 | Dec 19, 2018 | Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access… | |
| CVE-2018-18999 | Hig | 0.48 | 7.3 | 0.02 | Dec 19, 2018 | WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. | ||
| CVE-2018-6307 | Hig | 0.48 | 8.1 | 0.27 | Dec 19, 2018 | LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | ||
| CVE-2018-20024 | Hig | 0.49 | 7.5 | 0.03 | Dec 19, 2018 | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | ||
| CVE-2018-20023 | Hig | 0.49 | 7.5 | 0.03 | Dec 19, 2018 | LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used… | ||
| CVE-2018-20022 | Hig | 0.49 | 7.5 | 0.03 | Dec 19, 2018 | LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it… | ||
| CVE-2018-20021 | Hig | 0.49 | 7.5 | 0.04 | Dec 19, 2018 | LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM | ||
| CVE-2018-17195 | Hig | 0.42 | 7.5 | 0.01 | Dec 19, 2018 | The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication,… | ||
| CVE-2018-17194 | Hig | 0.42 | 7.5 | 0.03 | Dec 19, 2018 | When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait… | ||
| CVE-2018-20231 | Hig | 0.57 | 8.8 | 0.01 | Dec 19, 2018 | Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | ||
| CVE-2018-20230 | Hig | 0.51 | 7.8 | 0.01 | Dec 19, 2018 | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-20228 | Hig | 0.52 | 8.0 | 0.00 | Dec 19, 2018 | Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | ||
| CVE-2018-20227 | — | Hig | 0.42 | 7.5 | 0.02 | Dec 19, 2018 | RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. | |
| CVE-2018-16884 | Hig | 0.52 | 8.0 | 0.01 | Dec 18, 2018 | A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel… | ||
| CVE-2018-20213 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2018 | wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product. | ||
| CVE-2017-15031 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2018 | In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | ||
| CVE-2018-4015 | Hig | 0.53 | 8.1 | 0.01 | Dec 18, 2018 | An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote… | ||
| CVE-2018-20201 | Hig | 0.51 | 7.8 | 0.01 | Dec 18, 2018 | There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file. | ||
| CVE-2018-20197 | Hig | 0.51 | 7.8 | 0.01 | Dec 18, 2018 | There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the… | ||
| CVE-2018-20196 | Hig | 0.51 | 7.8 | 0.01 | Dec 18, 2018 | There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is… | ||
| CVE-2018-20194 | Hig | 0.51 | 7.8 | 0.01 | Dec 18, 2018 | There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the… | ||
| CVE-2018-7833 | Hig | 0.49 | 7.5 | 0.01 | Dec 17, 2018 | An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to… | ||
| CVE-2018-7812 | Hig | 0.49 | 7.5 | 0.04 | Dec 17, 2018 | An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the… | ||
| CVE-2018-20188 | Hig | 0.57 | 8.8 | 0.01 | Dec 17, 2018 | FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | ||
| CVE-2018-20092 | Hig | 0.49 | 7.5 | 0.02 | Dec 17, 2018 | PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. | ||
| CVE-2018-16596 | Hig | 0.49 | 7.5 | 0.01 | Dec 17, 2018 | A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability.… | ||
| CVE-2018-19295 | — | Hig | 0.44 | 7.8 | 0.00 | Dec 17, 2018 | Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. | |
| CVE-2018-18250 | Hig | 0.49 | 7.5 | 0.01 | Dec 17, 2018 | Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. | ||
| CVE-2017-18355 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 17, 2018 | Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files. | |
| CVE-2017-18354 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 17, 2018 | Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | |
| CVE-2017-18353 | — | Hig | 0.42 | 7.5 | 0.01 | Dec 17, 2018 | Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application. | |
| CVE-2018-20167 | Hig | 0.51 | 7.8 | 0.03 | Dec 17, 2018 | Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop… | ||
| CVE-2018-20159 | Hig | 0.51 | 7.2 | 0.10 | Dec 15, 2018 | i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file… | ||
| CVE-2018-20157 | Hig | 0.49 | 7.5 | 0.02 | Dec 15, 2018 | The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | ||
| CVE-2018-20156 | Hig | 0.47 | 7.2 | 0.02 | Dec 14, 2018 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. | ||
| CVE-2018-20151 | Hig | 0.42 | 7.5 | 0.07 | Dec 14, 2018 | In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by… | ||
| CVE-2018-19003 | Hig | 0.49 | 7.5 | 0.03 | Dec 14, 2018 | GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal… | ||
| CVE-2018-16874 | Hig | 0.53 | 8.1 | 0.05 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but… | ||
| CVE-2018-16873 | Hig | 0.58 | 8.1 | 0.66 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in… | ||
| CVE-2018-3704 | Hig | 0.51 | 7.8 | 0.00 | Dec 14, 2018 | Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. | ||
| CVE-2018-18097 | Hig | 0.51 | 7.8 | 0.00 | Dec 14, 2018 | Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2018-18093 | Hig | 0.51 | 7.8 | 0.00 | Dec 14, 2018 | Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | ||
| CVE-2018-20145 | Hig | 0.00 | 7.5 | 0.02 | Dec 13, 2018 | Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | ||
| CVE-2018-19118 | Hig | 0.49 | 7.5 | 0.07 | Dec 13, 2018 | Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | ||
| CVE-2018-1821 | Hig | 0.50 | 7.1 | 0.16 | Dec 13, 2018 | IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:… | ||
| CVE-2018-16557 | Hig | 0.53 | 8.2 | 0.01 | Dec 13, 2018 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions… |
- risk 0.55cvss 8.4epss 0.00
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.
- risk 0.63cvss 7.5epss 0.30
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…
- risk 0.42cvss 7.5epss 0.03
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
- risk 0.41cvss 7.4epss 0.01
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could…
- risk 0.42cvss 7.6epss 0.01
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access…
- risk 0.48cvss 7.3epss 0.02
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
- risk 0.48cvss 8.1epss 0.27
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
- risk 0.49cvss 7.5epss 0.03
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
- risk 0.49cvss 7.5epss 0.03
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used…
- risk 0.49cvss 7.5epss 0.03
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it…
- risk 0.49cvss 7.5epss 0.04
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
- risk 0.42cvss 7.5epss 0.01
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication,…
- risk 0.42cvss 7.5epss 0.03
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait…
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.52cvss 8.0epss 0.00
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
- risk 0.42cvss 7.5epss 0.02
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
- risk 0.52cvss 8.0epss 0.01
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel…
- risk 0.49cvss 7.5epss 0.01
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product.
- risk 0.49cvss 7.5epss 0.02
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
- risk 0.53cvss 8.1epss 0.01
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote…
- risk 0.51cvss 7.8epss 0.01
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
- risk 0.51cvss 7.8epss 0.01
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the…
- risk 0.51cvss 7.8epss 0.01
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is…
- risk 0.51cvss 7.8epss 0.01
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the…
- risk 0.49cvss 7.5epss 0.01
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to…
- risk 0.49cvss 7.5epss 0.04
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the…
- risk 0.57cvss 8.8epss 0.01
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
- risk 0.49cvss 7.5epss 0.02
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.
- risk 0.49cvss 7.5epss 0.01
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability.…
- risk 0.44cvss 7.8epss 0.00
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
- risk 0.49cvss 7.5epss 0.01
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.
- risk 0.42cvss 7.5epss 0.01
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.
- risk 0.42cvss 7.5epss 0.01
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.
- risk 0.42cvss 7.5epss 0.01
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.
- risk 0.51cvss 7.8epss 0.03
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop…
- risk 0.51cvss 7.2epss 0.10
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file…
- risk 0.49cvss 7.5epss 0.02
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
- risk 0.47cvss 7.2epss 0.02
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
- risk 0.42cvss 7.5epss 0.07
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by…
- risk 0.49cvss 7.5epss 0.03
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal…
- risk 0.53cvss 8.1epss 0.05
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but…
- risk 0.58cvss 8.1epss 0.66
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in…
- risk 0.51cvss 7.8epss 0.00
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
- risk 0.00cvss 7.5epss 0.02
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
- risk 0.49cvss 7.5epss 0.07
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
- risk 0.50cvss 7.1epss 0.16
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…
- risk 0.53cvss 8.2epss 0.01
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions…