| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14696 | Hig | 0.49 | 7.5 | 0.01 | Dec 3, 2018 | Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. | ||
| CVE-2018-14695 | Hig | 0.49 | 7.5 | 0.01 | Dec 3, 2018 | Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. | ||
| CVE-2018-6439 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2018 | A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | ||
| CVE-2018-19827 | Hig | 0.57 | 8.8 | 0.02 | Dec 3, 2018 | In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-19824 | Hig | 0.00 | 7.8 | 0.01 | Dec 3, 2018 | In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | ||
| CVE-2018-16863 | Hig | 0.48 | 7.3 | 0.01 | Dec 3, 2018 | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects… | ||
| CVE-2018-1002000 | Hig | 0.50 | 7.2 | 0.04 | Dec 3, 2018 | There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. | ||
| CVE-2018-7116 | Hig | 0.50 | 7.5 | 0.10 | Dec 3, 2018 | HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | ||
| CVE-2018-16855 | Hig | 0.54 | 7.5 | 0.59 | Dec 3, 2018 | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | ||
| CVE-2018-19793 | Hig | 0.47 | 7.2 | 0.02 | Dec 3, 2018 | jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data. | ||
| CVE-2018-19788 | Hig | 0.58 | 8.8 | 0.11 | Dec 3, 2018 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | ||
| CVE-2018-4040 | Hig | 0.51 | 7.8 | 0.01 | Dec 1, 2018 | An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker… | ||
| CVE-2018-4039 | Hig | 0.51 | 7.8 | 0.01 | Dec 1, 2018 | An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a… | ||
| CVE-2018-4038 | Hig | 0.51 | 7.8 | 0.01 | Dec 1, 2018 | An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a… | ||
| CVE-2018-3951 | Hig | 0.47 | 7.2 | 0.04 | Dec 1, 2018 | An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an… | ||
| CVE-2018-3950 | Hig | 0.57 | 8.8 | 0.03 | Dec 1, 2018 | An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can… | ||
| CVE-2018-3949 | Hig | 0.53 | 7.5 | 0.53 | Dec 1, 2018 | An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated… | ||
| CVE-2018-19784 | — | Hig | 0.49 | 7.5 | 0.01 | Dec 1, 2018 | The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion. | |
| CVE-2018-15716 | Hig | 0.62 | 8.8 | 0.18 | Nov 30, 2018 | NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. | ||
| CVE-2018-7831 | Hig | 0.57 | 8.8 | 0.01 | Nov 30, 2018 | An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web… | ||
| CVE-2018-7830 | Hig | 0.49 | 7.5 | 0.02 | Nov 30, 2018 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP… | ||
| CVE-2018-7807 | Hig | 0.57 | 8.8 | 0.01 | Nov 30, 2018 | Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As… | ||
| CVE-2018-7806 | Hig | 0.57 | 8.8 | 0.01 | Nov 30, 2018 | Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for… | ||
| CVE-2018-16476 | — | Hig | 0.42 | 7.5 | 0.03 | Nov 30, 2018 | A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions… | |
| CVE-2018-18987 | — | Hig | 0.57 | 8.8 | 0.03 | Nov 30, 2018 | VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote… | |
| CVE-2018-18983 | — | Hig | 0.57 | 8.8 | 0.03 | Nov 30, 2018 | VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. | |
| CVE-2018-18860 | Hig | 0.54 | 7.8 | 0.01 | Nov 30, 2018 | A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. | ||
| CVE-2018-15835 | Hig | 0.49 | 7.5 | 0.02 | Nov 30, 2018 | Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | ||
| CVE-2018-3948 | Hig | 0.51 | 7.5 | 0.23 | Nov 30, 2018 | An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either… | ||
| CVE-2018-15767 | Hig | 0.61 | 8.8 | 0.12 | Nov 30, 2018 | The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. | ||
| CVE-2018-1897 | Hig | 0.55 | 8.4 | 0.01 | Nov 30, 2018 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462. | ||
| CVE-2018-19762 | Hig | 0.51 | 7.8 | 0.01 | Nov 30, 2018 | There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. | ||
| CVE-2018-19760 | Hig | 0.57 | 8.8 | 0.01 | Nov 30, 2018 | cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. | ||
| CVE-2018-19748 | Hig | 0.49 | 7.5 | 0.02 | Nov 29, 2018 | app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is… | ||
| CVE-2018-19120 | Hig | 0.49 | 7.5 | 0.01 | Nov 29, 2018 | The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | ||
| CVE-2018-15537 | Hig | 0.58 | 8.8 | 0.05 | Nov 29, 2018 | Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | ||
| CVE-2018-15980 | Hig | 0.49 | 7.5 | 0.08 | Nov 29, 2018 | Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-15979 | Hig | 0.50 | 7.5 | 0.10 | Nov 29, 2018 | Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-15978 | Hig | 0.49 | 7.5 | 0.07 | Nov 29, 2018 | Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-8789 | Hig | 0.00 | 7.5 | 0.05 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | ||
| CVE-2018-12245 | Hig | 0.51 | 7.8 | 0.01 | Nov 29, 2018 | Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of… | ||
| CVE-2018-12238 | Hig | 0.51 | 7.8 | 0.00 | Nov 29, 2018 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be… | ||
| CVE-2018-19666 | Hig | 0.51 | 7.8 | 0.01 | Nov 29, 2018 | The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | ||
| CVE-2018-19662 | Hig | 0.53 | 8.1 | 0.02 | Nov 29, 2018 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. | ||
| CVE-2018-19655 | Hig | 0.57 | 8.8 | 0.03 | Nov 29, 2018 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | ||
| CVE-2018-19654 | Hig | 0.49 | 7.5 | 0.01 | Nov 29, 2018 | An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new… | ||
| CVE-2018-19628 | Hig | 0.49 | 7.5 | 0.03 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. | ||
| CVE-2018-19627 | Hig | 0.53 | 7.5 | 0.18 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | ||
| CVE-2018-19623 | Hig | 0.49 | 7.5 | 0.04 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain… | ||
| CVE-2018-19622 | Hig | 0.49 | 7.5 | 0.03 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. |
- risk 0.49cvss 7.5epss 0.01
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
- risk 0.49cvss 7.5epss 0.01
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.
- risk 0.51cvss 7.8epss 0.00
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
- risk 0.57cvss 8.8epss 0.02
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.00cvss 7.8epss 0.01
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
- risk 0.48cvss 7.3epss 0.01
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects…
- risk 0.50cvss 7.2epss 0.04
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
- risk 0.50cvss 7.5epss 0.10
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
- risk 0.54cvss 7.5epss 0.59
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
- risk 0.47cvss 7.2epss 0.02
jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
- risk 0.58cvss 8.8epss 0.11
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- risk 0.51cvss 7.8epss 0.01
An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker…
- risk 0.51cvss 7.8epss 0.01
An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a…
- risk 0.51cvss 7.8epss 0.01
An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a…
- risk 0.47cvss 7.2epss 0.04
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an…
- risk 0.57cvss 8.8epss 0.03
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can…
- risk 0.53cvss 7.5epss 0.53
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated…
- risk 0.49cvss 7.5epss 0.01
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
- risk 0.62cvss 8.8epss 0.18
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
- risk 0.57cvss 8.8epss 0.01
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web…
- risk 0.49cvss 7.5epss 0.02
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP…
- risk 0.57cvss 8.8epss 0.01
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As…
- risk 0.57cvss 8.8epss 0.01
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for…
- risk 0.42cvss 7.5epss 0.03
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions…
- risk 0.57cvss 8.8epss 0.03
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote…
- risk 0.57cvss 8.8epss 0.03
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.
- risk 0.54cvss 7.8epss 0.01
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
- risk 0.49cvss 7.5epss 0.02
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
- risk 0.51cvss 7.5epss 0.23
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either…
- risk 0.61cvss 8.8epss 0.12
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
- risk 0.55cvss 8.4epss 0.01
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.
- risk 0.51cvss 7.8epss 0.01
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
- risk 0.57cvss 8.8epss 0.01
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
- risk 0.49cvss 7.5epss 0.02
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is…
- risk 0.49cvss 7.5epss 0.01
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
- risk 0.58cvss 8.8epss 0.05
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
- risk 0.49cvss 7.5epss 0.08
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.50cvss 7.5epss 0.10
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.07
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.00cvss 7.5epss 0.05
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
- risk 0.51cvss 7.8epss 0.01
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of…
- risk 0.51cvss 7.8epss 0.00
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be…
- risk 0.51cvss 7.8epss 0.01
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
- risk 0.53cvss 8.1epss 0.02
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
- risk 0.57cvss 8.8epss 0.03
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new…
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
- risk 0.53cvss 7.5epss 0.18
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
- risk 0.49cvss 7.5epss 0.04
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain…
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.