| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11936 | Cri | 0.00 | 9.8 | 0.01 | Dec 4, 2019 | Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0,… | ||
| CVE-2019-11935 | Cri | 0.00 | 9.8 | 0.01 | Dec 4, 2019 | Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0,… | ||
| CVE-2019-11934 | Cri | 0.00 | 9.8 | 0.02 | Dec 4, 2019 | Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00. | ||
| CVE-2019-11930 | Cri | 0.00 | 9.8 | 0.03 | Dec 4, 2019 | An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0,… | ||
| CVE-2018-0730 | Cri | 0.64 | 9.8 | 0.02 | Dec 4, 2019 | This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | ||
| CVE-2018-0729 | Cri | 0.64 | 9.8 | 0.02 | Dec 4, 2019 | This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. | ||
| CVE-2019-5096 | Cri | 0.69 | 9.8 | 0.67 | Dec 3, 2019 | An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the… | ||
| CVE-2019-19459 | Cri | 0.64 | 9.8 | 0.04 | Dec 3, 2019 | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary… | ||
| CVE-2019-16885 | Cri | 0.64 | 9.8 | 0.05 | Dec 3, 2019 | In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via… | ||
| CVE-2013-4486 | Cri | 0.57 | 9.8 | 0.01 | Dec 3, 2019 | Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | ||
| CVE-2019-19021 | Cri | 0.64 | 9.8 | 0.01 | Dec 2, 2019 | An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | ||
| CVE-2019-19015 | Cri | 0.64 | 9.8 | 0.03 | Dec 2, 2019 | An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an… | ||
| CVE-2019-12518 | Cri | 0.71 | 9.8 | 0.51 | Dec 2, 2019 | Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. | ||
| CVE-2019-12503 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2019 | Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system… | ||
| CVE-2019-12394 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2019 | Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | ||
| CVE-2019-12392 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2019 | Anviz access control devices allow remote attackers to issue commands without a password. | ||
| CVE-2019-19502 | Cri | 0.00 | 9.8 | 0.02 | Dec 2, 2019 | Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | ||
| CVE-2019-19245 | Cri | 0.67 | 9.8 | 0.08 | Dec 2, 2019 | NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. | ||
| CVE-2019-19492 | Cri | 0.69 | 9.8 | 0.29 | Dec 2, 2019 | FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | ||
| CVE-2019-15631 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2019 | Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. | ||
| CVE-2019-18609 | Cri | 0.57 | 9.8 | 0.03 | Dec 1, 2019 | An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller… | ||
| CVE-2019-19391 | Cri | 0.00 | 9.1 | 0.01 | Nov 29, 2019 | In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT… | ||
| CVE-2019-14901 | Cri | 0.65 | 9.8 | 0.17 | Nov 29, 2019 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with… | ||
| CVE-2019-14897 | Cri | 0.64 | 9.8 | 0.03 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations… | ||
| CVE-2019-14895 | Cri | 0.64 | 9.8 | 0.08 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This… | ||
| CVE-2019-18253 | Cri | 0.65 | 10.0 | 0.02 | Nov 27, 2019 | An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | ||
| CVE-2019-6665 | Cri | 0.61 | 9.4 | 0.01 | Nov 27, 2019 | On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the… | ||
| CVE-2011-2717 | Cri | 0.64 | 9.8 | 0.04 | Nov 27, 2019 | The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | ||
| CVE-2011-2523 | Cri | 0.74 | 9.8 | 0.96 | Nov 27, 2019 | vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | ||
| CVE-2019-19330 | Cri | 0.64 | 9.8 | 0.04 | Nov 27, 2019 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | ||
| CVE-2019-18184 | Cri | 0.64 | 9.8 | 0.08 | Nov 27, 2019 | Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. | ||
| CVE-2019-14896 | Cri | 0.64 | 9.8 | 0.09 | Nov 27, 2019 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called… | ||
| CVE-2011-1939 | Cri | 0.67 | 9.8 | 0.04 | Nov 26, 2019 | SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | ||
| CVE-2011-1933 | Cri | 0.64 | 9.8 | 0.02 | Nov 26, 2019 | SQL injection vulnerability in Jifty::DBI before 0.68. | ||
| CVE-2019-17392 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2019 | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | ||
| CVE-2019-18580 | Cri | 0.65 | 10.0 | 0.05 | Nov 26, 2019 | Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. | ||
| CVE-2019-12526 | Cri | 0.65 | 9.8 | 0.20 | Nov 26, 2019 | An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to… | ||
| CVE-2019-12523 | Cri | 0.59 | 9.1 | 0.04 | Nov 26, 2019 | An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to… | ||
| CVE-2019-19307 | Cri | 0.67 | 9.8 | 0.42 | Nov 26, 2019 | An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | ||
| CVE-2019-14842 | Cri | 0.64 | 9.8 | 0.02 | Nov 26, 2019 | Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these… | ||
| CVE-2019-6675 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2019 | BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only… | ||
| CVE-2019-12489 | Cri | 0.64 | 9.8 | 0.06 | Nov 26, 2019 | An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter. | ||
| CVE-2011-4121 | Cri | 0.57 | 9.8 | 0.03 | Nov 26, 2019 | The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private… | ||
| CVE-2011-4120 | Cri | 0.57 | 9.8 | 0.02 | Nov 26, 2019 | Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and… | ||
| CVE-2019-15958 | Cri | 0.64 | 9.8 | 0.03 | Nov 26, 2019 | A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to… | ||
| CVE-2019-18250 | Cri | 0.64 | 9.8 | 0.02 | Nov 26, 2019 | In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. | ||
| CVE-2011-3584 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2019 | The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | ||
| CVE-2011-3583 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2019 | It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two… | ||
| CVE-2019-19250 | Cri | 0.00 | 9.8 | 0.01 | Nov 25, 2019 | OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | ||
| CVE-2019-19249 | — | Cri | 0.57 | 9.8 | 0.01 | Nov 25, 2019 | Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. |
- risk 0.00cvss 9.8epss 0.01
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0,…
- risk 0.00cvss 9.8epss 0.01
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0,…
- risk 0.00cvss 9.8epss 0.02
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
- risk 0.00cvss 9.8epss 0.03
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0,…
- risk 0.64cvss 9.8epss 0.02
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
- risk 0.64cvss 9.8epss 0.02
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.
- risk 0.69cvss 9.8epss 0.67
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the…
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary…
- risk 0.64cvss 9.8epss 0.05
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via…
- risk 0.57cvss 9.8epss 0.01
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an…
- risk 0.71cvss 9.8epss 0.51
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
- risk 0.64cvss 9.8epss 0.02
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system…
- risk 0.64cvss 9.8epss 0.02
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.
- risk 0.64cvss 9.8epss 0.02
Anviz access control devices allow remote attackers to issue commands without a password.
- risk 0.00cvss 9.8epss 0.02
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
- risk 0.67cvss 9.8epss 0.08
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
- risk 0.69cvss 9.8epss 0.29
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
- risk 0.64cvss 9.8epss 0.02
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller…
- risk 0.00cvss 9.1epss 0.01
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT…
- risk 0.65cvss 9.8epss 0.17
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with…
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations…
- risk 0.64cvss 9.8epss 0.08
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This…
- risk 0.65cvss 10.0epss 0.02
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
- risk 0.61cvss 9.4epss 0.01
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the…
- risk 0.64cvss 9.8epss 0.04
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
- risk 0.74cvss 9.8epss 0.96
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
- risk 0.64cvss 9.8epss 0.04
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
- risk 0.64cvss 9.8epss 0.08
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
- risk 0.64cvss 9.8epss 0.09
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called…
- risk 0.67cvss 9.8epss 0.04
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in Jifty::DBI before 0.68.
- risk 0.64cvss 9.8epss 0.01
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
- risk 0.65cvss 10.0epss 0.05
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
- risk 0.65cvss 9.8epss 0.20
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to…
- risk 0.59cvss 9.1epss 0.04
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to…
- risk 0.67cvss 9.8epss 0.42
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
- risk 0.64cvss 9.8epss 0.02
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these…
- risk 0.64cvss 9.8epss 0.01
BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
- risk 0.57cvss 9.8epss 0.03
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private…
- risk 0.57cvss 9.8epss 0.02
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and…
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to…
- risk 0.64cvss 9.8epss 0.02
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.
- risk 0.64cvss 9.8epss 0.01
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
- risk 0.64cvss 9.8epss 0.01
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two…
- risk 0.00cvss 9.8epss 0.01
OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.
- risk 0.57cvss 9.8epss 0.01
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations.