| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3100 | Cri | 0.64 | 9.8 | 0.02 | Nov 6, 2019 | termpkg 3.3 suffers from buffer overflow. | ||
| CVE-2006-0062 | Cri | 0.64 | 9.8 | 0.01 | Nov 6, 2019 | xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | ||
| CVE-2006-0061 | Cri | 0.64 | 9.8 | 0.02 | Nov 6, 2019 | xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | ||
| CVE-2019-8158 | Cri | 0.57 | 9.8 | 0.01 | Nov 6, 2019 | An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted… | ||
| CVE-2019-8149 | Cri | 0.57 | 9.8 | 0.02 | Nov 6, 2019 | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. | ||
| CVE-2019-8144 | Cri | 0.57 | 9.8 | 0.02 | Nov 6, 2019 | A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. | ||
| CVE-2019-8136 | Cri | 0.57 | 9.8 | 0.01 | Nov 6, 2019 | An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | ||
| CVE-2019-8135 | Cri | 0.57 | 9.8 | 0.02 | Nov 6, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution. | ||
| CVE-2019-8121 | Cri | 0.57 | 9.8 | 0.01 | Nov 5, 2019 | An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. | ||
| CVE-2011-1460 | Cri | 0.64 | 9.8 | 0.01 | Nov 5, 2019 | WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. | ||
| CVE-2011-1134 | Cri | 0.64 | 9.8 | 0.03 | Nov 5, 2019 | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | ||
| CVE-2019-18780 | Cri | 0.64 | 9.8 | 0.06 | Nov 5, 2019 | An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance… | ||
| CVE-2005-2354 | Cri | 0.64 | 9.8 | 0.02 | Nov 5, 2019 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | ||
| CVE-2019-17211 | Cri | 0.64 | 9.8 | 0.03 | Nov 5, 2019 | An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and… | ||
| CVE-2019-17212 | Cri | 0.64 | 9.8 | 0.03 | Nov 5, 2019 | Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the… | ||
| CVE-2015-8980 | Cri | 0.64 | 9.8 | 0.07 | Nov 4, 2019 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | ||
| CVE-2013-4409 | — | Cri | 0.64 | 9.8 | 0.03 | Nov 4, 2019 | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |
| CVE-2019-18663 | Cri | 0.64 | 9.8 | 0.01 | Nov 4, 2019 | A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||
| CVE-2013-2260 | Cri | 0.64 | 9.8 | 0.02 | Nov 4, 2019 | Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness | ||
| CVE-2013-2259 | Cri | 0.64 | 9.8 | 0.04 | Nov 4, 2019 | Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview | ||
| CVE-2013-4103 | Cri | 0.67 | 9.8 | 0.07 | Nov 4, 2019 | Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | ||
| CVE-2013-4102 | Cri | 0.59 | 9.1 | 0.02 | Nov 4, 2019 | Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness | ||
| CVE-2019-18662 | Cri | 0.64 | 9.8 | 0.02 | Nov 2, 2019 | An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query.… | ||
| CVE-2013-1666 | Cri | 0.64 | 9.8 | 0.02 | Nov 1, 2019 | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | ||
| CVE-2011-3923 | Cri | 0.74 | 9.8 | 0.89 | Nov 1, 2019 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | ||
| CVE-2013-2739 | Cri | 0.67 | 9.8 | 0.05 | Nov 1, 2019 | MiniDLNA has heap-based buffer overflow | ||
| CVE-2005-3056 | Cri | 0.64 | 9.8 | 0.03 | Nov 1, 2019 | TWiki allows arbitrary shell command execution via the Include function | ||
| CVE-2013-2738 | Cri | 0.64 | 9.8 | 0.02 | Nov 1, 2019 | minidlna has SQL Injection that may allow retrieval of arbitrary files | ||
| CVE-2019-18226 | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2019 | Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. | ||
| CVE-2019-13551 | Cri | 0.64 | 9.8 | 0.05 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an… | ||
| CVE-2019-13547 | Cri | 0.64 | 9.8 | 0.03 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | ||
| CVE-2019-13508 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2019 | FreeTDS through 1.1.11 has a Buffer Overflow. | ||
| CVE-2018-4031 | Cri | 0.65 | 10.0 | 0.03 | Oct 31, 2019 | An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua… | ||
| CVE-2012-6125 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2019 | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | ||
| CVE-2010-2783 | Cri | 0.59 | 9.1 | 0.02 | Oct 31, 2019 | IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | ||
| CVE-2010-2548 | Cri | 0.59 | 9.1 | 0.02 | Oct 31, 2019 | IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | ||
| CVE-2019-5151 | Cri | 0.65 | 10.0 | 0.02 | Oct 31, 2019 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to… | ||
| CVE-2019-5049 | Cri | 0.65 | 10.0 | 0.02 | Oct 31, 2019 | An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this… | ||
| CVE-2013-1910 | Cri | 0.64 | 9.8 | 0.03 | Oct 31, 2019 | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | ||
| CVE-2019-18465 | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2019 | In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL… | ||
| CVE-2019-18464 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2019 | In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the… | ||
| CVE-2009-5043 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2019 | burn allows file names to escape via mishandled quotation marks | |
| CVE-2009-5042 | — | Cri | 0.59 | 9.1 | 0.01 | Oct 31, 2019 | python-docutils allows insecure usage of temporary files | |
| CVE-2009-5041 | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2019 | overkill has buffer overflow via long player names that can corrupt data on the server machine | ||
| CVE-2019-18364 | Cri | 0.64 | 9.8 | 0.03 | Oct 31, 2019 | In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | ||
| CVE-2019-18425 | Cri | 0.64 | 9.8 | 0.03 | Oct 31, 2019 | An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table… | ||
| CVE-2010-0748 | Cri | 0.64 | 9.8 | 0.02 | Oct 30, 2019 | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | ||
| CVE-2019-18633 | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2019 | European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | ||
| CVE-2019-18632 | Cri | 0.57 | 9.8 | 0.01 | Oct 30, 2019 | European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. | ||
| CVE-2019-10762 | — | Cri | 0.57 | 9.8 | 0.01 | Oct 30, 2019 | columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. |
- risk 0.64cvss 9.8epss 0.02
termpkg 3.3 suffers from buffer overflow.
- risk 0.64cvss 9.8epss 0.01
xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.
- risk 0.64cvss 9.8epss 0.02
xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.
- risk 0.57cvss 9.8epss 0.01
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted…
- risk 0.57cvss 9.8epss 0.02
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.
- risk 0.57cvss 9.8epss 0.02
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
- risk 0.57cvss 9.8epss 0.01
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.
- risk 0.57cvss 9.8epss 0.02
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.
- risk 0.57cvss 9.8epss 0.01
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
- risk 0.64cvss 9.8epss 0.01
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
- risk 0.64cvss 9.8epss 0.03
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
- risk 0.64cvss 9.8epss 0.06
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance…
- risk 0.64cvss 9.8epss 0.02
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.
- risk 0.64cvss 9.8epss 0.03
An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and…
- risk 0.64cvss 9.8epss 0.03
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…
- risk 0.64cvss 9.8epss 0.07
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter.
- risk 0.64cvss 9.8epss 0.02
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
- risk 0.64cvss 9.8epss 0.04
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview
- risk 0.67cvss 9.8epss 0.07
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
- risk 0.59cvss 9.1epss 0.02
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query.…
- risk 0.64cvss 9.8epss 0.02
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
- risk 0.74cvss 9.8epss 0.89
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
- risk 0.67cvss 9.8epss 0.05
MiniDLNA has heap-based buffer overflow
- risk 0.64cvss 9.8epss 0.03
TWiki allows arbitrary shell command execution via the Include function
- risk 0.64cvss 9.8epss 0.02
minidlna has SQL Injection that may allow retrieval of arbitrary files
- risk 0.64cvss 9.8epss 0.01
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
- risk 0.64cvss 9.8epss 0.05
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an…
- risk 0.64cvss 9.8epss 0.03
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
- risk 0.64cvss 9.8epss 0.02
FreeTDS through 1.1.11 has a Buffer Overflow.
- risk 0.65cvss 10.0epss 0.03
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua…
- risk 0.64cvss 9.8epss 0.02
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
- risk 0.59cvss 9.1epss 0.02
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
- risk 0.59cvss 9.1epss 0.02
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
- risk 0.65cvss 10.0epss 0.02
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to…
- risk 0.65cvss 10.0epss 0.02
An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this…
- risk 0.64cvss 9.8epss 0.03
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
- risk 0.64cvss 9.8epss 0.01
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL…
- risk 0.64cvss 9.8epss 0.02
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the…
- risk 0.64cvss 9.8epss 0.01
burn allows file names to escape via mishandled quotation marks
- risk 0.59cvss 9.1epss 0.01
python-docutils allows insecure usage of temporary files
- risk 0.64cvss 9.8epss 0.01
overkill has buffer overflow via long player names that can corrupt data on the server machine
- risk 0.64cvss 9.8epss 0.03
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table…
- risk 0.64cvss 9.8epss 0.02
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
- risk 0.64cvss 9.8epss 0.01
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
- risk 0.57cvss 9.8epss 0.01
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
- risk 0.57cvss 9.8epss 0.01
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.