| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10074 | Cri | 0.64 | 9.8 | 0.03 | Sep 11, 2019 | An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good… | ||
| CVE-2019-0189 | Cri | 0.66 | 9.8 | 0.24 | Sep 11, 2019 | The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is… | ||
| CVE-2018-17200 | Cri | 0.64 | 9.8 | 0.05 | Sep 11, 2019 | The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream`… | ||
| CVE-2019-13473 | Cri | 0.64 | 9.8 | 0.04 | Sep 11, 2019 | TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem,… | ||
| CVE-2019-16227 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 11, 2019 | An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |
| CVE-2019-16225 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 11, 2019 | An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |
| CVE-2019-16224 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 11, 2019 | An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |
| CVE-2019-10256 | Cri | 0.64 | 9.8 | 0.01 | Sep 10, 2019 | An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. | ||
| CVE-2019-14457 | Cri | 0.64 | 9.8 | 0.03 | Sep 10, 2019 | VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | ||
| CVE-2019-11496 | Cri | 0.59 | 9.1 | 0.01 | Sep 10, 2019 | In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with… | ||
| CVE-2019-11495 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2019 | In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute… | ||
| CVE-2019-3975 | Cri | 0.64 | 9.8 | 0.05 | Sep 10, 2019 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | ||
| CVE-2019-15896 | Cri | 0.64 | 9.8 | 0.07 | Sep 10, 2019 | An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account… | ||
| CVE-2017-18605 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2019 | The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | ||
| CVE-2019-16192 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2019 | upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. | ||
| CVE-2019-16184 | Cri | 0.57 | 9.8 | 0.02 | Sep 9, 2019 | A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. | ||
| CVE-2019-6960 | Cri | 0.57 | 9.8 | 0.02 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. | ||
| CVE-2019-16190 | Cri | 0.64 | 9.8 | 0.03 | Sep 9, 2019 | SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | ||
| CVE-2019-12405 | Cri | 0.57 | 9.8 | 0.03 | Sep 9, 2019 | Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without… | ||
| CVE-2019-16114 | Cri | 0.64 | 9.8 | 0.05 | Sep 9, 2019 | In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve… | ||
| CVE-2019-10668 | — | Cri | 0.59 | 9.1 | 0.02 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to… | |
| CVE-2019-10665 | — | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered… | |
| CVE-2018-21013 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2019 | The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. | ||
| CVE-2019-16143 | — | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2019 | An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. | |
| CVE-2019-16142 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 9, 2019 | An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. | |
| CVE-2019-16140 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 9, 2019 | An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | |
| CVE-2019-16139 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2019 | An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. | |
| CVE-2019-16138 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 9, 2019 | An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. | |
| CVE-2019-16125 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2019 | In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | ||
| CVE-2019-16124 | Cri | 0.59 | 9.8 | 0.28 | Sep 9, 2019 | In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | ||
| CVE-2019-16119 | Cri | 0.69 | 9.8 | 0.25 | Sep 8, 2019 | SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | ||
| CVE-2019-16102 | Cri | 0.64 | 9.8 | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | ||
| CVE-2019-16093 | Cri | 0.64 | 9.8 | 0.02 | Sep 8, 2019 | Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | ||
| CVE-2019-16092 | Cri | 0.64 | 9.8 | 0.02 | Sep 8, 2019 | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. | ||
| CVE-2019-10892 | Cri | 0.64 | 9.8 | 0.02 | Sep 6, 2019 | An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it… | ||
| CVE-2019-10891 | Cri | 0.65 | 9.8 | 0.19 | Sep 6, 2019 | An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP… | ||
| CVE-2019-9855 | Cri | 0.64 | 9.8 | 0.03 | Sep 6, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can… | ||
| CVE-2019-16060 | — | Cri | 0.00 | 9.8 | 0.01 | Sep 6, 2019 | The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). | |
| CVE-2019-11926 | Cri | 0.00 | 9.8 | 0.02 | Sep 6, 2019 | Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3,… | ||
| CVE-2019-11925 | Cri | 0.00 | 9.8 | 0.02 | Sep 6, 2019 | Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all… | ||
| CVE-2016-7398 | Cri | 0.57 | 9.8 | 0.07 | Sep 6, 2019 | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. | ||
| CVE-2019-15102 | Cri | 0.64 | 9.8 | 0.04 | Sep 6, 2019 | An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected… | ||
| CVE-2019-13656 | Cri | 0.64 | 9.8 | 0.06 | Sep 6, 2019 | An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | ||
| CVE-2019-14813 | Cri | 0.65 | 9.8 | 0.11 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then… | ||
| CVE-2019-15846 | Cri | 0.67 | 9.8 | 0.36 | Sep 6, 2019 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | ||
| CVE-2019-14222 | Cri | 0.64 | 9.8 | 0.03 | Sep 5, 2019 | An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default… | ||
| CVE-2019-15954 | — | Cri | 0.74 | 9.9 | 0.79 | Sep 5, 2019 | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side.… | |
| CVE-2019-13188 | Cri | 0.64 | 9.8 | 0.02 | Sep 5, 2019 | In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | ||
| CVE-2019-13187 | Cri | 0.64 | 9.8 | 0.02 | Sep 5, 2019 | The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | ||
| CVE-2018-11569 | Cri | 0.64 | 9.8 | 0.02 | Sep 5, 2019 | Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. |
- risk 0.64cvss 9.8epss 0.03
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good…
- risk 0.66cvss 9.8epss 0.24
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is…
- risk 0.64cvss 9.8epss 0.05
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream`…
- risk 0.64cvss 9.8epss 0.04
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem,…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
- risk 0.64cvss 9.8epss 0.01
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
- risk 0.64cvss 9.8epss 0.03
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
- risk 0.59cvss 9.1epss 0.01
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with…
- risk 0.64cvss 9.8epss 0.02
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute…
- risk 0.64cvss 9.8epss 0.05
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account…
- risk 0.64cvss 9.8epss 0.02
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.
- risk 0.64cvss 9.8epss 0.02
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
- risk 0.57cvss 9.8epss 0.02
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
- risk 0.64cvss 9.8epss 0.03
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
- risk 0.57cvss 9.8epss 0.03
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without…
- risk 0.64cvss 9.8epss 0.05
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve…
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered…
- risk 0.64cvss 9.8epss 0.02
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
- risk 0.59cvss 9.8epss 0.28
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
- risk 0.69cvss 9.8epss 0.25
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
- risk 0.64cvss 9.8epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
- risk 0.64cvss 9.8epss 0.02
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
- risk 0.64cvss 9.8epss 0.02
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it…
- risk 0.65cvss 9.8epss 0.19
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP…
- risk 0.64cvss 9.8epss 0.03
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…
- risk 0.00cvss 9.8epss 0.01
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
- risk 0.00cvss 9.8epss 0.02
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3,…
- risk 0.00cvss 9.8epss 0.02
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all…
- risk 0.57cvss 9.8epss 0.07
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected…
- risk 0.64cvss 9.8epss 0.06
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
- risk 0.65cvss 9.8epss 0.11
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then…
- risk 0.67cvss 9.8epss 0.36
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default…
- risk 0.74cvss 9.9epss 0.79
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side.…
- risk 0.64cvss 9.8epss 0.02
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
- risk 0.64cvss 9.8epss 0.02
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
- risk 0.64cvss 9.8epss 0.02
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.