| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8031 | Cri | 0.64 | 9.8 | 0.05 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8030 | Cri | 0.64 | 9.8 | 0.05 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8029 | Cri | 0.64 | 9.8 | 0.05 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8028 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8026 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8025 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8024 | Cri | 0.68 | 9.8 | 0.15 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-8023 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could… | ||
| CVE-2019-8022 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could… | ||
| CVE-2019-8017 | Cri | 0.68 | 9.8 | 0.13 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful… | ||
| CVE-2019-8016 | Cri | 0.68 | 9.8 | 0.22 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could… | ||
| CVE-2019-8015 | Cri | 0.64 | 9.8 | 0.06 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to… | ||
| CVE-2019-8009 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could… | ||
| CVE-2019-8006 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful… | ||
| CVE-2019-8003 | Cri | 0.64 | 9.8 | 0.05 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead… | ||
| CVE-2019-7965 | Cri | 0.64 | 9.8 | 0.04 | Aug 20, 2019 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could… | ||
| CVE-2019-2130 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2019 | In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2019-4483 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2019 | IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… | ||
| CVE-2019-4481 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2019 | IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… | ||
| CVE-2015-9330 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2019 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | ||
| CVE-2019-15232 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2019 | Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. | ||
| CVE-2019-15224 | — | Cri | 0.64 | 9.8 | 0.04 | Aug 19, 2019 | The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. | |
| CVE-2019-15151 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 18, 2019 | AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. | |
| CVE-2019-15149 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 18, 2019 | core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in… | |
| CVE-2019-15130 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2019 | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a… | ||
| CVE-2018-20973 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. | ||
| CVE-2017-18543 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | ||
| CVE-2015-9324 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | ||
| CVE-2015-9323 | Cri | 0.70 | 9.8 | 0.46 | Aug 16, 2019 | The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. | ||
| CVE-2014-10376 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | ||
| CVE-2019-7964 | Cri | 0.65 | 9.8 | 0.10 | Aug 16, 2019 | Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. | ||
| CVE-2019-7959 | Cri | 0.64 | 9.8 | 0.07 | Aug 16, 2019 | Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-7958 | Cri | 0.64 | 9.8 | 0.04 | Aug 16, 2019 | Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. | ||
| CVE-2019-5477 | Cri | 0.57 | 9.8 | 0.06 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input… | ||
| CVE-2017-18548 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The note-press plugin before 0.1.2 for WordPress has SQL injection. | ||
| CVE-2016-10904 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The olimometer plugin before 2.57 for WordPress has SQL injection. | ||
| CVE-2015-9326 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. | ||
| CVE-2015-9325 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | The visitors-online plugin before 0.4 for WordPress has SQL injection. | ||
| CVE-2019-15091 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2019 | filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | ||
| CVE-2019-15107 | Cri | 0.93 | 9.8 | 1.00 | KEV | Aug 16, 2019 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | |
| CVE-2019-15106 | Cri | 0.69 | 9.8 | 0.25 | Aug 16, 2019 | An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm. | ||
| CVE-2019-9851 | Cri | 0.73 | 9.8 | 0.78 | Aug 15, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document… | ||
| CVE-2019-9850 | Cri | 0.64 | 9.8 | 0.03 | Aug 15, 2019 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can… | ||
| CVE-2018-14062 | Cri | 0.59 | 9.1 | 0.02 | Aug 15, 2019 | The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal. | ||
| CVE-2019-9010 | Cri | 0.64 | 9.8 | 0.02 | Aug 15, 2019 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are… | ||
| CVE-2018-14671 | Cri | 0.57 | 9.8 | 0.03 | Aug 15, 2019 | In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | ||
| CVE-2018-14670 | Cri | 0.57 | 9.8 | 0.02 | Aug 15, 2019 | Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. | ||
| CVE-2019-11187 | Cri | 0.64 | 9.8 | 0.02 | Aug 15, 2019 | Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | ||
| CVE-2019-13578 | Cri | 0.00 | 9.8 | 0.03 | Aug 15, 2019 | A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | ||
| CVE-2019-9585 | Cri | 0.64 | 9.8 | 0.03 | Aug 14, 2019 | eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata. |
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.68cvss 9.8epss 0.15
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…
- risk 0.68cvss 9.8epss 0.13
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful…
- risk 0.68cvss 9.8epss 0.22
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful…
- risk 0.64cvss 9.8epss 0.05
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…
- risk 0.64cvss 9.8epss 0.04
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…
- risk 0.64cvss 9.8epss 0.02
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for…
- risk 0.64cvss 9.8epss 0.02
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
- risk 0.64cvss 9.8epss 0.02
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
- risk 0.64cvss 9.8epss 0.02
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
- risk 0.64cvss 9.8epss 0.02
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
- risk 0.64cvss 9.8epss 0.04
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
- risk 0.57cvss 9.8epss 0.02
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
- risk 0.57cvss 9.8epss 0.02
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in…
- risk 0.64cvss 9.8epss 0.02
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a…
- risk 0.64cvss 9.8epss 0.02
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
- risk 0.64cvss 9.8epss 0.02
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
- risk 0.64cvss 9.8epss 0.02
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
- risk 0.70cvss 9.8epss 0.46
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
- risk 0.65cvss 9.8epss 0.10
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
- risk 0.64cvss 9.8epss 0.07
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.04
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.
- risk 0.57cvss 9.8epss 0.06
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input…
- risk 0.64cvss 9.8epss 0.02
The note-press plugin before 0.1.2 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
The olimometer plugin before 2.57 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
The visitors-online plugin before 0.4 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
- risk 0.93cvss 9.8epss 1.00
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
- risk 0.69cvss 9.8epss 0.25
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
- risk 0.73cvss 9.8epss 0.78
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document…
- risk 0.64cvss 9.8epss 0.03
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…
- risk 0.59cvss 9.1epss 0.02
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are…
- risk 0.57cvss 9.8epss 0.03
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
- risk 0.57cvss 9.8epss 0.02
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
- risk 0.64cvss 9.8epss 0.02
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
- risk 0.00cvss 9.8epss 0.03
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
- risk 0.64cvss 9.8epss 0.03
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.