| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8352 | Cri | 0.67 | 9.8 | 0.06 | May 20, 2019 | By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use… | ||
| CVE-2019-12208 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | ||
| CVE-2019-12207 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | ||
| CVE-2019-12206 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | ||
| CVE-2019-12160 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | GoHTTP through 2017-07-25 has a sendHeader use-after-free. | ||
| CVE-2019-12158 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. | ||
| CVE-2019-7353 | Cri | 0.52 | 9.1 | 0.02 | May 17, 2019 | An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | ||
| CVE-2019-11887 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. | ||
| CVE-2019-5954 | Cri | 0.59 | 9.1 | 0.02 | May 17, 2019 | JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors. | ||
| CVE-2019-5953 | Cri | 0.64 | 9.8 | 0.06 | May 17, 2019 | Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | ||
| CVE-2019-5945 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon. | ||
| CVE-2019-5883 | Cri | 0.59 | 9.1 | 0.01 | May 17, 2019 | An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to. | ||
| CVE-2019-4279 | Cri | 0.73 | 9.8 | 0.80 | May 17, 2019 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. | ||
| CVE-2019-0172 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. | ||
| CVE-2019-0153 | Cri | 0.64 | 9.8 | 0.02 | May 17, 2019 | Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2018-17181 | Cri | 0.00 | 9.8 | 0.01 | May 17, 2019 | An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. | ||
| CVE-2018-17179 | Cri | 0.04 | 9.8 | 0.12 | May 17, 2019 | An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. | ||
| CVE-2019-10913 | — | Cri | 0.57 | 9.8 | 0.02 | May 16, 2019 | In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is… | |
| CVE-2019-10910 | — | Cri | 0.57 | 9.8 | 0.06 | May 16, 2019 | In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | |
| CVE-2019-0938 | Cri | 0.59 | 9.0 | 0.03 | May 16, 2019 | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | ||
| CVE-2019-0725 | Cri | 0.66 | 9.8 | 0.26 | May 16, 2019 | A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | ||
| CVE-2019-0708 | Cri | 0.93 | 9.8 | 1.00 | KEV | May 16, 2019 | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution… | |
| CVE-2013-7285 | — | Cri | 0.66 | 9.8 | 0.84 | May 15, 2019 | Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON. | |
| CVE-2019-5597 | Cri | 0.59 | 9.1 | 0.04 | May 15, 2019 | In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the… | ||
| CVE-2019-3725 | Cri | 0.64 | 9.8 | 0.03 | May 15, 2019 | RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability… | ||
| CVE-2018-14839 | Cri | 0.83 | 9.8 | 0.89 | KEV | May 14, 2019 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | |
| CVE-2019-6572 | Cri | 0.59 | 9.1 | 0.03 | May 14, 2019 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions <… | ||
| CVE-2019-3568 | Cri | 0.79 | 9.8 | 0.39 | KEV | May 14, 2019 | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp… | |
| CVE-2019-10922 | Cri | 0.64 | 9.8 | 0.03 | May 14, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected… | ||
| CVE-2019-10919 | Cri | 0.61 | 9.4 | 0.03 | May 14, 2019 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port.… | ||
| CVE-2018-8940 | Cri | 0.64 | 9.8 | 0.02 | May 14, 2019 | ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load… | ||
| CVE-2018-6885 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2019 | An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to… | ||
| CVE-2019-8923 | Cri | 0.67 | 9.8 | 0.04 | May 14, 2019 | XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | ||
| CVE-2018-11691 | Cri | 0.64 | 9.8 | 0.02 | May 14, 2019 | Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can… | ||
| CVE-2018-18800 | Cri | 0.67 | 9.8 | 0.03 | May 14, 2019 | The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php. | ||
| CVE-2019-9618 | Cri | 0.70 | 9.8 | 0.41 | May 13, 2019 | The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. | ||
| CVE-2019-10053 | Cri | 0.64 | 9.8 | 0.02 | May 13, 2019 | An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow. | ||
| CVE-2018-18912 | Cri | 0.64 | 9.8 | 0.04 | May 13, 2019 | An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. | ||
| CVE-2019-11680 | Cri | 0.64 | 9.8 | 0.04 | May 13, 2019 | KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image. | ||
| CVE-2019-7690 | Cri | 0.64 | 9.8 | 0.03 | May 13, 2019 | In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a… | ||
| CVE-2018-4029 | Cri | 0.64 | 9.8 | 0.03 | May 13, 2019 | An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code… | ||
| CVE-2018-4023 | Cri | 0.64 | 9.8 | 0.03 | May 13, 2019 | An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. | ||
| CVE-2018-4018 | Cri | 0.64 | 9.8 | 0.02 | May 13, 2019 | An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP… | ||
| CVE-2018-4014 | Cri | 0.64 | 9.8 | 0.02 | May 13, 2019 | An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this… | ||
| CVE-2015-9287 | Cri | 0.64 | 9.8 | 0.02 | May 13, 2019 | Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message,… | ||
| CVE-2018-19990 | Cri | 0.64 | 9.8 | 0.05 | May 13, 2019 | In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and… | ||
| CVE-2018-19989 | Cri | 0.64 | 9.8 | 0.06 | May 13, 2019 | In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and… | ||
| CVE-2018-19988 | Cri | 0.64 | 9.8 | 0.07 | May 13, 2019 | In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath… | ||
| CVE-2018-19987 | Cri | 0.65 | 9.8 | 0.13 | May 13, 2019 | D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code,… | ||
| CVE-2018-19986 | Cri | 0.67 | 9.8 | 0.42 | May 13, 2019 | In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the… |
- risk 0.67cvss 9.8epss 0.06
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use…
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
- risk 0.64cvss 9.8epss 0.02
GoHTTP through 2017-07-25 has a sendHeader use-after-free.
- risk 0.64cvss 9.8epss 0.02
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
- risk 0.52cvss 9.1epss 0.02
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.
- risk 0.64cvss 9.8epss 0.02
SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution.
- risk 0.59cvss 9.1epss 0.02
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.
- risk 0.64cvss 9.8epss 0.06
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
- risk 0.59cvss 9.1epss 0.01
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.
- risk 0.73cvss 9.8epss 0.80
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
- risk 0.64cvss 9.8epss 0.02
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- risk 0.00cvss 9.8epss 0.01
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
- risk 0.04cvss 9.8epss 0.12
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
- risk 0.57cvss 9.8epss 0.02
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is…
- risk 0.57cvss 9.8epss 0.06
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
- risk 0.59cvss 9.0epss 0.03
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
- risk 0.66cvss 9.8epss 0.26
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
- risk 0.93cvss 9.8epss 1.00
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution…
- risk 0.66cvss 9.8epss 0.84
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
- risk 0.59cvss 9.1epss 0.04
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the…
- risk 0.64cvss 9.8epss 0.03
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability…
- risk 0.83cvss 9.8epss 0.89
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
- risk 0.59cvss 9.1epss 0.03
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions <…
- risk 0.79cvss 9.8epss 0.39
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp…
- risk 0.64cvss 9.8epss 0.03
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected…
- risk 0.61cvss 9.4epss 0.03
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port.…
- risk 0.64cvss 9.8epss 0.02
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to…
- risk 0.67cvss 9.8epss 0.04
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
- risk 0.64cvss 9.8epss 0.02
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can…
- risk 0.67cvss 9.8epss 0.03
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
- risk 0.70cvss 9.8epss 0.41
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
- risk 0.64cvss 9.8epss 0.03
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a…
- risk 0.64cvss 9.8epss 0.03
An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code…
- risk 0.64cvss 9.8epss 0.03
An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution.
- risk 0.64cvss 9.8epss 0.02
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP…
- risk 0.64cvss 9.8epss 0.02
An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this…
- risk 0.64cvss 9.8epss 0.02
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message,…
- risk 0.64cvss 9.8epss 0.05
In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and…
- risk 0.64cvss 9.8epss 0.06
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and…
- risk 0.64cvss 9.8epss 0.07
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath…
- risk 0.65cvss 9.8epss 0.13
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code,…
- risk 0.67cvss 9.8epss 0.42
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the…