| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9951 | Cri | 0.64 | 9.8 | 0.02 | Apr 24, 2019 | Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page… | ||
| CVE-2019-9950 | Cri | 0.64 | 9.8 | 0.02 | Apr 24, 2019 | Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file… | ||
| CVE-2019-3793 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2019 | Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the… | ||
| CVE-2019-7214 | Cri | 0.73 | 9.8 | 0.83 | Apr 24, 2019 | SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. | ||
| CVE-2019-11081 | Cri | 0.64 | 9.8 | 0.02 | Apr 24, 2019 | A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | ||
| CVE-2019-7727 | Cri | 0.64 | 9.8 | 0.04 | Apr 23, 2019 | In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The… | ||
| CVE-2019-2702 | Cri | 0.61 | 9.3 | 0.01 | Apr 23, 2019 | Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows unauthenticated attacker with network access… | ||
| CVE-2019-2699 | Cri | 0.59 | 9.0 | 0.03 | Apr 23, 2019 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.… | ||
| CVE-2019-2658 | Cri | 0.64 | 9.8 | 0.02 | Apr 23, 2019 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2019-2646 | Cri | 0.64 | 9.8 | 0.02 | Apr 23, 2019 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access… | ||
| CVE-2019-2645 | Cri | 0.64 | 9.8 | 0.02 | Apr 23, 2019 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2019-2638 | Cri | 0.64 | 9.9 | 0.01 | Apr 23, 2019 | Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability… | ||
| CVE-2019-2633 | Cri | 0.64 | 9.9 | 0.01 | Apr 23, 2019 | Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged… | ||
| CVE-2019-2517 | Cri | 0.59 | 9.1 | 0.02 | Apr 23, 2019 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core… | ||
| CVE-2019-11076 | Cri | 0.64 | 9.8 | 0.04 | Apr 23, 2019 | Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | ||
| CVE-2019-7304 | Cri | 0.65 | 9.8 | 0.61 | Apr 23, 2019 | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. | ||
| CVE-2019-11469 | Cri | 0.68 | 9.8 | 0.18 | Apr 23, 2019 | Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature. | ||
| CVE-2019-11460 | Cri | 0.59 | 9.0 | 0.02 | Apr 22, 2019 | An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the… | ||
| CVE-2019-11383 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml | ||
| CVE-2019-11384 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. | ||
| CVE-2019-3899 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11. | ||
| CVE-2016-1585 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | In all versions of AppArmor mount rules are accidentally widened when compiled. | ||
| CVE-2014-1427 | Cri | 0.62 | 9.6 | 0.01 | Apr 22, 2019 | A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | ||
| CVE-2019-11450 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | ||
| CVE-2019-11448 | Cri | 0.68 | 9.8 | 0.12 | Apr 22, 2019 | An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to… | ||
| CVE-2019-11418 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. | ||
| CVE-2019-11417 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build… | ||
| CVE-2019-11411 | Cri | 0.00 | 9.8 | 0.03 | Apr 22, 2019 | An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. | ||
| CVE-2019-11403 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. | ||
| CVE-2019-11402 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2019 | In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | ||
| CVE-2019-11395 | Cri | 0.65 | 9.8 | 0.15 | Apr 22, 2019 | A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. | ||
| CVE-2019-11393 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter. | ||
| CVE-2019-11235 | Cri | 0.64 | 9.8 | 0.04 | Apr 22, 2019 | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and… | ||
| CVE-2019-11234 | Cri | 0.64 | 9.8 | 0.08 | Apr 22, 2019 | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | ||
| CVE-2018-20818 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. | ||
| CVE-2019-11371 | Cri | 0.64 | 9.8 | 0.02 | Apr 20, 2019 | BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. | ||
| CVE-2019-11365 | Cri | 0.64 | 9.8 | 0.04 | Apr 20, 2019 | An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple… | ||
| CVE-2019-11362 | Cri | 0.64 | 9.8 | 0.02 | Apr 20, 2019 | app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | ||
| CVE-2018-20817 | Cri | 0.64 | 9.8 | 0.04 | Apr 19, 2019 | SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects… | ||
| CVE-2019-11350 | Cri | 0.64 | 9.8 | 0.02 | Apr 19, 2019 | CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. | ||
| CVE-2019-2030 | Cri | 0.64 | 9.8 | 0.01 | Apr 19, 2019 | In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:… | ||
| CVE-2019-11344 | Cri | 0.64 | 9.8 | 0.04 | Apr 19, 2019 | data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. | ||
| CVE-2019-9161 | Cri | 0.64 | 9.8 | 0.05 | Apr 18, 2019 | WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an… | ||
| CVE-2019-9160 | Cri | 0.64 | 9.8 | 0.03 | Apr 18, 2019 | WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static… | ||
| CVE-2019-11223 | Cri | 0.64 | 9.8 | 0.09 | Apr 18, 2019 | An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||
| CVE-2019-11322 | Cri | 0.64 | 9.8 | 0.04 | Apr 18, 2019 | An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||
| CVE-2019-11320 | Cri | 0.64 | 9.8 | 0.02 | Apr 18, 2019 | In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. | ||
| CVE-2019-11319 | Cri | 0.64 | 9.8 | 0.04 | Apr 18, 2019 | An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||
| CVE-2019-11035 | Cri | 0.60 | 9.1 | 0.04 | Apr 18, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. | ||
| CVE-2019-11034 | Cri | 0.59 | 9.1 | 0.04 | Apr 18, 2019 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
- risk 0.64cvss 9.8epss 0.02
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page…
- risk 0.64cvss 9.8epss 0.02
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file…
- risk 0.64cvss 9.8epss 0.01
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the…
- risk 0.73cvss 9.8epss 0.83
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
- risk 0.64cvss 9.8epss 0.02
A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server.
- risk 0.64cvss 9.8epss 0.04
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The…
- risk 0.61cvss 9.3epss 0.01
Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows unauthenticated attacker with network access…
- risk 0.59cvss 9.0epss 0.03
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.…
- risk 0.64cvss 9.8epss 0.02
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.64cvss 9.8epss 0.02
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…
- risk 0.64cvss 9.8epss 0.02
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.64cvss 9.9epss 0.01
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability…
- risk 0.64cvss 9.9epss 0.01
Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged…
- risk 0.59cvss 9.1epss 0.02
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core…
- risk 0.64cvss 9.8epss 0.04
Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.
- risk 0.65cvss 9.8epss 0.61
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
- risk 0.68cvss 9.8epss 0.18
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
- risk 0.59cvss 9.0epss 0.02
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
- risk 0.64cvss 9.8epss 0.01
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
- risk 0.64cvss 9.8epss 0.01
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
- risk 0.64cvss 9.8epss 0.01
In all versions of AppArmor mount rules are accidentally widened when compiled.
- risk 0.62cvss 9.6epss 0.01
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
- risk 0.64cvss 9.8epss 0.01
whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.
- risk 0.68cvss 9.8epss 0.12
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to…
- risk 0.64cvss 9.8epss 0.02
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
- risk 0.64cvss 9.8epss 0.02
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build…
- risk 0.00cvss 9.8epss 0.03
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
- risk 0.64cvss 9.8epss 0.01
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
- risk 0.64cvss 9.8epss 0.01
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
- risk 0.65cvss 9.8epss 0.15
A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
- risk 0.64cvss 9.8epss 0.04
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and…
- risk 0.64cvss 9.8epss 0.08
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
- risk 0.64cvss 9.8epss 0.02
A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.02
BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple…
- risk 0.64cvss 9.8epss 0.02
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
- risk 0.64cvss 9.8epss 0.04
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects…
- risk 0.64cvss 9.8epss 0.02
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
- risk 0.64cvss 9.8epss 0.01
In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:…
- risk 0.64cvss 9.8epss 0.04
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
- risk 0.64cvss 9.8epss 0.05
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an…
- risk 0.64cvss 9.8epss 0.03
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static…
- risk 0.64cvss 9.8epss 0.09
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
- risk 0.64cvss 9.8epss 0.02
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
- risk 0.60cvss 9.1epss 0.04
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
- risk 0.59cvss 9.1epss 0.04
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.