| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5916 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2019 | Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and… | ||
| CVE-2019-5909 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2019 | License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send… | ||
| CVE-2019-6543 | Cri | 0.68 | 9.8 | 0.17 | Feb 13, 2019 | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. | ||
| CVE-2018-19645 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2019 | An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||
| CVE-2019-7743 | Cri | 0.64 | 9.8 | 0.03 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | ||
| CVE-2019-6533 | — | Cri | 0.59 | 9.1 | 0.01 | Feb 12, 2019 | Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166). | |
| CVE-2019-6527 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2019 | PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted. | ||
| CVE-2018-9583 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional… | ||
| CVE-2019-7747 | Cri | 0.63 | 9.6 | 0.01 | Feb 11, 2019 | DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. | ||
| CVE-2019-7736 | Cri | 0.64 | 9.8 | 0.03 | Feb 11, 2019 | D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | ||
| CVE-2019-7731 | Cri | 0.64 | 9.8 | 0.04 | Feb 11, 2019 | MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | ||
| CVE-2018-12549 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | ||
| CVE-2018-12547 | Cri | 0.64 | 9.8 | 0.03 | Feb 11, 2019 | In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user… | ||
| CVE-2019-7720 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | ||
| CVE-2019-7719 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | ||
| CVE-2018-20779 | Cri | 0.64 | 9.8 | 0.02 | Feb 11, 2019 | Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||
| CVE-2018-20771 | Cri | 0.64 | 9.8 | 0.03 | Feb 10, 2019 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. | ||
| CVE-2018-20770 | Cri | 0.64 | 9.8 | 0.01 | Feb 10, 2019 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | ||
| CVE-2018-20768 | Cri | 0.64 | 9.8 | 0.01 | Feb 10, 2019 | An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. | ||
| CVE-2019-7692 | Cri | 0.64 | 9.8 | 0.02 | Feb 10, 2019 | install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder. | ||
| CVE-2018-13792 | Cri | 0.64 | 9.8 | 0.01 | Feb 10, 2019 | Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | ||
| CVE-2019-7684 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2019 | inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the… | ||
| CVE-2019-7678 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2019 | A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | ||
| CVE-2019-7674 | Cri | 0.64 | 9.8 | 0.01 | Feb 9, 2019 | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | ||
| CVE-2009-5154 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2019 | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | ||
| CVE-2019-7653 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2019 | The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the… | ||
| CVE-2018-1352 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2019 | A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | ||
| CVE-2018-20764 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2019 | A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. | ||
| CVE-2019-7401 | Cri | 0.64 | 9.8 | 0.03 | Feb 8, 2019 | NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact. | ||
| CVE-2019-6139 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2019 | Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent… | ||
| CVE-2019-7587 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2019 | Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function. | ||
| CVE-2019-7585 | Cri | 0.64 | 9.8 | 0.01 | Feb 7, 2019 | An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. | ||
| CVE-2019-4008 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2019 | API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | ||
| CVE-2019-7568 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2019 | An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. | ||
| CVE-2019-3822 | Cri | 0.65 | 9.8 | 0.13 | Feb 6, 2019 | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received… | ||
| CVE-2019-3464 | Cri | 0.64 | 9.8 | 0.05 | Feb 6, 2019 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | ||
| CVE-2019-3463 | Cri | 0.64 | 9.8 | 0.05 | Feb 6, 2019 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | ||
| CVE-2019-1003015 | Cri | 0.59 | 9.1 | 0.02 | Feb 6, 2019 | An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of… | ||
| CVE-2018-3991 | Cri | 0.68 | 10.0 | 0.34 | Feb 5, 2019 | An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed… | ||
| CVE-2018-3990 | Cri | 0.61 | 9.3 | 0.01 | Feb 5, 2019 | An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege… | ||
| CVE-2019-6523 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | ||
| CVE-2019-6519 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2019 | WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | ||
| CVE-2018-18505 | Cri | 0.65 | 10.0 | 0.05 | Feb 5, 2019 | An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is… | ||
| CVE-2018-18504 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability… | ||
| CVE-2018-18502 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects… | ||
| CVE-2018-18501 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2019 | Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This… | ||
| CVE-2018-18500 | Cri | 0.65 | 9.8 | 0.13 | Feb 5, 2019 | A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5,… | ||
| CVE-2018-8800 | Cri | 0.01 | 9.8 | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8797 | Cri | 0.01 | 9.8 | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8795 | Cri | 0.01 | 9.8 | 0.07 | Feb 5, 2019 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. |
- risk 0.64cvss 9.8epss 0.01
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and…
- risk 0.64cvss 9.8epss 0.05
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send…
- risk 0.68cvss 9.8epss 0.17
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.
- risk 0.64cvss 9.8epss 0.01
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
- risk 0.59cvss 9.1epss 0.01
Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).
- risk 0.64cvss 9.8epss 0.01
PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.
- risk 0.64cvss 9.8epss 0.02
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional…
- risk 0.63cvss 9.6epss 0.01
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
- risk 0.64cvss 9.8epss 0.03
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101.
- risk 0.64cvss 9.8epss 0.04
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
- risk 0.64cvss 9.8epss 0.02
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
- risk 0.64cvss 9.8epss 0.03
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user…
- risk 0.64cvss 9.8epss 0.02
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
- risk 0.64cvss 9.8epss 0.02
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
- risk 0.64cvss 9.8epss 0.02
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
- risk 0.64cvss 9.8epss 0.02
install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.
- risk 0.64cvss 9.8epss 0.01
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
- risk 0.64cvss 9.8epss 0.02
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the…
- risk 0.64cvss 9.8epss 0.02
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
- risk 0.64cvss 9.8epss 0.02
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the…
- risk 0.64cvss 9.8epss 0.01
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
- risk 0.64cvss 9.8epss 0.01
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
- risk 0.64cvss 9.8epss 0.03
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.02
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent…
- risk 0.64cvss 9.8epss 0.02
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
- risk 0.64cvss 9.8epss 0.02
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
- risk 0.65cvss 9.8epss 0.13
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received…
- risk 0.64cvss 9.8epss 0.05
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
- risk 0.64cvss 9.8epss 0.05
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
- risk 0.59cvss 9.1epss 0.02
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of…
- risk 0.68cvss 10.0epss 0.34
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed…
- risk 0.61cvss 9.3epss 0.01
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege…
- risk 0.64cvss 9.8epss 0.02
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
- risk 0.64cvss 9.8epss 0.03
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
- risk 0.65cvss 10.0epss 0.05
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is…
- risk 0.64cvss 9.8epss 0.02
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability…
- risk 0.64cvss 9.8epss 0.02
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…
- risk 0.64cvss 9.8epss 0.03
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This…
- risk 0.65cvss 9.8epss 0.13
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5,…
- risk 0.01cvss 9.8epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
- risk 0.01cvss 9.8epss 0.07
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
- risk 0.01cvss 9.8epss 0.07
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.