| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5915 | Cri | 0.64 | 9.8 | 0.01 | Jan 18, 2019 | Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 /… | ||
| CVE-2018-11284 | Cri | 0.60 | 9.3 | 0.01 | Jan 18, 2019 | Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660,… | ||
| CVE-2017-18160 | Cri | 0.64 | 9.8 | 0.01 | Jan 18, 2019 | AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850 | ||
| CVE-2019-3910 | Cri | 0.60 | 9.1 | 0.09 | Jan 18, 2019 | Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. | ||
| CVE-2019-3909 | Cri | 0.64 | 9.8 | 0.02 | Jan 18, 2019 | Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention. | ||
| CVE-2018-19716 | Cri | 0.64 | 9.8 | 0.10 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow… | ||
| CVE-2018-19715 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-19708 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-19707 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-19702 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write… | ||
| CVE-2018-19700 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-19698 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-16040 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-16039 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-16037 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-16036 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2019 | Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free… | ||
| CVE-2018-20732 | Cri | 0.64 | 9.8 | 0.04 | Jan 17, 2019 | SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | ||
| CVE-2019-2489 | Cri | 0.59 | 9.1 | 0.02 | Jan 16, 2019 | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker… | ||
| CVE-2019-2453 | Cri | 0.59 | 9.1 | 0.02 | Jan 16, 2019 | Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2015-9280 | Cri | 0.65 | 10.0 | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | ||
| CVE-2015-9278 | Cri | 0.64 | 9.8 | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | ||
| CVE-2015-9277 | Cri | 0.59 | 9.1 | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | ||
| CVE-2018-20721 | Cri | 0.00 | 9.8 | 0.02 | Jan 16, 2019 | URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. | ||
| CVE-2019-6446 | Cri | 0.58 | 9.8 | 0.17 | Jan 16, 2019 | An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a… | ||
| CVE-2019-6444 | Cri | 0.59 | 9.1 | 0.46 | Jan 16, 2019 | An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. | ||
| CVE-2019-6443 | Cri | 0.61 | 9.1 | 0.67 | Jan 16, 2019 | An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. | ||
| CVE-2019-6440 | Cri | 0.64 | 9.8 | 0.03 | Jan 16, 2019 | Zemana AntiMalware before 3.0.658 Beta mishandles update logic. | ||
| CVE-2019-6439 | Cri | 0.64 | 9.8 | 0.03 | Jan 16, 2019 | examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. | ||
| CVE-2019-3557 | Cri | 0.00 | 9.8 | 0.02 | Jan 15, 2019 | The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The… | ||
| CVE-2018-6345 | Cri | 0.00 | 9.8 | 0.02 | Jan 15, 2019 | The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other… | ||
| CVE-2019-0022 | Cri | 0.65 | 10.0 | 0.01 | Jan 15, 2019 | Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | ||
| CVE-2019-0020 | Cri | 0.65 | 10.0 | 0.02 | Jan 15, 2019 | Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | ||
| CVE-2019-0007 | Cri | 0.61 | 9.3 | 0.02 | Jan 15, 2019 | The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was… | ||
| CVE-2019-0006 | Cri | 0.64 | 9.8 | 0.05 | Jan 15, 2019 | A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may… | ||
| CVE-2019-0002 | Cri | 0.64 | 9.8 | 0.02 | Jan 15, 2019 | On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group… | ||
| CVE-2017-6925 | Cri | 0.64 | 9.8 | 0.03 | Jan 15, 2019 | In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different… | ||
| CVE-2018-20718 | Cri | 0.64 | 9.8 | 0.04 | Jan 15, 2019 | In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link. | ||
| CVE-2018-20716 | Cri | 0.64 | 9.8 | 0.01 | Jan 15, 2019 | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||
| CVE-2018-20715 | Cri | 0.64 | 9.8 | 0.01 | Jan 15, 2019 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||
| CVE-2019-6296 | Cri | 0.64 | 9.8 | 0.01 | Jan 15, 2019 | Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. | ||
| CVE-2019-6295 | Cri | 0.64 | 9.8 | 0.01 | Jan 15, 2019 | Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. | ||
| CVE-2019-6259 | Cri | 0.64 | 9.8 | 0.02 | Jan 14, 2019 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | ||
| CVE-2018-1969 | Cri | 0.59 | 9.0 | 0.02 | Jan 14, 2019 | IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. | ||
| CVE-2019-6256 | Cri | 0.64 | 9.8 | 0.02 | Jan 14, 2019 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request… | ||
| CVE-2019-6246 | Cri | 0.64 | 9.8 | 0.02 | Jan 13, 2019 | An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read. | ||
| CVE-2018-4298 | Cri | 0.64 | 9.8 | 0.01 | Jan 11, 2019 | In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. | ||
| CVE-2018-4281 | Cri | 0.64 | 9.8 | 0.01 | Jan 11, 2019 | In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. | ||
| CVE-2018-4258 | Cri | 0.64 | 9.8 | 0.01 | Jan 11, 2019 | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. | ||
| CVE-2018-4257 | Cri | 0.64 | 9.8 | 0.01 | Jan 11, 2019 | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. | ||
| CVE-2018-4254 | Cri | 0.64 | 9.8 | 0.01 | Jan 11, 2019 | In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. |
- risk 0.64cvss 9.8epss 0.01
Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 /…
- risk 0.60cvss 9.3epss 0.01
Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660,…
- risk 0.64cvss 9.8epss 0.01
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850
- risk 0.60cvss 9.1epss 0.09
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
- risk 0.64cvss 9.8epss 0.02
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
- risk 0.64cvss 9.8epss 0.10
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.06
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…
- risk 0.64cvss 9.8epss 0.04
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
- risk 0.59cvss 9.1epss 0.02
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker…
- risk 0.59cvss 9.1epss 0.02
Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.65cvss 10.0epss 0.02
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
- risk 0.64cvss 9.8epss 0.02
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
- risk 0.59cvss 9.1epss 0.02
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
- risk 0.00cvss 9.8epss 0.02
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
- risk 0.58cvss 9.8epss 0.17
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a…
- risk 0.59cvss 9.1epss 0.46
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
- risk 0.61cvss 9.1epss 0.67
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
- risk 0.64cvss 9.8epss 0.03
Zemana AntiMalware before 3.0.658 Beta mishandles update logic.
- risk 0.64cvss 9.8epss 0.03
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
- risk 0.00cvss 9.8epss 0.02
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The…
- risk 0.00cvss 9.8epss 0.02
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other…
- risk 0.65cvss 10.0epss 0.01
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
- risk 0.65cvss 10.0epss 0.02
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
- risk 0.61cvss 9.3epss 0.02
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was…
- risk 0.64cvss 9.8epss 0.05
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may…
- risk 0.64cvss 9.8epss 0.02
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group…
- risk 0.64cvss 9.8epss 0.03
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different…
- risk 0.64cvss 9.8epss 0.04
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.
- risk 0.64cvss 9.8epss 0.01
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
- risk 0.64cvss 9.8epss 0.01
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
- risk 0.64cvss 9.8epss 0.01
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
- risk 0.64cvss 9.8epss 0.01
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
- risk 0.59cvss 9.0epss 0.02
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
- risk 0.64cvss 9.8epss 0.02
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read.
- risk 0.64cvss 9.8epss 0.01
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.
- risk 0.64cvss 9.8epss 0.01
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.
- risk 0.64cvss 9.8epss 0.01
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
- risk 0.64cvss 9.8epss 0.01
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
- risk 0.64cvss 9.8epss 0.01
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.