| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000833 | Cri | 0.64 | 9.8 | 0.03 | Dec 20, 2018 | ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||
| CVE-2018-1000832 | Cri | 0.64 | 9.8 | 0.06 | Dec 20, 2018 | ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||
| CVE-2018-1000831 | — | Cri | 0.65 | 10.0 | 0.02 | Dec 20, 2018 | K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the… | |
| CVE-2018-1000830 | Cri | 0.65 | 10.0 | 0.01 | Dec 20, 2018 | XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | ||
| CVE-2018-1000829 | Cri | 0.59 | 9.0 | 0.01 | Dec 20, 2018 | Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after… | ||
| CVE-2018-1000828 | Cri | 0.59 | 9.0 | 0.01 | Dec 20, 2018 | FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in… | ||
| CVE-2018-1000827 | Cri | 0.64 | 9.8 | 0.04 | Dec 20, 2018 | Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||
| CVE-2018-1000825 | Cri | 0.65 | 10.0 | 0.02 | Dec 20, 2018 | FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. | ||
| CVE-2018-1000824 | Cri | 0.64 | 9.8 | 0.03 | Dec 20, 2018 | MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||
| CVE-2018-1000823 | — | Cri | 0.58 | 10.0 | 0.02 | Dec 20, 2018 | exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. | |
| CVE-2018-1000822 | — | Cri | 0.65 | 10.0 | 0.02 | Dec 20, 2018 | codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML… | |
| CVE-2018-1000821 | Cri | 0.65 | 10.0 | 0.02 | Dec 20, 2018 | MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted… | ||
| CVE-2018-1000820 | — | Cri | 0.65 | 10.0 | 0.02 | Dec 20, 2018 | neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after… | |
| CVE-2018-20305 | Cri | 0.64 | 9.8 | 0.04 | Dec 20, 2018 | D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. | ||
| CVE-2018-20300 | Cri | 0.64 | 9.8 | 0.02 | Dec 20, 2018 | Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | ||
| CVE-2018-20299 | Cri | 0.64 | 9.8 | 0.02 | Dec 19, 2018 | An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there… | ||
| CVE-2018-20020 | Cri | 0.64 | 9.8 | 0.09 | Dec 19, 2018 | LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | ||
| CVE-2018-20019 | Cri | 0.64 | 9.8 | 0.09 | Dec 19, 2018 | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | ||
| CVE-2018-15127 | Cri | 0.58 | 9.8 | 0.15 | Dec 19, 2018 | LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution | ||
| CVE-2018-15126 | Cri | 0.58 | 9.8 | 0.12 | Dec 19, 2018 | LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution | ||
| CVE-2018-17777 | Cri | 0.64 | 9.8 | 0.02 | Dec 18, 2018 | An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have… | ||
| CVE-2018-20133 | — | Cri | 0.64 | 9.8 | 0.02 | Dec 17, 2018 | ymlref allows code injection. | |
| CVE-2018-19036 | Cri | 0.64 | 9.8 | 0.02 | Dec 17, 2018 | An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. | ||
| CVE-2018-18556 | Cri | 0.69 | 9.9 | 0.15 | Dec 17, 2018 | A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with… | ||
| CVE-2018-18555 | Cri | 0.64 | 9.9 | 0.02 | Dec 17, 2018 | A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and… | ||
| CVE-2018-20027 | Cri | 0.64 | 9.8 | 0.02 | Dec 17, 2018 | The yaml_parse.load method in Pylearn2 allows code injection. | ||
| CVE-2018-18249 | Cri | 0.64 | 9.8 | 0.01 | Dec 17, 2018 | Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or… | ||
| CVE-2018-20173 | Cri | 0.66 | 9.8 | 0.24 | Dec 17, 2018 | Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | ||
| CVE-2018-20148 | Cri | 0.59 | 9.8 | 0.31 | Dec 14, 2018 | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in… | ||
| CVE-2018-19007 | Cri | 0.64 | 9.8 | 0.04 | Dec 14, 2018 | In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. | ||
| CVE-2018-18006 | Cri | 0.65 | 9.8 | 0.21 | Dec 14, 2018 | Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names… | ||
| CVE-2018-18923 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2018 | AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php. | ||
| CVE-2018-18922 | Cri | 0.64 | 9.8 | 0.02 | Dec 13, 2018 | add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | ||
| CVE-2018-15719 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2018 | Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | ||
| CVE-2018-13816 | Cri | 0.65 | 10.0 | 0.03 | Dec 12, 2018 | A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user… | ||
| CVE-2018-11466 | Cri | 0.64 | 9.8 | 0.04 | Dec 12, 2018 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially… | ||
| CVE-2018-11462 | Cri | 0.64 | 9.8 | 0.04 | Dec 12, 2018 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a… | ||
| CVE-2018-8626 | Cri | 0.65 | 9.8 | 0.21 | Dec 12, 2018 | A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10,… | ||
| CVE-2018-8540 | Cri | 0.65 | 9.8 | 0.22 | Dec 12, 2018 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework… | ||
| CVE-2018-10143 | Cri | 0.66 | 9.8 | 0.25 | Dec 12, 2018 | The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | ||
| CVE-2018-6703 | Cri | 0.64 | 9.8 | 0.03 | Dec 11, 2018 | Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging… | ||
| CVE-2018-20062 | Cri | 0.87 | 9.8 | 1.00 | KEV | Dec 11, 2018 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |
| CVE-2018-20060 | — | Cri | 0.57 | 9.8 | 0.04 | Dec 11, 2018 | urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted… | |
| CVE-2018-20059 | — | Cri | 0.57 | 9.8 | 0.01 | Dec 11, 2018 | jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | |
| CVE-2018-20056 | Cri | 0.64 | 9.8 | 0.07 | Dec 11, 2018 | An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | ||
| CVE-2018-15805 | Cri | 0.59 | 9.1 | 0.02 | Dec 10, 2018 | Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | ||
| CVE-2018-1000861 | — | Cri | 0.16 | 9.8 | 0.98 | KEV | Dec 10, 2018 | A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs… |
| CVE-2016-10502 | Cri | 0.64 | 9.8 | 0.01 | Dec 10, 2018 | While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660. | ||
| CVE-2018-19991 | Cri | 0.64 | 9.8 | 0.02 | Dec 10, 2018 | VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230. | ||
| CVE-2018-9578 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2018 | In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.… |
- risk 0.64cvss 9.8epss 0.03
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
- risk 0.64cvss 9.8epss 0.06
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
- risk 0.65cvss 10.0epss 0.02
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the…
- risk 0.65cvss 10.0epss 0.01
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
- risk 0.59cvss 9.0epss 0.01
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after…
- risk 0.59cvss 9.0epss 0.01
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in…
- risk 0.64cvss 9.8epss 0.04
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
- risk 0.65cvss 10.0epss 0.02
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.
- risk 0.64cvss 9.8epss 0.03
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
- risk 0.58cvss 10.0epss 0.02
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
- risk 0.65cvss 10.0epss 0.02
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML…
- risk 0.65cvss 10.0epss 0.02
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted…
- risk 0.65cvss 10.0epss 0.02
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after…
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.
- risk 0.64cvss 9.8epss 0.02
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there…
- risk 0.64cvss 9.8epss 0.09
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
- risk 0.64cvss 9.8epss 0.09
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
- risk 0.58cvss 9.8epss 0.15
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
- risk 0.58cvss 9.8epss 0.12
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have…
- risk 0.64cvss 9.8epss 0.02
ymlref allows code injection.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
- risk 0.69cvss 9.9epss 0.15
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with…
- risk 0.64cvss 9.9epss 0.02
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and…
- risk 0.64cvss 9.8epss 0.02
The yaml_parse.load method in Pylearn2 allows code injection.
- risk 0.64cvss 9.8epss 0.01
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or…
- risk 0.66cvss 9.8epss 0.24
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
- risk 0.59cvss 9.8epss 0.31
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in…
- risk 0.64cvss 9.8epss 0.04
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
- risk 0.65cvss 9.8epss 0.21
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names…
- risk 0.67cvss 9.8epss 0.03
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
- risk 0.64cvss 9.8epss 0.02
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
- risk 0.64cvss 9.8epss 0.01
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
- risk 0.65cvss 10.0epss 0.03
A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user…
- risk 0.64cvss 9.8epss 0.04
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially…
- risk 0.64cvss 9.8epss 0.04
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a…
- risk 0.65cvss 9.8epss 0.21
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10,…
- risk 0.65cvss 9.8epss 0.22
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework…
- risk 0.66cvss 9.8epss 0.25
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.
- risk 0.64cvss 9.8epss 0.03
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging…
- risk 0.87cvss 9.8epss 1.00
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
- risk 0.57cvss 9.8epss 0.04
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted…
- risk 0.57cvss 9.8epss 0.01
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
- risk 0.59cvss 9.1epss 0.02
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
- risk 0.16cvss 9.8epss 0.98
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs…
- risk 0.64cvss 9.8epss 0.01
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.
- risk 0.64cvss 9.8epss 0.02
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
- risk 0.64cvss 9.8epss 0.01
In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…