Latest CVE Feed
-
9.8
CRITICALCVE-2019-14308
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affecte... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %1.29
- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14203
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.... Read more
Affected Products : u-boot- EPSS Score: %0.46
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.... Read more
- EPSS Score: %0.61
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11703
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.... Read more
Affected Products : thunderbird- EPSS Score: %8.30
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11692
A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.... Read more
- EPSS Score: %0.52
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11411
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.... Read more
Affected Products : mujs- EPSS Score: %2.48
- Published: Apr. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.... Read more
- EPSS Score: %0.38
- Published: Aug. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10692
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.... Read more
Affected Products : wp_go_maps- EPSS Score: %89.36
- Published: Apr. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10627
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in P... Read more
Affected Products : j6u57b_firmware j9v82a_firmware j9v82d_firmware j6u55a_firmware j6u55d_firmware j9v80a_firmware j9v80b_firmware d3q15a_firmware d3q15b_firmware d3q15d_firmware +73 more products- EPSS Score: %0.56
- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.... Read more
- EPSS Score: %2.25
- Published: Mar. 28, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0160
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.... Read more
- EPSS Score: %0.73
- Published: Mar. 27, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-9057
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM acco... Read more
Affected Products : terraform- EPSS Score: %0.44
- Published: Mar. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8794
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.... Read more
- EPSS Score: %6.07
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8016
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-... Read more
Affected Products : cassandra- EPSS Score: %0.64
- Published: Jun. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7548
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.... Read more
- EPSS Score: %0.22
- Published: Feb. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6797
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_server enterprise_linux_workstation perl- EPSS Score: %1.88
- Published: Apr. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6521
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.... Read more
- EPSS Score: %0.58
- Published: Feb. 02, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an atta... Read more
- EPSS Score: %15.49
- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20784
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.... Read more
- EPSS Score: %0.77
- Published: Feb. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20750
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.... Read more
- EPSS Score: %8.18
- Published: Jan. 30, 2019
- Modified: Nov. 21, 2024