Latest CVE Feed
-
9.8
CRITICALCVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.... Read more
- EPSS Score: %1.47
- Published: Oct. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-10018
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory han... Read more
- EPSS Score: %2.49
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacemen... Read more
- EPSS Score: %39.30
- Published: Apr. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9217
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.... Read more
Affected Products : gitlab- EPSS Score: %0.14
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9025
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buf... Read more
- EPSS Score: %0.56
- Published: Feb. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9023
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data.... Read more
- EPSS Score: %16.18
- Published: Feb. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7198
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS... Read more
- EPSS Score: %3.07
- Published: Dec. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-6808
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.... Read more
- EPSS Score: %3.84
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (cor... Read more
- EPSS Score: %78.50
- Published: Jan. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-5096
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free cond... Read more
Affected Products : goahead- EPSS Score: %77.41
- Published: Dec. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-5079
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets ca... Read more
- EPSS Score: %1.08
- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-25039
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited... Read more
- EPSS Score: %0.73
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-20787
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.... Read more
- EPSS Score: %0.68
- Published: Apr. 22, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise... Read more
- EPSS Score: %0.38
- Published: Jun. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18814
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.... Read more
Affected Products : linux_kernel- EPSS Score: %0.50
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that ... Read more
- EPSS Score: %2.71
- Published: Dec. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1785
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due ... Read more
Affected Products : clamav- EPSS Score: %2.00
- Published: Apr. 08, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (v... Read more
Affected Products : debian_linux enterprise_linux_server webcenter_sites weblogic_server oncommand_workflow_automation steelstore_cloud_integrated_storage communications_cloud_native_core_network_slice_selection_function goldengate_application_adapters jd_edwards_enterpriseone_tools communications_billing_and_revenue_management +13 more products- EPSS Score: %1.19
- Published: Oct. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) ja... Read more
- EPSS Score: %0.44
- Published: Oct. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15874
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel pani... Read more
- EPSS Score: %0.61
- Published: Apr. 29, 2020
- Modified: Nov. 21, 2024