Latest CVE Feed
-
9.8
CRITICALCVE-2016-10324
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.... Read more
Affected Products : osip- Published: Apr. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-10191
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.... Read more
Affected Products : ffmpeg- Published: Feb. 09, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-10141
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation o... Read more
Affected Products : mujs- Published: Jan. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-12600
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).... Read more
Affected Products : suitecrm- Published: Jun. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12530
Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.... Read more
Affected Products : glpi_dashboard- Published: Jun. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-8981
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.... Read more
Affected Products : podofo- Published: Mar. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-12443
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.... Read more
Affected Products : gitlab- Published: Mar. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12498
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.... Read more
- Published: Mar. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12440
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.... Read more
Affected Products : rocks- Published: May. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-50716
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, ... Read more
Affected Products : fast_dds- Published: Mar. 06, 2024
- Modified: Apr. 16, 2025
-
9.8
CRITICALCVE-2019-12409
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases,... Read more
- Published: Nov. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12392
Anviz access control devices allow remote attackers to issue commands without a password.... Read more
Affected Products : anviz_firmware- Published: Dec. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-7545
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arb... Read more
- Published: Apr. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.... Read more
Affected Products : maconomy- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12300
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.... Read more
Affected Products : buildbot- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12292
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.... Read more
Affected Products : appdna- Published: Jun. 24, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12262
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).... Read more
- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.... Read more
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.... Read more
Affected Products : virim- Published: May. 20, 2019
- Modified: Nov. 21, 2024