Latest CVE Feed
-
9.8
CRITICALCVE-2019-12409
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases,... Read more
- Published: Nov. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12392
Anviz access control devices allow remote attackers to issue commands without a password.... Read more
Affected Products : anviz_firmware- Published: Dec. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-7545
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arb... Read more
- Published: Apr. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.... Read more
Affected Products : maconomy- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12300
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.... Read more
Affected Products : buildbot- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12292
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.... Read more
Affected Products : appdna- Published: Jun. 24, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12262
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).... Read more
- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.... Read more
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.... Read more
Affected Products : virim- Published: May. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12297
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.... Read more
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-6674
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.... Read more
- Published: Apr. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.... Read more
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12260
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.... Read more
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12208
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.... Read more
Affected Products : njs- Published: May. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12204
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.... Read more
Affected Products : silverstripe- Published: Sep. 25, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12256
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.... Read more
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-5334
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. No... Read more
- Published: Jan. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18046
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).... Read more
- Published: Jan. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12144
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code exe... Read more
Affected Products : ws_ftp_server- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12182
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.... Read more
Affected Products : ta-8035_firmware ta-8010_firmware ta-8015_firmware ta-8020_firmware ta-8025_firmware ta-8030_firmware tm-616_firmware ta-8035 ta-8010 ta-8015 +4 more products- Published: Mar. 13, 2020
- Modified: Nov. 21, 2024