Latest CVE Feed
-
10.0
HIGHCVE-2017-8404
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more
- EPSS Score: %21.86
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-8410
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the va... Read more
- EPSS Score: %2.92
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-7274
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.... Read more
- EPSS Score: %32.81
- Published: Jul. 01, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.... Read more
Affected Products : school-erp- EPSS Score: %34.31
- Published: Jul. 04, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not app... Read more
- EPSS Score: %8.96
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not caus... Read more
- EPSS Score: %18.80
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12803
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote... Read more
Affected Products : i-onenet- EPSS Score: %0.36
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-13561
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.... Read more
- EPSS Score: %21.43
- Published: Jul. 11, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-13598
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.... Read more
- EPSS Score: %9.44
- Published: Jul. 14, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more
Affected Products : op-tee- EPSS Score: %1.07
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-1010297
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more
Affected Products : op-tee- EPSS Score: %1.07
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-6824
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.... Read more
Affected Products : proclima- EPSS Score: %13.84
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-13624
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.... Read more
Affected Products : onos- EPSS Score: %0.43
- Published: Jul. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-1917
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An att... Read more
Affected Products : vision_dynamic_signage_director- EPSS Score: %14.37
- Published: Jul. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vuln... Read more
Affected Products : zeroshell- EPSS Score: %94.09
- Published: Jul. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-13569
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.... Read more
- EPSS Score: %2.69
- Published: Jul. 19, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2307
Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qca6174a_firmware +68 more products- EPSS Score: %0.64
- Published: Jul. 25, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2327
Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables ... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +78 more products- EPSS Score: %0.36
- Published: Jul. 25, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-14363
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.... Read more
- EPSS Score: %1.30
- Published: Jul. 28, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10855
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).... Read more
Affected Products : cpanel- EPSS Score: %1.07
- Published: Aug. 01, 2019
- Modified: Nov. 21, 2024