Total
59816 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11088 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 8.8 High |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2019-11077 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 8.8 High |
| FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. | ||||
| CVE-2019-11074 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 7.2 High |
| A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | ||||
| CVE-2019-11073 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 7.2 High |
| A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed. | ||||
| CVE-2019-11060 | 1 Asus | 2 Hg100, Hg100 Firmware | 2024-11-21 | 7.5 High |
| The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). | ||||
| CVE-2019-11057 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | ||||
| CVE-2019-11042 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.1 High |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | ||||
| CVE-2019-11041 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.1 High |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | ||||
| CVE-2019-11021 | 1 Schlix | 1 Cms | 2024-11-21 | 7.2 High |
| admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site. | ||||
| CVE-2019-11020 | 1 Ddrt | 2 Dashcom Live, Dashcom Live Firmware | 2024-11-21 | 7.5 High |
| Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. | ||||
| CVE-2019-11019 | 1 Ddrt | 2 Dashcom Live, Dashcom Live Firmware | 2024-11-21 | 7.5 High |
| Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. | ||||
| CVE-2019-11008 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 8.8 High |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2019-11007 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 8.1 High |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | ||||
| CVE-2019-10996 | 1 Redlion | 1 Crimson | 2024-11-21 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | ||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2024-11-21 | 8.8 High |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | ||||
| CVE-2019-10987 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.8 High |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||||
| CVE-2019-10984 | 1 Redlion | 1 Crimson | 2024-11-21 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | ||||
| CVE-2019-10983 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 High |
| In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | ||||
| CVE-2019-10982 | 1 Deltaww | 1 Cnssoft Screeneditor | 2024-11-21 | 7.8 High |
| Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. | ||||
| CVE-2019-10981 | 1 Schneider-electric | 2 Citectscada, Scada Expert Vijeo Citect | 2024-11-21 | 7.8 High |
| In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. | ||||