IDCVSSSažetakZadnje (važnije) ažuriranjeObjavljeno
CVE-2019-14253 6.4
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted.
18-09-2019 - 21:33 18-09-2019 - 12:15
CVE-2019-14254 7.5
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the
18-09-2019 - 21:12 18-09-2019 - 12:15
CVE-2019-16413 None
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
18-09-2019 - 20:15 18-09-2019 - 20:15
CVE-2019-3758 None
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to th
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-3756 None
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-3740 None
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-3739 None
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA key
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-3738 None
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same pre
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-11778 None
If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interv
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-11211 None
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code e
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-11210 None
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access contr
18-09-2019 - 19:15 18-09-2019 - 19:15
CVE-2019-13550 None
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
18-09-2019 - 19:01 18-09-2019 - 17:15
CVE-2019-13552 None
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
18-09-2019 - 19:01 18-09-2019 - 17:15
CVE-2019-13556 None
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
18-09-2019 - 19:01 18-09-2019 - 18:15
CVE-2019-13558 None
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
18-09-2019 - 19:01 18-09-2019 - 18:15
CVE-2019-5531 None
VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b and 6.0 prior to 6.0 U3j) contain an information disclosu
18-09-2019 - 18:15 18-09-2019 - 18:15
CVE-2019-11664 None
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
18-09-2019 - 18:15 18-09-2019 - 18:15
CVE-2019-11663 None
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensiti
18-09-2019 - 18:15 18-09-2019 - 18:15
CVE-2019-11662 None
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow informati
18-09-2019 - 18:15 18-09-2019 - 18:15
CVE-2019-11661 None
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and mod
18-09-2019 - 18:15 18-09-2019 - 18:15
CVE-2019-5534 None
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConf
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-5532 None
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user w
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-5067 None
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly a
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-5066 None
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnera
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-5042 None
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malic
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-15301 None
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
18-09-2019 - 17:15 18-09-2019 - 17:15
CVE-2019-14252 6.5
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\web
18-09-2019 - 15:44 18-09-2019 - 12:15
CVE-2019-15843 5.8
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A man-in-the-middle attacker could write files or read privileged data.
18-09-2019 - 15:38 18-09-2019 - 11:15
CVE-2019-9680 None
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC
18-09-2019 - 15:23 18-09-2019 - 15:15
CVE-2019-9679 None
Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-H
18-09-2019 - 15:23 18-09-2019 - 15:15
CVE-2019-9678 None
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-
18-09-2019 - 15:23 18-09-2019 - 15:15
CVE-2019-9677 None
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,I
18-09-2019 - 15:23 18-09-2019 - 15:15
CVE-2019-14458 None
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
18-09-2019 - 15:23 18-09-2019 - 14:15
CVE-2019-16216 3.5
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server usin
18-09-2019 - 14:43 18-09-2019 - 08:15
CVE-2019-16215 4.0
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU ti
18-09-2019 - 14:27 18-09-2019 - 08:15
CVE-2016-10995 7.5
The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.
18-09-2019 - 14:22 18-09-2019 - 08:15
CVE-2016-10994 4.3
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.
18-09-2019 - 14:22 18-09-2019 - 08:15
CVE-2019-1975 None
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protec
18-09-2019 - 13:44 18-09-2019 - 13:15
CVE-2019-12620 None
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statist
18-09-2019 - 13:44 18-09-2019 - 13:15
CVE-2018-1847 None
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacke
18-09-2019 - 12:15 18-09-2019 - 11:15
CVE-2019-16399 None
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login
18-09-2019 - 11:20 18-09-2019 - 10:15
CVE-2019-16403 None
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
18-09-2019 - 08:22 18-09-2019 - 08:15
CVE-2019-16396 6.8
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
17-09-2019 - 20:14 17-09-2019 - 18:15
CVE-2019-16395 6.8
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
17-09-2019 - 20:14 17-09-2019 - 18:15
CVE-2019-16394 5.0
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
17-09-2019 - 20:14 17-09-2019 - 17:15
CVE-2019-16393 5.8
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
17-09-2019 - 20:14 17-09-2019 - 17:15
CVE-2019-16392 4.3
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
17-09-2019 - 20:14 17-09-2019 - 17:15
CVE-2019-16391 4.0
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
17-09-2019 - 20:14 17-09-2019 - 17:15
CVE-2019-16199 7.5
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
17-09-2019 - 20:14 17-09-2019 - 17:15
CVE-2019-16378 7.5
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
17-09-2019 - 17:15 17-09-2019 - 08:15
Povratak na vrh stranice Označi odabrano
Povratak na vrh stranice