Vulnerabilities (CVE)

Filter

36760 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12547 2019-02-21 7.5
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not...
CVE-2018-20752 2019-02-21 7.5
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when...
CVE-2018-10612 2019-02-21 10.0
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive...
CVE-2019-8950 1 Dasannetworks 1 H665 Firmware 2019-02-21 10.0
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2018-1944 2019-02-21 7.5
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...
CVE-2018-15460 1 Cisco 1 Email Security Appliances Firmware 2019-02-21 7.8
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial...
CVE-2019-5916 1 D-circle 1 Power Egg 2019-02-21 7.5
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and...
CVE-2018-4012 1 Webroot 1 Brightcloud 2019-02-21 9.3
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated...
CVE-2018-20753 1 Kaseya 1 Virtual System Administrator 2019-02-21 7.5
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
CVE-2018-19007 2019-02-21 10.0
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2019-8317 1 Dlink 1 Dir-878 Firmware 2019-02-21 9.0
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute...
CVE-2018-5819 1 Libraw 1 Libraw 2019-02-21 7.8
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2013-5654 1 Yingzhipython Project 1 Yingzhipython 2019-02-21 9.4
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
CVE-2019-3464 2 Pizzashack, Debian 2 Rssh, Debian Linux 2019-02-21 7.5
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2019-7653 1 Rdflib Project 1 Rdflib 2019-02-21 7.5
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This...
CVE-2018-20030 1 Libexif Project 1 Libexif 2019-02-21 7.8
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2018-12549 1 Eclipse 1 Openj9 2019-02-21 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2016-2788 2 Puppetlabs, Puppet 3 Puppet, Marionette-collective, Puppet 2019-02-21 7.5
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2019-8979 2 Kohanaframework, Koseven 2 Kohana, Koseven 2019-02-21 7.5
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2019-8980 1 Linux 1 Linux Kernel 2019-02-21 7.8
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.