Vulnerabilities (CVE)

Filter

37101 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-17833 5 Openslp, Debian, Lenovo and 2 more 23 Openslp, Debian Linux, Xclarity Administrator and 20 more 2019-04-22 7.5
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
CVE-2019-3398 1 Atlassian 1 Confluence 2019-04-22 9.0
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has...
CVE-2019-3719 1 Dell 1 Supportassist 2019-04-22 7.9
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a...
CVE-2019-1837 1 Cisco 1 Unified Communications Manager 2019-04-22 7.8
A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due...
CVE-2019-0232 1 Apache 1 Tomcat 2019-04-22 9.3
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line...
CVE-2019-11331 1 Ntp 1 Ntp 2019-04-19 7.5
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
CVE-2019-1840 1 Cisco 1 Prime Network Registrar 2019-04-19 7.8
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is...
CVE-2019-9161 1 Xinruidz 1 Sundray Wan Controller Firmware 2019-04-19 10.0
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be...
CVE-2019-3396 1 Atlassian 1 Confluence 2019-04-19 10.0
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and...
CVE-2019-9160 1 Xinruidz 1 Sundray Wan Controller Firmware 2019-04-19 10.0
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin...
CVE-2018-16561 1 Siemens 4 Simatic S7-300 Firmware, Simatic S7-300f Firmware, Simatic S7-300fs Firmware and 1 more 2019-04-19 7.8
A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode...
CVE-2019-11319 1 Motorola 2 Cx2 Firmware, M2 Firmware 2019-04-19 7.5
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
CVE-2019-11322 1 Motorola 2 Cx2 Firmware, M2 Firmware 2019-04-19 7.5
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
CVE-2019-11320 1 Motorola 2 Cx2 Firmware, M2 Firmware 2019-04-19 7.5
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.
CVE-2019-1710 2019-04-19 7.5
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the...
CVE-2019-11223 1 Supportcandy 1 Supportcandy 2019-04-19 7.5
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2019-1718 1 Cisco 1 Identity Services Engine 2019-04-19 7.8
A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper...
CVE-2019-3710 2019-04-18 7.5
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of...
CVE-2019-10643 1 Contao 1 Contao Cms 2019-04-18 7.5
Contao 4.7 allows Use of a Key Past its Expiration Date.
CVE-2019-5490 1 Netapp 1 Service Processor 2019-04-18 10.0
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact...