Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2215 1 Google 1 Android 2019-10-16 4.6
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local...
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2019-10-16 5.0
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-2173 1 Google 1 Android 2019-10-16 4.6
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
CVE-2019-15715 1 Mantisbt 1 Mantisbt 2019-10-16 6.5
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVE-2019-14225 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 5.5
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
CVE-2019-14227 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 4.3
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVE-2019-15017 1 Zingbox 1 Inspector 2019-10-16 7.2
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
CVE-2019-15015 1 Zingbox 1 Inspector 2019-10-16 7.2
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
CVE-2019-17535 1 Gilacms 1 Gila Cms 2019-10-16 4.3
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2015-9492 1 Smartit Premium Responsive Project 1 Smartit Premium Responsive 2019-10-16 5.0
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the...
CVE-2019-6333 1 Hp 1 Touchpoint Analytics 2019-10-16 7.2
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP...
CVE-2019-16866 2 Nlnetlabs, Canonical 2 Unbound, Ubuntu Linux 2019-10-16 5.0
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2019-17382 1 Zabbix 1 Zabbix 2019-10-16 6.4
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any...
CVE-2019-10969 1 Moxa 1 Edr-810 Firmware 2019-10-16 6.5
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
CVE-2019-16279 1 Nazgul 1 Nostromo Nhttpd 2019-10-16 5.0
Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.
CVE-2019-17369 1 Otcms 1 Otcms 2019-10-16 4.3
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.
CVE-2015-9474 1 Simpolio Project 1 Simpolio 2019-10-16 6.5
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVE-2019-17426 1 Mongoosejs 1 Mongoose 2019-10-16 6.4
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter....
CVE-2015-9475 1 Pont Project 1 Pont 2019-10-16 6.5
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVE-2019-17505 1 Dlink 1 Dap-1320 A2 Firmware 2019-10-16 5.0
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or...