Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1338 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 4.3
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass...
CVE-2019-17507 1 Dlink 1 Dir-816 A1 Firmware 2019-10-15 5.0
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp,...
CVE-2019-17180 1 Valvesoftware 1 Steam Client 2019-10-15 7.2
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of...
CVE-2019-17451 1 Gnu 1 Binutils 2019-10-15 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
CVE-2019-10759 1 Safer-eval Project 1 Safer-eval 2019-10-15 6.5
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10760 1 Safer-eval Project 1 Safer-eval 2019-10-15 6.5
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-17397 1 Doordash 1 Doordash 2019-10-15 5.0
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2015-9463 1 S3bubble 1 S3bubble-amazon-s3-audio-streaming 2019-10-15 5.0
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVE-2015-9465 2019-10-15 6.5
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
CVE-2019-1356 1 Microsoft 1 Edge 2019-10-15 4.3
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.
CVE-2019-1340 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation...
CVE-2015-9464 1 S3bubble 1 S3bubble-amazon-s3-html-5-video-with-adverts 2019-10-15 5.0
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVE-2019-1341 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.
CVE-2015-9473 1 Estrutura-basica Project 1 Estrutura-basica 2019-10-15 5.0
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
CVE-2010-5339 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5340 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2019-3738 1 Rsa 2 Bsafe Cert-j, Bsafe Ssl-j 2019-10-15 4.3
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable...
CVE-2015-9476 1 Teardrop Project 1 Teardrop 2019-10-15 6.5
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.