Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11782 | 1 Apache | 1 Subversion | 2019-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. | |||||
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2019-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | |||||
| CVE-2019-6654 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-09-26 | 3.3 LOW | 4.3 MEDIUM |
| On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | |||||
| CVE-2019-10937 | 1 Siemens | 2 Simatic Tdc Cp51m1, Simatic Tdc Cp51m1 Firmware | 2019-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-16412 | 1 Tendacn | 2 N301, N301 Firmware | 2019-09-19 | 7.8 HIGH | 7.5 HIGH |
| In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) | |||||
| CVE-2018-12565 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2019-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | |||||
| CVE-2016-10991 | 1 Imdb-widget Project | 1 Imdb-widget | 2019-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. | |||||
| CVE-2016-10960 | 1 Joomlaserviceprovider | 1 Wsecure | 2019-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. | |||||
| CVE-2016-10956 | 1 Mail-masta Project | 1 Mail-masta | 2019-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | |||||
| CVE-2018-7081 | 1 Arubanetworks | 1 Arubaos | 2019-09-16 | 9.3 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. | |||||
| CVE-2016-10948 | 1 Post Indexer Project | 1 Post Indexer | 2019-09-13 | 6.8 MEDIUM | 8.1 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | |||||
| CVE-2019-5976 | 1 Cybozu | 1 Garoon | 2019-09-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | |||||
| CVE-2019-0928 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-09-12 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2019-1302 | 1 Microsoft | 1 Asp.net Core | 2019-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | |||||
| CVE-2019-1264 | 1 Microsoft | 3 Office, Office 365 Proplus, Project | 2019-09-12 | 6.8 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-1296 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. | |||||
| CVE-2019-1295 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. | |||||
| CVE-2019-1257 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. | |||||
| CVE-2018-20551 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | |||||
| CVE-2019-15639 | 1 Digium | 1 Asterisk | 2019-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. | |||||