Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2383 | 1 Dompdf | 1 Dompdf | 2023-02-02 | 6.8 MEDIUM | N/A |
| dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. | |||||
| CVE-2019-19722 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2023-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. | |||||
| CVE-2018-1386 | 1 Ibm | 1 Tivoli Workload Scheduler | 2023-02-01 | 6.9 MEDIUM | 7.8 HIGH |
| IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. | |||||
| CVE-2019-19649 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | |||||
| CVE-2019-7004 | 1 Avaya | 1 Ip Office Application Server | 2023-02-01 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | |||||
| CVE-2019-19746 | 2 Fedoraproject, Fig2dev Project | 2 Fedora, Fig2dev | 2023-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | |||||
| CVE-2018-3981 | 1 Canvasgfx | 1 Canvas Draw | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3887 | 1 Pl32 | 1 Photoline | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3888 | 1 Pl32 | 1 Photoline | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3891 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 2.1 LOW | 4.6 MEDIUM |
| An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. | |||||
| CVE-2018-3898 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 5.1 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field. | |||||
| CVE-2018-3899 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 5.1 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field | |||||
| CVE-2018-3892 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability. | |||||
| CVE-2018-3900 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. | |||||
| CVE-2018-3910 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 5.4 MEDIUM | 8.0 HIGH |
| An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. | |||||
| CVE-2018-3920 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. | |||||
| CVE-2018-3928 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3935 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3934 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3890 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. | |||||