Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-14979 —
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275,... read CVE-2018-14979
Published: December 28, 2018; 04:29:00 PM -05:00
-
CVE-2019-8953 —
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Published: February 20, 2019; 11:29:00 AM -05:00
-
CVE-2018-13404 —
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from... read CVE-2018-13404
Published: February 13, 2019; 01:29:00 PM -05:00
-
CVE-2019-5909 —
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypas... read CVE-2019-5909
Published: February 13, 2019; 01:29:00 PM -05:00
-
CVE-2019-0255 —
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the... read CVE-2019-0255
Published: February 15, 2019; 01:29:00 PM -05:00
-
CVE-2018-20784 —
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
Published: February 22, 2019; 10:29:00 AM -05:00
-
CVE-2019-9015 —
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column i... read CVE-2019-9015
Published: February 22, 2019; 11:29:00 AM -05:00
-
CVE-2018-19036 —
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
Published: December 17, 2018; 02:29:00 PM -05:00
-
CVE-2019-8985 —
On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET reques... read CVE-2019-8985
Published: February 21, 2019; 02:29:00 PM -05:00
-
CVE-2016-1000271 —
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker... read CVE-2016-1000271
Published: February 04, 2019; 04:29:00 PM -05:00
-
CVE-2017-18362 —
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to downl... read CVE-2017-18362
Published: February 05, 2019; 01:29:00 AM -05:00
-
CVE-2019-1698 —
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerabi... read CVE-2019-1698
Published: February 21, 2019; 04:29:00 PM -05:00
-
CVE-2019-1700 —
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent at... read CVE-2019-1700
Published: February 21, 2019; 04:29:00 PM -05:00
-
CVE-2019-1691 —
A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vu... read CVE-2019-1691
Published: February 21, 2019; 03:29:00 PM -05:00
-
CVE-2019-1685 —
A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface o... read CVE-2019-1685
Published: February 21, 2019; 03:29:00 PM -05:00
-
CVE-2019-9004 —
In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. Thi... read CVE-2019-9004
Published: February 22, 2019; 10:29:00 AM -05:00
-
CVE-2019-9003 —
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Published: February 22, 2019; 10:29:00 AM -05:00
-
CVE-2018-11759 —
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs sup... read CVE-2018-11759
Published: October 31, 2018; 04:29:00 PM -04:00
-
CVE-2019-1681 —
A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulne... read CVE-2019-1681
Published: February 21, 2019; 03:29:00 PM -05:00
-
CVE-2019-9016 —
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(... read CVE-2019-9016
Published: February 22, 2019; 11:29:00 AM -05:00