National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
  • CVSS V3 Metrics: AV:N
There are 6,927 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-12960

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.

Published: June 25, 2019; 09:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12939

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.

Published: June 24, 2019; 12:15:15 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12929

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.

Published: June 24, 2019; 07:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-12928

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.

Published: June 24, 2019; 07:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-11011

Akamai CloudTest before 58.30 allows remote code execution.

Published: June 21, 2019; 02:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-15868

SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.

Published: June 21, 2019; 10:15:10 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-15890

An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.

Published: June 20, 2019; 01:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-17944

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

Published: June 20, 2019; 11:15:10 AM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2019-2729

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published: June 19, 2019; 07:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12900

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Published: June 19, 2019; 07:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12899

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.

Published: June 19, 2019; 06:15:14 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12898

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.

Published: June 19, 2019; 06:15:14 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-2007

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744

Published: June 19, 2019; 04:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-2006

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-116665972

Published: June 19, 2019; 04:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

Published: June 19, 2019; 02:15:12 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-17388

SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.

Published: June 19, 2019; 02:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-17386

SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.

Published: June 19, 2019; 02:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-17381

SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

Published: June 19, 2019; 02:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-17374

SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.

Published: June 19, 2019; 02:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-17148

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

Published: June 19, 2019; 02:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM