Vulnerabilities (CVE)

Filtered by CWE-20
Total 10067 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1712 1 Cisco 1 Ios Xr 2024-02-04 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected.
CVE-2019-5611 1 Freebsd 1 Freebsd 2024-02-04 7.8 HIGH 7.5 HIGH
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.
CVE-2018-15732 1 Stopzilla 1 Antimalware 2024-02-04 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063.
CVE-2018-20013 1 Urbackup 1 Urbackup 2024-02-04 5.0 MEDIUM 7.5 HIGH
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application.
CVE-2019-9819 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-02-04 7.5 HIGH 9.8 CRITICAL
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVE-2019-0973 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-02-04 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.
CVE-2016-10850 1 Cpanel 1 Cpanel 2024-02-04 9.0 HIGH 8.8 HIGH
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
CVE-2018-20985 1 Payeezy 1 Wp Payeezy Pay 2024-02-04 7.5 HIGH 9.8 CRITICAL
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
CVE-2017-18382 1 Cpanel 1 Cpanel 2024-02-04 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
CVE-2018-19642 1 Microfocus 1 Solutions Business Manager 2024-02-04 5.0 MEDIUM 7.5 HIGH
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2019-16314 1 Indexhibit 1 Indexhibit 2024-02-04 7.5 HIGH 9.8 CRITICAL
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2018-4342 1 Apple 1 Mac Os X 2024-02-04 2.1 LOW 5.5 MEDIUM
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
CVE-2018-15736 1 Stopzilla 1 Antimalware 2024-02-04 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F.
CVE-2019-11125 1 Intel 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more 2024-02-04 4.6 MEDIUM 6.7 MEDIUM
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-5801 3 Apple, Google, Opensuse 4 Iphone Os, Chrome, Backports and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-1823 1 Cisco 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure 2024-02-04 9.0 HIGH 7.2 HIGH
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
CVE-2019-1598 1 Cisco 12 Firepower 4100, Firepower 9300, Firepower Extensible Operating System and 9 more 2024-02-04 7.8 HIGH 7.5 HIGH
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b).
CVE-2019-5242 1 Huawei 1 Pcmanager 2024-02-04 9.3 HIGH 7.8 HIGH
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory.
CVE-2019-11967 1 Hp 1 Intelligent Management Center 2024-02-04 9.0 HIGH 8.8 HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2015-9348 1 Codepeople 1 Sell Downloads 2024-02-04 5.0 MEDIUM 7.5 HIGH
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.