Total
309962 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17114 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used. | |||||
CVE-2019-17113 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. | |||||
CVE-2019-17112 | 1 Zohocorp | 1 Manageengine Datasecurity Plus | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). | |||||
CVE-2019-17109 | 1 Koji Project | 1 Koji | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. | |||||
CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||
CVE-2019-17107 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | |||||
CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
CVE-2019-17103 | 1 Bitdefender | 1 Antivirus | 2024-11-21 | 2.1 LOW | 4.9 MEDIUM |
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. | |||||
CVE-2019-17102 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2024-11-21 | 9.3 HIGH | 8.3 HIGH |
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36. | |||||
CVE-2019-17101 | 1 Netatmo | 2 Smart Indoor Camera, Smart Indoor Camera Firmware | 2024-11-21 | 4.6 MEDIUM | 5.7 MEDIUM |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions. | |||||
CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 4.4 MEDIUM | 5.2 MEDIUM |
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | |||||
CVE-2019-17099 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-11-21 | 4.4 MEDIUM | 5.3 MEDIUM |
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | |||||
CVE-2019-17098 | 1 August | 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware | 2024-11-21 | 3.3 LOW | 3.5 LOW |
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | |||||
CVE-2019-17096 | 1 Bitdefender | 3 Box 2, Box 2 Firmware, Central | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | |||||
CVE-2019-17095 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. | |||||
CVE-2019-17094 | 1 Belkin | 2 Wemo Insight Switch, Wemo Insight Switch Firmware | 2024-11-21 | 7.2 HIGH | 8.3 HIGH |
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. | |||||
CVE-2019-17093 | 2 Avast, Avg | 2 Antivirus, Anti-virus | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. | |||||
CVE-2019-17092 | 1 Openproject | 1 Openproject | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. |