Vulnerabilities (CVE)

Total 309962 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17114 1 Wikidsystems 1 Two Factor Authentication Enterprise Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used.
CVE-2019-17113 1 Openmpt 1 Libopenmpt 2024-11-21 7.5 HIGH 9.8 CRITICAL
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.
CVE-2019-17112 1 Zohocorp 1 Manageengine Datasecurity Plus 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).
CVE-2019-17109 1 Koji Project 1 Koji 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
CVE-2019-17108 1 Centreon 1 Centreon Web 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVE-2019-17107 1 Centreon 1 Centreon Web 2024-11-21 6.5 MEDIUM 8.8 HIGH
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
CVE-2019-17106 1 Centreon 1 Centreon Web 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
CVE-2019-17105 1 Centreon 1 Centreon Web 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
CVE-2019-17104 1 Centreon 1 Centreon Vm 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
CVE-2019-17103 1 Bitdefender 1 Antivirus 2024-11-21 2.1 LOW 4.9 MEDIUM
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVE-2019-17102 1 Bitdefender 2 Box 2, Box 2 Firmware 2024-11-21 9.3 HIGH 8.3 HIGH
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
CVE-2019-17101 1 Netatmo 2 Smart Indoor Camera, Smart Indoor Camera Firmware 2024-11-21 4.6 MEDIUM 5.7 MEDIUM
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.
CVE-2019-17100 1 Bitdefender 1 Total Security 2020 2024-11-21 4.4 MEDIUM 5.2 MEDIUM
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVE-2019-17099 1 Bitdefender 1 Endpoint Security Tools 2024-11-21 4.4 MEDIUM 5.3 MEDIUM
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
CVE-2019-17098 1 August 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware 2024-11-21 3.3 LOW 3.5 LOW
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions.
CVE-2019-17096 1 Bitdefender 3 Box 2, Box 2 Firmware, Central 2024-11-21 9.3 HIGH 9.0 CRITICAL
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVE-2019-17095 1 Bitdefender 2 Box 2, Box 2 Firmware 2024-11-21 10.0 HIGH 8.1 HIGH
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
CVE-2019-17094 1 Belkin 2 Wemo Insight Switch, Wemo Insight Switch Firmware 2024-11-21 7.2 HIGH 8.3 HIGH
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
CVE-2019-17093 2 Avast, Avg 2 Antivirus, Anti-virus 2024-11-21 4.4 MEDIUM 7.8 HIGH
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.
CVE-2019-17092 1 Openproject 1 Openproject 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.