CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-8025 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-14948 Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8169 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8024 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8023 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8022 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8017 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17580 tonyy dormsystem through 1.3 allows SQL Injection in admin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12918 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-7965 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8016 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8015 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8003 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8009 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8006 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17355 In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17553 An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17670 WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17669 WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15064 HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17552 An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17408 parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17545 GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-2904 Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploi... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8135 The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17539 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17531 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17510 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell meta... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17509 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shel... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17508 On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17506 There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other informatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21027 Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13582 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A s... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17613 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attack... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13581 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A h... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17059 A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN console... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17399 The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8186 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17383 The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | 9.8 | CRITICAL | — | 0 |
| CVE-2011-0703 In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17124 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15859 Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17373 Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, D... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-7088 ClamAV before 0.97.7 has buffer overflow in the libclamav component | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-7087 ClamAV before 0.97.7 has WWPack corrupt heap memory | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14345 TemaTres 3.0 allows remote unprivileged users to create an administrator account | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.