6715 matches found
CVE-2022-37361
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2022-31528
The bonn-activity-maps/bamannotationtool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31543
The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31576
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-26521
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...
CVE-2017-12778
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...
CVE-2019-18994
Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty .JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service...
CVE-2019-2858
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware subcomponent: Advanced Console. Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2019-2861
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion subcomponent: Security. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful...
CVE-2019-2260
A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640,...
CVE-2019-2723
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-11986
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11341
On certain Samsung P9.0 phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the 9900 check code, but is protected by an OTP password. However, this password is created locally...
CVE-2019-11202
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may...
CVE-2019-20205
libsixel 1.8.4 has an integer overflow in sixelframeresize in frame.c...
CVE-2019-20169
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trakRead in isomedia/boxcodebase.c...
CVE-2011-0513
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL...
CVE-2020-7215
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991MR5, 8.00 before 8.00.1161MR5, and 8.10 before 8.10.1134MR4. External system configuration data used for third party integrations such as DVR systems were logged in the Command Centre event trail. Any authenticated operator wi...
CVE-2020-12732
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetionxxxxxxxx with a password of 12345678...
CVE-2020-12676
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...