2020-04-07
2020-04-07 23:15Z
HIGH

CVE-2020-11619 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). CVSSv3.1 8.1 (HIGH) · EPSS 80th percentile

CWECWE 502VNDNetappVNDFasterxmlTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2020-03-31
2020-03-31 05:15Z
HIGH

CVE-2020-11113 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile

CWECWE 502VNDOracleVNDNetappVNDFasterxmlTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
2020-03-31
2020-03-31 05:15Z
HIGH

CVE-2020-11112 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile

CWECWE 502VNDOracleVNDNetappVNDFasterxmlTYPVulnerability
8.8
CVSS v3.1
96
Edit Score
2020-03-26
2020-03-26 21:20Z
HIGH

impacket 0.9.21

Impacket releases·github.com

Impacket 0.9.21 release adds significant offensive capabilities including keytab file support, gMSA password dumping, LAPS password extraction, Kerberos delegation enumeration, and enhanced NTLM relay attacks with SID-based escalation. New tools like ticketConverter.py, findDelegation.py, and addcomputer.py expand post-exploitation and lateral movement options.

SRFNetworkTACTA0006TACTA0007SRFIdentityTACTA0008VNDImpacketTYPToolSTGDiscovery
78
Edit Score
2020-03-16
2020-03-16 16:15Z
CRIT

CVE-2020-6990 — Rockwellautomation Micrologix_1400_a_firmware: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-6990

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controll CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 798CWECWE 321VNDRockwellautomationVNDRockwellTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2020-03-02
2020-03-02 04:15Z
CRIT

CVE-2020-9546 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). CVSSv3.1 9.8 (CRITICAL) · EPSS 85th percentile

CWECWE 502VNDNetappVNDFasterxmlTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2020-02-12
2020-02-12 00:15Z
HIGH

CVE-2020-8892 — Misp-project Misp: An issue was discovered in MISP before 2.4.121.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. CVSSv3.1 8.1 (HIGH) · EPSS 74th percentile

VNDMispVNDMisp ProjectTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2020-01-08
2020-01-08 17:15Z
HIGH

CVE-2014-5287 — Progress Loadmaster: A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-5287

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). CVSSv3.1 8.8 (HIGH) · EPSS 94th percentile

CWECWE 74VNDProgressVNDBashTYPVulnerability
8.8
CVSS v3.1
96
Edit Score
2020-01-02
2020-01-02 14:16Z
HIGH

CVE-2019-20205 — Saitoha Libsixel: 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-20205

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-12-30
2019-12-30 17:15Z
HIGH

CVE-2019-20140 — Saitoha Libsixel: There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-20140

An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-12-30
2019-12-30 04:15Z
HIGH

CVE-2019-20094 — Saitoha Libsixel: There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-20094

An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-12-20
2019-12-20 17:15Z
CRIT

CVE-2019-17571 — Apache Log4j: Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

CWECWE 502VNDApacheVNDIncludedTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2019-12-17
2019-12-17 18:15Z
CRIT

CVE-2019-19634 — Verot_project Verot: class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile

CWECWE 434VNDVerot ProjectVNDJoomlaworksTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2019-12-16
2019-12-16 20:15Z
CRIT

CVE-2019-18269 — Omron Plc_cj_firmware: Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-18269

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile

CWECWE 412VNDOmronVNDPlcsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-12-16
2019-12-16 20:15Z
HIGH

CVE-2019-13533 — Omron Plc_cj_firmware: In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-13533

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. CVSSv3.1 8.1 (HIGH) · EPSS 51th percentile

CWECWE 294VNDOmronTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2019-12-13
2019-12-13 02:15Z
HIGH

CVE-2019-19778 — Saitoha Libsixel: An issue was discovered in libsixel 1.8.2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19778

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. CVSSv3.1 8.8 (HIGH)

CWECWE 125VNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-12-13
2019-12-13 02:15Z
HIGH

CVE-2019-19777 — Nothings Stb_image.h: (aka the stb image loader) 2.23, as used in libsixel and other products

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19777

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. CVSSv3.1 8.8 (HIGH)

CWECWE 125VNDSaitohaVNDNothingsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-12-08
2019-12-08 03:15Z
CRIT

CVE-2019-19638 — Saitoha Libsixel: There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19638

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787CWECWE 190VNDSaitohaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-12-08
2019-12-08 03:15Z
CRIT

CVE-2019-19637 — Saitoha Libsixel: There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19637

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDSaitohaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-12-08
2019-12-08 03:15Z
CRIT

CVE-2019-19636 — Saitoha Libsixel: There is an integer overflow in the function sixel_encode_body at tosixel.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19636

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDSaitohaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-12-08
2019-12-08 03:15Z
CRIT

CVE-2019-19635 — Saitoha Libsixel: There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19635

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDSaitohaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-12-04
2019-12-04 18:15Z
CRIT

CVE-2019-19576 — Verot_project Verot: class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 434VNDVerot ProjectVNDJoomlaworksTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2019-12-02
2019-12-02 19:15Z
HIGH

CVE-2012-5562 — Redhat Satellite: This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2012-5562

A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties. CVSSv3.1 8.6 (HIGH) · EPSS 70th percentile

CWECWE 319TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2019-11-25
2019-11-25 15:15Z
HIGH

CVE-2019-13721 — Google Chrome: Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-13721

Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile

CWECWE 416CWECWE 787VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2019-11-21
2019-11-21 18:15Z
CRIT

CVE-2019-19006 — Sangoma Freepbx: 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-19006in the wild

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 287VNDSangomaTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score