2019-10-09
2019-10-09 16:15Z
HIGH

CVE-2019-13529 — Sma Sunny_webbox_firmware: An attacker could send a malicious link to an authenticated operator, which may allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-13529

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. CVSSv3.1 8.8 (HIGH) · EPSS 81th percentile

CWECWE 352VNDSmaTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2019-09-25
2019-09-25 17:47Z
HIGH

impacket 0.9.20

Impacket releases·github.comCVE-2019-1019CVE-2019-1040

Impacket 0.9.20 released with Python 3.6 support and significant offensive capabilities including POC code for CVE-2019-1019 (SMB signing bypass) and CVE-2019-1040 (NTLM relay attacks). New tools added for Kerberos interception and S4U2Self exploitation with unkeyed checksums, plus WebDAV-based NTLM relay techniques.

SRFNetworkTACTA0006TACTA0008VNDImpacketTYPResearchTYPToolSTGCred AccessSTGLat Movement
82
Edit Score
2019-08-07
2019-08-07 17:15Z
MED

CVE-2019-14750 — Enhancesoft Osticket: Stored XSS exists in setup/install.php.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14750

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions. CVSSv3.1 6.1 (MEDIUM) · EPSS 96th percentile

CWECWE 79VNDEnhancesoftTYPVulnerability
6.1
CVSS v3.1
84
Edit Score
2019-08-07
2019-08-07 17:15Z
HIGH

CVE-2019-14749 — Enhancesoft Osticket: CSV (aka Formula) injection exists in the export spreadsheets functionality.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications CVSSv3.1 8.8 (HIGH) · EPSS 95th percentile

CWECWE 1236VNDEnhancesoftTYPVulnerability
8.8
CVSS v3.1
97
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14204 — Denx U-boot: There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14204

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14203 — Denx U-boot: There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14203

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14202 — Denx U-boot: There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14202

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14201 — Denx U-boot: There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14201

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14200 — Denx U-boot: There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14200

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14199 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14199

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 191VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14198 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14198

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14197 — Denx U-boot: There is a read of out-of-bounds data at nfs_read_reply.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14197

An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. CVSSv3.1 9.1 (CRITICAL) · EPSS 66th percentile

CWECWE 125VNDDenxVNDDasTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14196 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14196

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14195 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14195

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. CVSSv3.1 9.8 (CRITICAL) · EPSS 45th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14194 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14194

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14193 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14193

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-31
2019-07-31 13:15Z
CRIT

CVE-2019-14192 — Denx U-boot: An issue was discovered in Das U-Boot through 2019.07.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-14192

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 787CWECWE 191VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-16
2019-07-16 14:15Z
CRIT

CVE-2019-1010292 — Trustedfirmware Op-tee: The impact is: This could lead to corruption of any memory which the TA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010292

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-15
2019-07-15 18:15Z
CRIT

CVE-2019-1010298 — Trustedfirmware Op-tee: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010298

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile

CWECWE 787CWECWE 190VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2019-07-15
2019-07-15 18:15Z
CRIT

CVE-2019-1010297 — Trustedfirmware Op-tee: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010297

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

CWECWE 787CWECWE 190VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-15
2019-07-15 18:15Z
CRIT

CVE-2019-1010296 — Trustedfirmware Op-tee: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010296

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

CWECWE 787CWECWE 190VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-15
2019-07-15 18:15Z
CRIT

CVE-2019-1010295 — Trustedfirmware Op-tee: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010295

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile

CWECWE 20CWECWE 125CWECWE 787VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-07-15
2019-07-15 18:15Z
CRIT

CVE-2019-1010293 — Trustedfirmware Op-tee: The impact is: Memory corruption of the TEE itself.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-1010293

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 787VNDTeeVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2019-06-03
2019-06-03 20:29Z
CRIT

CVE-2017-14854 — Orpak Siteomat: A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-14854

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25. CVSSv3.1 9.1 (CRITICAL) · EPSS 94th percentile

CWECWE 121CWECWE 119VNDOrpakTYPVulnerability
9.1
CVSS v3.1
99
Edit Score
2019-06-03
2019-06-03 19:29Z
HIGH

CVE-2017-14853 — Orpak Siteomat: The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device. CVSSv3.1 8.6 (HIGH) · EPSS 81th percentile

CWECWE 94VNDOrpakTYPVulnerability
8.6
CVSS v3.1
93
Edit Score