Total
230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12148 | 1 Sangoma | 2 Session Border Controller, Session Border Controller Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. | |||||
| CVE-2019-12147 | 1 Sangoma | 2 Session Border Controller, Session Border Controller Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. | |||||
| CVE-2019-11751 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
| CVE-2019-11582 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI. | |||||
| CVE-2019-10800 | 1 Codecov | 1 Codecov-python | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method. | |||||
| CVE-2019-10746 | 3 Fedoraproject, Mixin-deep Project, Oracle | 3 Fedora, Mixin-deep, Communications Cloud Native Core Network Function Cloud Native Environment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | |||||
| CVE-2019-0764 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'. | |||||
| CVE-2018-3856 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2018-20234 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-19518 | 4 Canonical, Debian, Php and 1 more | 4 Ubuntu Linux, Debian Linux, Php and 1 more | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. | |||||
| CVE-2018-17456 | 4 Canonical, Debian, Git-scm and 1 more | 11 Ubuntu Linux, Debian Linux, Git and 8 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | |||||
| CVE-2018-13386 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability. | |||||
| CVE-2018-13385 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability. | |||||
| CVE-2018-11025 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash. | |||||
| CVE-2018-11024 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash. | |||||
| CVE-2018-11023 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash. | |||||
| CVE-2018-11022 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash. | |||||
| CVE-2018-11021 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash. | |||||
| CVE-2018-11020 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash. | |||||
| CVE-2018-11019 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash. | |||||