Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-29 | CVE-2019-13047 | Missing Authorization vulnerability in Toaruos Project Toaruos kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | 7.8 |
2019-06-29 | CVE-2019-13046 | 7PK - Errors vulnerability in Toaruos Project Toaruos linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. | 7.8 |
2019-06-29 | CVE-2019-13035 | Unspecified vulnerability in Pandorafms Pandora FMS Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. | 7.2 |
2019-06-28 | CVE-2019-10993 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | 7.5 |
2019-06-28 | CVE-2019-10987 | Out-of-bounds Write vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. | 8.8 |
2019-06-28 | CVE-2019-10983 | Out-of-bounds Read vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. | 7.5 |
2019-06-28 | CVE-2019-9843 | XXE vulnerability in Diffplug Gradle and Maven In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. | 7.5 |
2019-06-28 | CVE-2018-20809 | Improper Input Validation vulnerability in multiple products A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. | 7.5 |
2019-06-28 | CVE-2018-14918 | Path Traversal vulnerability in Loytec Lgate-902 Firmware LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | 7.8 |
2019-06-28 | CVE-2018-14885 | Improper Access Control vulnerability in Odoo 10.0/11.0 Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. | 7.5 |