CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2101 CVE-2019-12099 434 Exec Code 2019-05-14 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
2102 CVE-2019-12042 732 2019-05-23 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.
2103 CVE-2019-12002 Bypass 2020-04-17 2020-04-28
10.0
None Remote Low Not required Complete Complete Complete
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
2104 CVE-2019-11996 +Priv 2019-11-07 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
2105 CVE-2019-11993 2020-01-03 2020-01-21
9.4
None Remote Low Not required None Complete Complete
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.
2106 CVE-2019-11991 200 +Info 2019-07-09 2019-07-16
9.7
None Remote Low Not required Partial Complete Complete
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.
2107 CVE-2019-11990 2019-07-19 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.
2108 CVE-2019-11986 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2109 CVE-2019-11985 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2110 CVE-2019-11984 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2111 CVE-2019-11980 20 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2112 CVE-2019-11979 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2113 CVE-2019-11978 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2114 CVE-2019-11977 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2115 CVE-2019-11976 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2116 CVE-2019-11975 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2117 CVE-2019-11974 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2118 CVE-2019-11973 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2119 CVE-2019-11972 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2120 CVE-2019-11971 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2121 CVE-2019-11970 89 Exec Code Sql 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2122 CVE-2019-11969 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2123 CVE-2019-11968 20 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2124 CVE-2019-11967 20 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2125 CVE-2019-11966 312 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2126 CVE-2019-11965 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2127 CVE-2019-11964 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2128 CVE-2019-11963 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2129 CVE-2019-11962 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2130 CVE-2019-11961 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2131 CVE-2019-11960 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2132 CVE-2019-11959 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2133 CVE-2019-11958 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2134 CVE-2019-11957 787 Exec Code 2019-06-05 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2135 CVE-2019-11956 502 Exec Code 2019-06-05 2019-06-07
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2136 CVE-2019-11955 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2137 CVE-2019-11954 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2138 CVE-2019-11953 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2139 CVE-2019-11952 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2140 CVE-2019-11951 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2141 CVE-2019-11950 502 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2142 CVE-2019-11949 917 Exec Code 2019-06-05 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2143 CVE-2019-11948 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2144 CVE-2019-11947 798 Exec Code 2019-06-05 2019-06-06
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2145 CVE-2019-11945 502 Exec Code 2019-06-05 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2146 CVE-2019-11944 502 Exec Code 2019-06-05 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2147 CVE-2019-11943 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2148 CVE-2019-11942 917 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2149 CVE-2019-11941 Exec Code 2019-06-05 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2150 CVE-2019-11859 120 Exec Code Overflow 2020-08-21 2020-08-27
9.0
None Remote Low ??? Complete Complete Complete
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.