Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cve-2019-8791 vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv3
CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access....
Matroska Libebml
8.4
CVSSv3
CVE-2019-1950
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker...
Cisco Ios Xe
6.1
CVSSv3
CVE-2019-8791
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect....
Apple Shazam
7.5
CVSSv3
CVE-2014-10069
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the...
Hitrontech Cve-30360 Firmware 3.1.1.21
7.5
CVSSv3
CVE-2018-8791
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak....
Rdesktop RdesktopDebian Debian Linux 8.0Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2020-8791
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests...
Oklok Project Oklok 3.1.1
6.1
CVSSv3
CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector....
Accellion File Transfer Appliance
NA
CVE-2014-8791
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter....
Enalean Tuleap 7.6
9.1
CVSSv3
CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory....
Libssh2 Libssh2Fedoraproject Fedora 29Debian Debian Linux 8.0Netapp Ontap Select Deploy Administration Utility -Opensuse Leap 15.0Opensuse Leap 42.3
8.8
CVSSv3
CVE-2019-3855
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the...
Libssh2 Libssh2Fedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30Debian Debian Linux 8.0Debian Debian Linux 9.0Netapp Ontap Select Deploy Administration Utility -Redhat Enterprise Linux 8.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Workstation 7.0Opensuse Leap 42.3Apple XcodeOracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2021-21973mass assignmentCVE-2021-1396CVE-2018-19518CVE-2020-28599deserializationCVE-2021-1230CVE-2021-26681