Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6029 | 1 Torrentflux Project | 1 Torrentflux | 2020-01-30 | 4.9 MEDIUM | N/A |
| TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | |||||
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| BabyGekko before 1.2.4 allows PHP file inclusion. | |||||
| CVE-2015-2784 | 1 Papercrop Project | 1 Papercrop | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. | |||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | |||||
| CVE-2019-11998 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2020-01-29 | 5.0 MEDIUM | 5.5 MEDIUM |
| HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product. | |||||
| CVE-2020-3134 | 1 Cisco | 1 Email Security Appliance | 2020-01-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. | |||||
| CVE-2020-3139 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j). | |||||
| CVE-2019-13524 | 1 Emerson | 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more | 2020-01-27 | 7.8 HIGH | 7.5 HIGH |
| GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. | |||||
| CVE-2020-6638 | 1 Grin | 1 Grin | 2020-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Grin through 2.1.1 has Insufficient Validation. | |||||
| CVE-2019-14010 | 1 Qualcomm | 22 Mdm9607, Mdm9607 Firmware, Nicobar and 19 more | 2020-01-24 | 7.8 HIGH | 7.5 HIGH |
| The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-6304 | 1 Sap | 5 Netweaver Internet Communication Manager \(kernel\), Netweaver Internet Communication Manager \(krnl32nuc\), Netweaver Internet Communication Manager \(krnl32uc\) and 2 more | 2020-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | |||||
| CVE-2019-19836 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. | |||||
| CVE-2017-2371 | 1 Apple | 1 Iphone Os | 2020-01-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. | |||||
| CVE-2017-5592 | 1 Profanity Project | 1 Profanity | 2020-01-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). | |||||
| CVE-2012-0334 | 1 Cisco | 1 Ironport Web Security Appliance | 2020-01-23 | 3.2 LOW | 6.4 MEDIUM |
| Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks | |||||
| CVE-2012-1326 | 1 Cisco | 1 Ironport Web Security Appliance | 2020-01-23 | 5.8 MEDIUM | 7.4 HIGH |
| Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | |||||
| CVE-2012-4603 | 2 Citrix, Microsoft | 3 Receiver, Xenapp Online, Windows | 2020-01-22 | 9.3 HIGH | 7.8 HIGH |
| Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | |||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2020-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | |||||
| CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | |||||
| CVE-2017-5606 | 1 Xabber | 1 Xabber | 2020-01-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android). | |||||