Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | |||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Rbot Reaction plugin allows command execution | |||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2019-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| konversation before 1.2.3 allows attackers to cause a denial of service. | |||||
| CVE-2013-4101 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness | |||||
| CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | |||||
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | |||||
| CVE-2014-9013 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2019-11-08 | 6.5 MEDIUM | 8.8 HIGH |
| The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | |||||
| CVE-2019-15966 | 1 Cisco | 1 Telepresence Advanced Media Gateway | 2019-11-07 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. | |||||
| CVE-2013-1930 | 2 Fedoraproject, Mantisbt | 2 Fedora, Mantisbt | 2019-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | |||||
| CVE-2017-0316 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2019-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2019-11-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mumble: murmur-server has DoS due to malformed client query | |||||
| CVE-2013-4103 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | |||||
| CVE-2018-1000002 | 1 Nic | 1 Knot Resolver | 2019-11-06 | 4.3 MEDIUM | 3.7 LOW |
| Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | |||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2019-11-06 | 4.9 MEDIUM | 8.1 HIGH |
| php-symfony2-Validator has loss of information during serialization | |||||
| CVE-2013-0178 | 1 Redislabs | 1 Redis | 2019-11-06 | 3.6 LOW | 5.5 MEDIUM |
| Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | |||||
| CVE-2013-0180 | 1 Redislabs | 1 Redis | 2019-11-06 | 3.6 LOW | 5.5 MEDIUM |
| Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | |||||
| CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | |||||
| CVE-2010-2061 | 1 Rpcbind Project | 1 Rpcbind | 2019-11-05 | 7.2 HIGH | 7.8 HIGH |
| rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | |||||