Total
1786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2019-12-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | |||||
| CVE-2019-4216 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2019-11-25 | 4.9 MEDIUM | 4.6 MEDIUM |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187. | |||||
| CVE-2019-8135 | 1 Magento | 1 Magento | 2019-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution. | |||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| TWiki allows arbitrary shell command execution via the Include function | |||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2019-11-01 | 9.0 HIGH | 7.2 HIGH |
| Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | |||||
| CVE-2015-4075 | 1 Helpdeskpro | 1 Helpdesk Pro | 2019-10-16 | 6.8 MEDIUM | 8.1 HIGH |
| The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | |||||
| CVE-2018-9062 | 1 Lenovo | 97 20hm, 20hn, 20hq and 94 more | 2019-10-15 | 7.2 HIGH | 6.8 MEDIUM |
| In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | |||||
| CVE-2019-4558 | 1 Ibm | 1 Spectrum Scale | 2019-10-11 | 7.2 HIGH | 7.8 HIGH |
| A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | |||||
| CVE-2019-11277 | 1 Cloudfoundry | 2 Cf-deployment, Nfs Volume Release | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | |||||
| CVE-2018-1943 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385. | |||||
| CVE-2018-1896 | 1 Ibm | 1 Connections | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. | |||||
| CVE-2018-18992 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | |||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |||||
| CVE-2018-16492 | 1 Extend Project | 1 Extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | |||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||