Total
164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1959 | 1 Apache | 1 Syncope | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. | |||||
| CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | |||||
| CVE-2019-12822 | 1 Embedthis | 1 Goahead | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | |||||
| CVE-2018-16621 | 1 Sonatype | 1 Nexus Repository Manager | 2021-03-04 | 6.5 MEDIUM | 7.2 HIGH |
| Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | |||||
| CVE-2020-7142 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7141 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7143 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7145 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7144 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7146 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7147 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7148 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7150 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7149 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7151 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7152 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7153 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7154 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7155 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7156 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||