Search
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10988 | 1 Philips | 2 Hdi 4000, Hdi 4000 Firmware | 2020-10-02 | 3.6 LOW | 3.4 LOW |
| In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. | |||||
| CVE-2020-14525 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 2.7 LOW | 3.5 LOW |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | |||||
| CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | |||||
| CVE-2020-1795 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2020-03-24 | 2.1 LOW | 2.4 LOW |
| There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | |||||
| CVE-2019-8630 | 1 Apple | 1 Iphone Os | 2019-12-26 | 2.1 LOW | 3.3 LOW |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking. | |||||
| CVE-2016-9471 | 1 Revive-adserver | 1 Revive Adserver | 2019-10-09 | 2.1 LOW | 3.1 LOW |
| Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. | |||||
| CVE-2017-2383 | 1 Apple | 2 Icloud, Itunes | 2017-07-12 | 3.5 LOW | 3.1 LOW |
| An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate. | |||||
| CVE-2016-9338 | 1 Rockwellautomation | 20 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 17 more | 2017-03-16 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller. | |||||
| CVE-2016-1900 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2016-12-07 | 4.3 MEDIUM | 3.7 LOW |
| CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | |||||
| CVE-2016-1899 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2016-12-07 | 4.3 MEDIUM | 3.7 LOW |
| CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. | |||||
| CVE-2016-1798 | 1 Apple | 1 Mac Os X | 2016-12-01 | 4.3 MEDIUM | 3.3 LOW |
| Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2016-10-13 | 2.1 LOW | 3.3 LOW |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
| CVE-2016-2868 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-07-06 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||