Search
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2019-07-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-3700 | 2 Intel, Microsoft | 2 Usb 3.0 Extensible Host Controller Driver, Windows 7 | 2019-02-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-3686 | 1 Intel | 1 Sa-00086 Detection Tool | 2018-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | |||||
| CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2018-10-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | |||||
| CVE-2017-1721 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2018-05-25 | 6.8 MEDIUM | 5.6 MEDIUM |
| IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810. | |||||
| CVE-2017-17649 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | |||||
| CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2017-12-22 | 3.6 LOW | 4.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||||
| CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2017-09-06 | 3.5 LOW | 5.3 MEDIUM |
| The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | |||||
| CVE-2017-3753 | 1 Lenovo | 219 63, 63 Firmware, H50-30g and 216 more | 2017-08-29 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. | |||||
| CVE-2017-6782 | 1 Cisco | 1 Prime Infrastructure | 2017-08-25 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). | |||||
| CVE-2017-6325 | 1 Symantec | 1 Messaging Gateway | 2017-07-07 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. | |||||
| CVE-2016-7968 | 1 Kde | 1 Kmail | 2016-12-27 | 7.5 HIGH | 6.5 MEDIUM |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||||
| CVE-2016-1413 | 1 Cisco | 1 Firepower Management Center | 2016-05-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2016-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||