Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
| CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |||||
| CVE-2019-18816 | 1 Popojicms | 1 Popojicms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | |||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2019-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |||||
| CVE-2019-18815 | 1 Popojicms | 1 Popojicms | 2019-11-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| PopojiCMS 2.0.1 allows refer= Open Redirection. | |||||
| CVE-2017-18639 | 1 Progress | 1 Sitefinity Cms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. | |||||
| CVE-2019-1980 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. | |||||
| CVE-2019-18797 | 1 Sass-lang | 1 Libsass | 2019-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. | |||||
| CVE-2019-1982 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. | |||||
| CVE-2018-18674 | 1 Gnuboard | 1 Gnuboard5 | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | |||||
| CVE-2019-18798 | 1 Sass-lang | 1 Libsass | 2019-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. | |||||
| CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2019-11-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | |||||
| CVE-2019-18799 | 1 Sass-lang | 1 Libsass | 2019-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. | |||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | |||||
| CVE-2017-0931 | 1 Html-janitor Project | 1 Html-janitor | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values. | |||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2019-11-08 | 2.6 LOW | 5.9 MEDIUM |
| Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
| CVE-2019-8118 | 1 Magento | 1 Magento | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | |||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2019-11-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | |||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. | |||||
| CVE-2019-8227 | 1 Magento | 1 Magento | 2019-11-08 | 3.5 LOW | 4.8 MEDIUM |
| In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | |||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | |||||
| CVE-2019-10475 | 1 Jenkins | 1 Build-metrics | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | |||||
| CVE-2010-3671 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 9.4 HIGH | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | |||||
| CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | |||||
| CVE-2011-4630 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | |||||
| CVE-2016-1000037 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Pagure | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagure: XSS possible in file attachment endpoint | |||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 5.8 MEDIUM | 4.8 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
| CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | |||||
| CVE-2011-1133 | 1 S9y | 1 Serendipity | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. | |||||
| CVE-2011-1135 | 1 S9y | 1 Serendipity | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. | |||||
| CVE-2012-6123 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2019-11-08 | 5.0 MEDIUM | 6.5 MEDIUM |
| Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | |||||
| CVE-2013-4101 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness | |||||
| CVE-2017-12912 | 1 Mp3gain | 1 Mp3gain | 2019-11-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | |||||
| CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | |||||
| CVE-2011-4901 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | |||||
| CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | |||||
| CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | |||||
| CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | |||||
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | |||||
| CVE-2019-18819 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. | |||||
| CVE-2019-18820 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. | |||||
| CVE-2019-18821 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 1.9 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. | |||||
| CVE-2019-8233 | 1 Magento | 1 Magento | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | |||||
| CVE-2014-9014 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2019-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2016-6189 | 1 Inverse | 1 Sogo | 2019-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | |||||
| CVE-2016-6188 | 1 Inverse | 1 Sogo | 2019-11-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |||||
| CVE-2014-9905 | 1 Inverse | 1 Sogo | 2019-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. | |||||
| CVE-2016-6191 | 1 Inverse | 1 Sogo | 2019-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. | |||||
| CVE-2009-5048 | 1 Mortbay | 1 Jetty | 2019-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. | |||||
| CVE-2019-16873 | 1 Portainer | 1 Portainer | 2019-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Portainer before 1.22.1 has XSS (issue 1 of 2). | |||||