Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2150 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117935831 | |||||
| CVE-2019-2151 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495174 | |||||
| CVE-2019-2152 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118145923 | |||||
| CVE-2019-2153 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611181 | |||||
| CVE-2019-2154 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610057 | |||||
| CVE-2019-2155 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117655547 | |||||
| CVE-2017-1398 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. | |||||
| CVE-2015-5008 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5009 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0225 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5894 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 1.9 LOW | 5.1 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. | |||||
| CVE-2016-2862 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2019-2156 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552816 | |||||
| CVE-2019-2157 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611363 | |||||
| CVE-2019-2158 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118766492 | |||||
| CVE-2019-9385 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956 | |||||
| CVE-2019-9403 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324 | |||||
| CVE-2019-9412 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096 | |||||
| CVE-2016-3031 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-3015 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2017-1784 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-09-30 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. | |||||
| CVE-2019-4139 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. | |||||
| CVE-2019-9348 | 1 Google | 1 Android | 2019-09-30 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761 | |||||
| CVE-2019-9353 | 1 Google | 1 Android | 2019-09-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201 | |||||
| CVE-2019-16686 | 1 Dolibarr | 1 Dolibarr | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. | |||||
| CVE-2019-16688 | 1 Dolibarr | 1 Dolibarr | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) | |||||
| CVE-2019-16687 | 1 Dolibarr | 1 Dolibarr | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | |||||
| CVE-2019-9368 | 1 Google | 1 Android | 2019-09-30 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883568 | |||||
| CVE-2019-9417 | 1 Google | 1 Android | 2019-09-30 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450079 | |||||
| CVE-2019-9431 | 1 Google | 1 Android | 2019-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179 | |||||
| CVE-2019-9434 | 1 Google | 1 Android | 2019-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895 | |||||
| CVE-2019-9435 | 1 Google | 1 Android | 2019-09-30 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80146682 | |||||
| CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2019-09-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | |||||
| CVE-2018-20860 | 1 Openmpt | 1 Libopenmpt | 2019-09-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| libopenmpt before 0.3.13 allows a crash with malformed MED files. | |||||
| CVE-2019-16532 | 1 Yzmcms | 1 Yzmcms | 2019-09-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | |||||
| CVE-2019-12922 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-09-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |||||
| CVE-2018-4300 | 1 Apple | 1 Cups | 2019-09-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. | |||||
| CVE-2019-14916 | 1 Prise | 1 Adas | 2019-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload. | |||||
| CVE-2019-16923 | 1 Kkcms Project | 1 Kkcms | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| kkcms 1.3 has jx.php?url= XSS. | |||||
| CVE-2019-16914 | 1 Netgate | 1 Pfsense | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. | |||||
| CVE-2014-2005 | 1 Sophos | 1 Enterprise Console | 2019-09-27 | 6.9 MEDIUM | 6.8 MEDIUM |
| Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | |||||
| CVE-2014-2019 | 1 Apple | 1 Iphone Os | 2019-09-27 | 4.9 MEDIUM | 4.6 MEDIUM |
| The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | |||||
| CVE-2015-2890 | 1 Dell | 24 Bios, Latitude E4310, Latitude E5410 and 21 more | 2019-09-27 | 7.2 HIGH | 6.0 MEDIUM |
| The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. | |||||
| CVE-2016-0128 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-09-27 | 5.8 MEDIUM | 6.8 MEDIUM |
| The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." | |||||
| CVE-2017-5942 | 1 Wp Mail Project | 1 Wp Mail | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | |||||
| CVE-2010-0467 | 2 Chillcreations, Joomla | 2 Com Ccnewsletter, Joomla\! | 2019-09-27 | 5.0 MEDIUM | 5.8 MEDIUM |
| Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | |||||
| CVE-2018-11782 | 1 Apache | 1 Subversion | 2019-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. | |||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2019-09-27 | 5.8 MEDIUM | 4.3 MEDIUM |
| The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | |||||
| CVE-2015-9440 | 1 Monetize Project | 1 Monetize | 2019-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | |||||