Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6502 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6501 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6499 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | |||||
| CVE-2020-6500 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-8967 | 1 Gesio | 1 Erp | 2020-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information. | |||||
| CVE-2020-12062 | 1 Openbsd | 1 Openssh | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances." | |||||
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | |||||
| CVE-2019-14039 | 1 Qualcomm | 44 Apq8053, Apq8053 Firmware, Apq8098 and 41 more | 2020-06-04 | 3.6 LOW | 7.1 HIGH |
| Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24 | |||||
| CVE-2018-12355 | 1 Eng | 1 Knowage | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | |||||
| CVE-2018-10821 | 1 Blackcat-cms | 1 Blackcat Cms | 2020-06-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | |||||
| CVE-2011-1286 | 1 Google | 1 Chrome | 2020-06-04 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory. | |||||
| CVE-2011-1204 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-1202 | 2 Google, Xmlsoft | 2 Chrome, Libxslt | 2020-06-04 | 4.3 MEDIUM | N/A |
| The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | |||||
| CVE-2020-7117 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2020-06-04 | 9.0 HIGH | 7.2 HIGH |
| The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | |||||
| CVE-2011-1201 | 1 Google | 1 Chrome | 2020-06-04 | 7.5 HIGH | N/A |
| The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2020-13796 | 1 Naviwebs | 1 Navigate Cms | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | |||||
| CVE-2011-1200 | 1 Google | 1 Chrome | 2020-06-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||||
| CVE-2020-13797 | 1 Naviwebs | 1 Navigate Cms | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | |||||
| CVE-2018-10178 | 1 Iac | 1 Fromdoctopdf | 2020-06-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. | |||||
| CVE-2020-13798 | 1 Naviwebs | 1 Navigate Cms | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | |||||
| CVE-2012-4954 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2020-06-04 | 3.5 LOW | N/A |
| The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | |||||
| CVE-2013-3527 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | |||||
| CVE-2013-3528 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection." | |||||
| CVE-2014-9685 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2020-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-11051 | 2020-06-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0569. Reason: This candidate is a duplicate of CVE-2015-0569. Notes: All CVE users should reference CVE-2015-0569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-0526 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action. | |||||
| CVE-2011-0908 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | |||||
| CVE-2011-0909 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | |||||
| CVE-2011-0910 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 6.4 MEDIUM | N/A |
| The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks. | |||||
| CVE-2012-6556 | 1 Jspautsch | 1 Firstlastnames | 2020-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6557 | 2 Vanillaforums, Zodiacdm | 2 Vanilla, Aboutme-plugin | 2020-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-7610 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2020-06-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | |||||
| CVE-2018-10939 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | |||||
| CVE-2018-10951 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2020-06-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | |||||
| CVE-2013-5119 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 6.8 MEDIUM | N/A |
| Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. | |||||
| CVE-2013-7091 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. | |||||
| CVE-2016-3401 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | |||||
| CVE-2016-3402 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. | |||||
| CVE-2016-3403 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. | |||||
| CVE-2016-3404 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. | |||||
| CVE-2016-3405 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. | |||||
| CVE-2016-3406 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. | |||||
| CVE-2016-3407 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175. | |||||
| CVE-2016-3408 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | |||||
| CVE-2016-3409 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. | |||||
| CVE-2016-3410 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839. | |||||
| CVE-2016-3411 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. | |||||
| CVE-2016-3412 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. | |||||
| CVE-2016-3413 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. | |||||
| CVE-2016-3414 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. | |||||