Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2008 1 Automattic 1 Wp Super Cache 2020-02-10 4.3 MEDIUM 6.1 MEDIUM
WordPress Super Cache Plugin 1.3 has XSS.
CVE-2016-1544 2 Fedoraproject, Nghttp2 2 Fedora, Nghttp2 2020-02-10 2.1 LOW 3.3 LOW
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2013-5112 1 Evernote 1 Evernote 2020-02-10 2.1 LOW 4.6 MEDIUM
Evernote before 5.5.1 has insecure PIN storage
CVE-2020-5526 1 Fujixerox 1 Apeosware Management Suite 2020-02-10 4.3 MEDIUM 5.9 MEDIUM
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-18538 1 Deepsoft 1 Weblibrarian 2020-02-10 4.3 MEDIUM N/A
The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.
CVE-2018-17093 2020-02-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11125. Reason: This candidate is a duplicate of CVE-2017-11125. Notes: All CVE users should reference CVE-2017-11125 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2018-17094 2020-02-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11124. Reason: This candidate is a duplicate of CVE-2017-11124. Notes: All CVE users should reference CVE-2017-11124 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2020-7108 1 Learndash 1 Learndash 2020-02-10 4.3 MEDIUM 6.1 MEDIUM
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
CVE-2020-3118 1 Cisco 41 Asr 9000v, Asr 9001, Asr 9006 and 38 more 2020-02-10 8.3 HIGH 8.8 HIGH
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2011-1085 1 Smoothwall 1 Smoothwall Express 2020-02-10 6.8 MEDIUM 8.8 HIGH
CSRF vulnerability in Smoothwall Express 3.
CVE-2013-3067 1 Linksys 2 Wrt310n, Wrt310n Firmware 2020-02-10 3.5 LOW 5.4 MEDIUM
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.
CVE-2017-17912 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
CVE-2017-17913 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVE-2017-17915 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVE-2017-18187 2 Arm, Debian 2 Mbed Tls, Debian Linux 2020-02-10 7.5 HIGH 9.8 CRITICAL
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
CVE-2017-18229 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
CVE-2017-18230 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-18231 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2018-0487 2 Arm, Debian 2 Mbed Tls, Debian Linux 2020-02-10 7.5 HIGH 9.8 CRITICAL
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
CVE-2018-0497 2 Arm, Debian 2 Mbed Tls, Debian Linux 2020-02-10 4.3 MEDIUM 5.9 MEDIUM
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
CVE-2018-0498 2 Arm, Debian 2 Mbed Tls, Debian Linux 2020-02-10 1.9 LOW 4.7 MEDIUM
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
CVE-2011-1084 1 Smoothwall 1 Smoothwall Express 2020-02-10 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
CVE-2012-6306 1 Hcview Project 1 Hcview 2020-02-10 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.
CVE-2012-6307 1 Impulseadventure 1 Jpegsnoop 2020-02-10 6.5 MEDIUM 8.8 HIGH
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
CVE-2012-2593 1 Atmail 1 Atmail 2020-02-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
CVE-2012-6309 1 Arctic Torrent Project 1 Arctic Torrent 2020-02-10 5.0 MEDIUM 7.5 HIGH
A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.
CVE-2013-5709 1 Siemens 9 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200rna and 6 more 2020-02-10 8.3 HIGH N/A
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
CVE-2013-5944 1 Siemens 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt 2020-02-10 10.0 HIGH N/A
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
CVE-2013-6920 1 Siemens 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more 2020-02-10 10.0 HIGH N/A
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
CVE-2014-2246 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2247 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 5.8 MEDIUM N/A
The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.
CVE-2014-2248 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 4.3 MEDIUM N/A
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2014-2250 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 8.3 HIGH N/A
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
CVE-2014-2251 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 8.3 HIGH N/A
The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.
CVE-2014-2252 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 6.1 MEDIUM N/A
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
CVE-2014-2253 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 6.1 MEDIUM N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.
CVE-2014-2254 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
CVE-2014-2255 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.
CVE-2014-2256 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
CVE-2014-2257 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.
CVE-2014-2258 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
CVE-2014-2259 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2020-02-10 7.8 HIGH N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.
CVE-2014-2909 1 Siemens 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more 2020-02-10 5.8 MEDIUM N/A
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
CVE-2014-8478 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2020-02-10 7.8 HIGH N/A
The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.
CVE-2014-8479 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2020-02-10 6.8 MEDIUM N/A
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.
CVE-2015-1048 1 Siemens 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware 2020-02-10 4.3 MEDIUM N/A
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-2200 1 Siemens 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more 2020-02-10 7.8 HIGH 7.5 HIGH
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
CVE-2016-2201 1 Siemens 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more 2020-02-10 5.0 MEDIUM 5.3 MEDIUM
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
CVE-2016-3949 1 Siemens 4 Simatic S7-300 With Profitnet Support, Simatic S7-300 With Profitnet Support Firmware, Simatic S7-300 Without Profitnet Support and 1 more 2020-02-10 7.8 HIGH 7.5 HIGH
Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.
CVE-2014-9530 1 Nwjs 1 Nw 2020-02-10 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.