CWE:
 

Topic
Date
Author
Med.
SCP Server Verification Issues
16.01.2019
Harry Sintonen
Low
Wordpress Plugin Ninja Forms - CSV Injection
20.08.2018
Mostafa Gharzi
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
Low
GNU Wget 1.19.4 Cookie Injection
08.05.2018
Harry Sintonen
Low
The First MicroFinance Bank | RCE / File Upload
24.06.2017
Infinity Security Team
Low
AXIS Communications XSS / Content Inclusion
18.03.2017
orwelllabs
Low
AXIS Network Camera Cross Site Scripting
18.03.2017
orwelllabs
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
Low
CMS Made Simple Cache Poisoning
04.05.2016
I-Tracing
Low
pgpdump 0.29 Endless Loop
20.04.2016
Klaus Eisentraut
Med.
innovaphone IP222 UDP Denial Of Service
26.03.2016
Sven Freund
Med.
innovaphone IP222 11r2 sr9 Download Denial Of Service
26.03.2016
Sven Freund
Med.
Dell Authentication Driver Uncontrolled Write
19.12.2015
Matt Bergin
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
Low
GPON Zhone R4.0.2.566b D.O.S.
03.03.2015
Kaczinski lramirez
High
Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
14.12.2014
quicinc
High
VMWare vmx86.sys Arbitrary Kernel Read
06.11.2014
Matt Bergin
Med.
Apache HTTP Server 2.4.7 mod_log_config denial of service
19.03.2014
Apache
High
Apple MacOSX 10.9.2 OpenSSL Verification Surprises
05.03.2014
hynek
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
10.02.2014
Nobody
Med.
Conceptronic C54APM Open Redirect
12.01.2014
antonio vazquez blanco
Med.
OpenSSL 1.0.1e NULL Pointer dereference DoS
11.01.2014
Dr. Stephen Henson
Med.
Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
09.01.2014
mpb
High
Linux kernel Multiple CVE fixes
23.11.2013
Nico Golde and Fabian ...
Med.
Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation
08.11.2013
Jonathan Salwan
Med.
Vino VNC Server 3.7.3 Denial Of Service
18.09.2013
Jonathan Claudius
Med.
WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation
09.09.2013
RogueCoder
High
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
07.08.2013
CORE
Low
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
06.06.2013
CORE
High
NextApp Echo XML Injection Vulnerability
02.05.2013
Anonymous
High
Cisco Unified Computing System Multiple Vulnerabilities
24.04.2013
CISCO
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
24.04.2013
CISCO
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
10.04.2013
Cisco
Low
Pebble 2.6.4 Open Redirection
04.11.2012
Anonymous
Low
VirtualBox CPU-emulation bug (missing CPL check)
08.09.2012
halfdog
Low
IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting
07.09.2012
MustLive
Low
IOServer Root Directory Trailing Backslash Multiple Vulnerabilities
20.08.2012
hinge
High
LifeSize Room Command Injection
13.11.2011
Spencer McIntyre (zero...
High
Apple Safari Webkit libxslt Arbitrary File Creation
29.10.2011
metasploit
Med.
astersik open source 1.8.7 Remote crash vulnerability
26.10.2011
Asterisk Security Team
High
CMS WebManager-Pro Vulnerabilities
12.10.2011
MustLive
High
Opera 10/11 (bad nesting with frameset tag) Memory Corruption
10.10.2011
Jose A. Vazquez
High
Mac OS X < 10.6.7 Kernel Panic Exploit
02.10.2011
hkpco
High
LifeSize Room Command Injection
05.09.2011
Spencer McIntyre
High
iOS SSL Implementation Does Not Validate Certificate Chain
01.09.2011
Trustwave Advisories
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Low
Android Browser Cross-Application Scripting
16.08.2011
Roee Hay
High
HP Data Protector Remote Shell for HP-UX
08.08.2011
Adrian Puente Z.
High
ioQuake3 Remote shell injection
06.08.2011
Thilo Schulz
High
HP Data Protector Remote Shell for HPUX
06.08.2011
Adrian Puente Z.
Med.
phpMyAdmin 3.x Conditional Session Manipulation
03.08.2011
Mango
High
Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability
19.07.2011
metasploit
Med.
Symantec Backup Exec 12.5 MiTM Attack
11.07.2011
Nibin
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
22.06.2011
metasploit
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
22.06.2011
mr_me
High
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
10.06.2011
metasploit
High
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
30.05.2011
fdisk
Low
Opera : SELECT SIZE Arbitrary null write
13.05.2011
Advisories Toucan-Syst...
Low
CA SiteMinder Security Notice
02.05.2011
Williams, James K
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
12.04.2011
Timo Warns
Med.
Apache Tomcat 7.0.11 information disclosure
12.04.2011
Mark Thomas
High
xpdf multiple vulnerabilities allow remote code execution
02.04.2011
Advisories Toucan-Syst...
Med.
Mutt: failure to check server certificate in SMTP TLS connection
18.03.2011
dave b
Low
SugarCRM list privilege restriction bypass
18.03.2011
RedTeam Pentesting Gmb...
High
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges
04.03.2011
PRE
High
Cisco Secure Desktop CSDWebInstaller Remote Code Execution
01.03.2011
ZDI
Med.
ZOHO ManageEngine ADSelfService multiple vulnerabilities
18.02.2011
CORE Security Technolo...
Med.
mit kerberos 5-1.9 kpropd denial of service
12.02.2011
Tom Yu
Med.
MyProxy SSL Certificate Validation Security Bypass Vulnerability
03.02.2011
Venkat Yekkirala
High
OpenVAS Manager Command Injection Vulnerability
01.02.2011
Tim Brown
High
OpenVAS Manager Vulnerable To Command Injection
31.01.2011
Tim Brown
High
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
18.01.2011
felix
High
MS11-002: Microsoft Data Access Components Vulnerability
15.01.2011
Peter Vreugdenhil
High
Mono/Moonlight Generic Type Argument Local Privilege Escalation
15.01.2011
Chris Howie
Med.
Symantec Intel Handler Service Remote Denial-of-Service
25.12.2010
Core
High
Windows Win32k Pointer Dereferencement (MS10-098)
18.12.2010
Stefan LE BERRE
Low
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
05.11.2010
Maksymilian Arciemowic...
High
Android 2.0-2.1 Reverse Shell Exploit
05.11.2010
MJ Keith
Med.
KDC uninitialized pointer crash in authorization data handling
11.10.2010
Tom Yu
High
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
09.10.2010
Knud and nSense
Med.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
07.10.2010
ZDI
High
Microsoft Unicode Scripts Processor Remote Code Execution
06.10.2010
Abysssec
Low
HP System Management Homepage (SMH) Remote URL Redirection
28.09.2010
HP
High
Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit
23.09.2010
Trancer
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
17.09.2010
Secunia Research
Med.
Apache Traffic Server 2.0.0 issue
15.09.2010
Tim Brown
Low
linux kernel 2.6.34 xfs swapext ioctl issue
13.09.2010
Eugene Teo
High
Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek
31.08.2010
ZDI
High
Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption
31.08.2010
ZDI
High
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
30.08.2010
ZDI
High
Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability
30.08.2010
ZDI
High
Adobe Shockwave Player Director Remote Code Execution Vulnerability
30.08.2010
ZDI
High
ssmtp 2.62 standardise() Buffer overflow
24.08.2010
Jan Lieskovsky
Med.
FreeType 2.4.1 Memory corruption
22.08.2010
Robert Swiecki
Low
Microsoft Windows Missed ACE Bounds Checks (MS10-047)
18.08.2010
Tavis Ormandy
High
Microsoft SMB Server Trans2 Zero Size Pool Alloc
12.08.2010
Laurent Gaffie
Med.
Microsoft Windows CreateWindow Function Callback Vulnerability
12.08.2010
CORE
Med.
Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS
10.08.2010
Jon Oberheide


CVEMAP Search Results

CVE
Details
Description
2020-04-08
Medium
CVE-2020-4289

Vendor: IBM
Software: Security inf...
 

 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332.

 
Medium
CVE-2020-4284

Vendor: IBM
Software: Security inf...
 

 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.

 
Low
CVE-2020-4164

Vendor: IBM
Software: Security inf...
 

 
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400.

 
Medium
CVE-2017-18643

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).

 
Low
CVE-2020-11631

Vendor: Primekey
Software: Ejbca
 

 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)

 
2020-04-07
Medium
CVE-2016-11032

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).

 
Medium
CVE-2020-7616

Vendor: Express-mock-middleware project
Software: Express-mock...
 

 
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.

 
Medium
CVE-2020-7618

Vendor: Sds project
Software: SDS
 

 
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.

 
Medium
CVE-2017-18648

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).

 
High
CVE-2016-11031

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).

 

 


Copyright 2020, cxsecurity.com

 

Back to Top