CWE:
 

Tytuł
Data
Autor
Med.
WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection
08.03.2023
FearZzZz
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Dovecot 2.3.11.3 Denial Of Service
07.01.2021
Innokentii Sennovskiy
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
20.05.2020
Philippe Antoine
Med.
SCP Server Verification Issues
16.01.2019
Harry Sintonen
Low
Wordpress Plugin Ninja Forms - CSV Injection
20.08.2018
Mostafa Gharzi
High
HPE VAN SDN 2.7.18.0503 Remote Root
28.06.2018
KoreLogic
High
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
27.06.2018
Matthew Bergin
Low
GNU Wget 1.19.4 Cookie Injection
08.05.2018
Harry Sintonen
Low
The First MicroFinance Bank | RCE / File Upload
24.06.2017
Infinity Security Team
Low
AXIS Communications XSS / Content Inclusion
18.03.2017
orwelllabs
Low
AXIS Network Camera Cross Site Scripting
18.03.2017
orwelllabs
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
Low
CMS Made Simple Cache Poisoning
04.05.2016
I-Tracing
Low
pgpdump 0.29 Endless Loop
20.04.2016
Klaus Eisentraut
Med.
innovaphone IP222 UDP Denial Of Service
26.03.2016
Sven Freund
Med.
innovaphone IP222 11r2 sr9 Download Denial Of Service
26.03.2016
Sven Freund
Med.
Dell Authentication Driver Uncontrolled Write
19.12.2015
Matt Bergin
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
Low
GPON Zhone R4.0.2.566b D.O.S.
03.03.2015
Kaczinski lramirez
High
Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
14.12.2014
quicinc
High
VMWare vmx86.sys Arbitrary Kernel Read
06.11.2014
Matt Bergin
Med.
Apache HTTP Server 2.4.7 mod_log_config denial of service
19.03.2014
Apache
High
Apple MacOSX 10.9.2 OpenSSL Verification Surprises
05.03.2014
hynek
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
10.02.2014
Nobody
Med.
Conceptronic C54APM Open Redirect
12.01.2014
antonio vazquez blanco
Med.
OpenSSL 1.0.1e NULL Pointer dereference DoS
11.01.2014
Dr. Stephen Henson
Med.
Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
09.01.2014
mpb
High
Linux kernel Multiple CVE fixes
23.11.2013
Nico Golde and Fabian ...
Med.
Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation
08.11.2013
Jonathan Salwan
Med.
Vino VNC Server 3.7.3 Denial Of Service
18.09.2013
Jonathan Claudius
Med.
WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation
09.09.2013
RogueCoder
High
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
07.08.2013
CORE
Low
Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger
06.06.2013
CORE
High
NextApp Echo XML Injection Vulnerability
02.05.2013
Anonymous
High
Cisco Unified Computing System Multiple Vulnerabilities
24.04.2013
CISCO
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
24.04.2013
CISCO
Med.
Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities
10.04.2013
Cisco
Low
Pebble 2.6.4 Open Redirection
04.11.2012
Anonymous
Low
VirtualBox CPU-emulation bug (missing CPL check)
08.09.2012
halfdog
Low
IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting
07.09.2012
MustLive
Low
IOServer Root Directory Trailing Backslash Multiple Vulnerabilities
20.08.2012
hinge
High
LifeSize Room Command Injection
13.11.2011
Spencer McIntyre (zero...
High
Apple Safari Webkit libxslt Arbitrary File Creation
29.10.2011
metasploit
Med.
astersik open source 1.8.7 Remote crash vulnerability
26.10.2011
Asterisk Security Team
High
CMS WebManager-Pro Vulnerabilities
12.10.2011
MustLive
High
Opera 10/11 (bad nesting with frameset tag) Memory Corruption
10.10.2011
Jose A. Vazquez
High
Mac OS X < 10.6.7 Kernel Panic Exploit
02.10.2011
hkpco
High
LifeSize Room Command Injection
05.09.2011
Spencer McIntyre
High
iOS SSL Implementation Does Not Validate Certificate Chain
01.09.2011
Trustwave Advisories
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Low
Android Browser Cross-Application Scripting
16.08.2011
Roee Hay
High
HP Data Protector Remote Shell for HP-UX
08.08.2011
Adrian Puente Z.
High
ioQuake3 Remote shell injection
06.08.2011
Thilo Schulz
High
HP Data Protector Remote Shell for HPUX
06.08.2011
Adrian Puente Z.
Med.
phpMyAdmin 3.x Conditional Session Manipulation
03.08.2011
Mango
High
Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability
19.07.2011
metasploit
Med.
Symantec Backup Exec 12.5 MiTM Attack
11.07.2011
Nibin
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
22.06.2011
metasploit
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
22.06.2011
mr_me
High
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
10.06.2011
metasploit
High
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
30.05.2011
fdisk
Low
Opera : SELECT SIZE Arbitrary null write
13.05.2011
Advisories Toucan-Syst...
Low
CA SiteMinder Security Notice
02.05.2011
Williams, James K
Low
Linux Kernel 2.4 and 2.6 disclosure of sensitive information
12.04.2011
Timo Warns
Med.
Apache Tomcat 7.0.11 information disclosure
12.04.2011
Mark Thomas
High
xpdf multiple vulnerabilities allow remote code execution
02.04.2011
Advisories Toucan-Syst...
Med.
Mutt: failure to check server certificate in SMTP TLS connection
18.03.2011
dave b
Low
SugarCRM list privilege restriction bypass
18.03.2011
RedTeam Pentesting Gmb...
High
Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges
04.03.2011
PRE
High
Cisco Secure Desktop CSDWebInstaller Remote Code Execution
01.03.2011
ZDI
Med.
ZOHO ManageEngine ADSelfService multiple vulnerabilities
18.02.2011
CORE Security Technolo...
Med.
mit kerberos 5-1.9 kpropd denial of service
12.02.2011
Tom Yu
Med.
MyProxy SSL Certificate Validation Security Bypass Vulnerability
03.02.2011
Venkat Yekkirala
High
OpenVAS Manager Command Injection Vulnerability
01.02.2011
Tim Brown
High
OpenVAS Manager Vulnerable To Command Injection
31.01.2011
Tim Brown
High
CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability
18.01.2011
felix
High
MS11-002: Microsoft Data Access Components Vulnerability
15.01.2011
Peter Vreugdenhil
High
Mono/Moonlight Generic Type Argument Local Privilege Escalation
15.01.2011
Chris Howie
Med.
Symantec Intel Handler Service Remote Denial-of-Service
25.12.2010
Core
High
Windows Win32k Pointer Dereferencement (MS10-098)
18.12.2010
Stefan LE BERRE
Low
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
05.11.2010
Maksymilian Arciemowic...
High
Android 2.0-2.1 Reverse Shell Exploit
05.11.2010
MJ Keith
Med.
KDC uninitialized pointer crash in authorization data handling
11.10.2010
Tom Yu
High
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
09.10.2010
Knud and nSense
Med.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
07.10.2010
ZDI
High
Microsoft Unicode Scripts Processor Remote Code Execution
06.10.2010
Abysssec
Low
HP System Management Homepage (SMH) Remote URL Redirection
28.09.2010
HP
High
Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit
23.09.2010
Trancer
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
17.09.2010
Secunia Research
Med.
Apache Traffic Server 2.0.0 issue
15.09.2010
Tim Brown
Low
linux kernel 2.6.34 xfs swapext ioctl issue
13.09.2010
Eugene Teo
High
Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek
31.08.2010
ZDI
High
Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption
31.08.2010
ZDI
High
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
30.08.2010
ZDI
High
Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability
30.08.2010
ZDI
High
Adobe Shockwave Player Director Remote Code Execution Vulnerability
30.08.2010
ZDI
High
ssmtp 2.62 standardise() Buffer overflow
24.08.2010
Jan Lieskovsky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-02-20
Waiting for details
CVE-2023-50306

Updating...
 

 
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.

 
2024-02-16
Waiting for details
CVE-2024-24758

Updating...
 

 
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

 
2024-02-15
Waiting for details
CVE-2023-44253

Updating...
 

 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

 
Waiting for details
CVE-2024-20733

Updating...
 

 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2023-32484

Updating...
 

 
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

 
Waiting for details
CVE-2023-32462

Updating...
 

 
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

 
2024-02-13
Waiting for details
CVE-2024-24740

Updating...
 

 
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

 
Waiting for details
CVE-2024-1096

Updating...
 

 
Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver.

 
Waiting for details
CVE-2024-25121

Updating...
 

 
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.

 
Waiting for details
CVE-2024-25120

Updating...
 

 
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top