Total
241 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6313 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | |||||
CVE-2020-6261 | 1 Sap | 1 Solution Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired. | |||||
CVE-2020-6227 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | |||||
CVE-2020-16281 | 1 Rangee | 1 Rangeeos | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | |||||
CVE-2018-20586 | 1 Bitcoin | 1 Bitcoin Core | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | |||||
CVE-2019-12675 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
CVE-2019-12674 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
CVE-2019-11325 | 1 Sensiolabs | 1 Symfony | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. | |||||
CVE-2019-19714 | 1 Contao | 1 Contao | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered. | |||||
CVE-2013-2011 | 1 Automattic | 1 W3 Super Cache | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. | |||||
CVE-2020-10235 | 1 Froxlor | 1 Froxlor | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php. | |||||
CVE-2019-9853 | 1 Libreoffice | 1 Libreoffice | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. | |||||
CVE-2019-11547 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | |||||
CVE-2019-0857 | 1 Microsoft | 1 Azure Devops Server | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | |||||
CVE-2019-11717 | 4 Debian, Mozilla, Novell and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
CVE-2019-10249 | 1 Eclipse | 2 Xtend, Xtext | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. | |||||
CVE-2019-0956 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | |||||
CVE-2018-18838 | 1 My-netdata | 1 Netdata | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. | |||||
CVE-2019-1968 | 1 Cisco | 92 Mds 9000, Mds 9100, Mds 9140 and 89 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | |||||
CVE-2019-11268 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. |