Total
961 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-4028 | 2 Mcafee, Microsoft | 7 Anti-virus Plus, Endpoint Security, Host Intrusion Prevention and 4 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | |||||
CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||||
CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | |||||
CVE-2017-5799 | 1 Hp | 1 Opencall Media Platform | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | |||||
CVE-2016-10498 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure. | |||||
CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
CVE-2018-0313 | 1 Cisco | 72 Nexus 172tq-xl, Nexus 2148t, Nexus 2224tp Ge and 69 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234. | |||||
CVE-2017-10963 | 1 Samsung | 2 Knox Enterprise Mobility Management, Knox Identity Access Management | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world. | |||||
CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | |||||
CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | |||||
CVE-2018-6220 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | |||||
CVE-2018-4995 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass. | |||||
CVE-2017-18049 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page. | |||||
CVE-2018-1319 | 1 Apache | 1 Allura | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session. | |||||
CVE-2015-1975 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694. | |||||
CVE-2018-1549 | 1 Ibm | 1 Rational Quality Manager | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658. | |||||
CVE-2018-4106 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. | |||||
CVE-2018-1000193 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. | |||||
CVE-2018-4235 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection. | |||||
CVE-2018-6603 | 1 Promise | 1 Webpam Proe | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. |