Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24592 | 1 Mitel | 1 Micloud Management Portal | 2020-09-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | |||||
| CVE-2020-16281 | 1 Rangee | 1 Rangeeos | 2020-08-26 | 4.6 MEDIUM | 7.8 HIGH |
| The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | |||||
| CVE-2019-0857 | 1 Microsoft | 1 Azure Devops Server | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | |||||
| CVE-2019-12463 | 1 Librenms | 1 Librenms | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. | |||||
| CVE-2019-11325 | 1 Sensiolabs | 1 Symfony | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. | |||||
| CVE-2019-0956 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | |||||
| CVE-2019-0971 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2020-08-24 | 9.0 HIGH | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'. | |||||
| CVE-2018-8609 | 1 Microsoft | 1 Dynamics 365 | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | |||||
| CVE-2018-2389 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 4.0 MEDIUM | 5.7 MEDIUM |
| Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | |||||
| CVE-2018-18838 | 1 My-netdata | 1 Netdata | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. | |||||
| CVE-2018-16386 | 1 Swift | 1 Alliance Web Platform | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages. | |||||
| CVE-2018-15494 | 2 Debian, Dojotoolkit | 2 Debian Linux, Dojo | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | |||||
| CVE-2017-18892 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | |||||
| CVE-2014-9938 | 1 Git-scm | 1 Git | 2020-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | |||||
| CVE-2018-20586 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-20 | 4.3 MEDIUM | 5.3 MEDIUM |
| bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | |||||
| CVE-2013-2011 | 1 Automattic | 1 W3 Super Cache | 2020-01-02 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. | |||||
| CVE-2019-19714 | 1 Contao | 1 Contao | 2019-12-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered. | |||||
| CVE-2019-12674 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2019-10-09 | 7.2 HIGH | 8.2 HIGH |
| Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
| CVE-2019-12675 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2019-10-09 | 7.2 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
| CVE-2019-9853 | 1 Libreoffice | 1 Libreoffice | 2019-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. | |||||