Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2808 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | |||||
| CVE-2018-9547 | 1 Google | 1 Android | 2019-11-13 | 7.2 HIGH | 7.8 HIGH |
| In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584. | |||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2019-11-13 | 3.5 LOW | 6.5 MEDIUM |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | |||||
| CVE-2019-17210 | 1 Arm | 2 Mbed-mqtt, Mbed-os | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. | |||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2019-11-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | |||||
| CVE-2012-0051 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2019-11-12 | 5.8 MEDIUM | 7.4 HIGH |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | |||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2019-11-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | |||||
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | |||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Rbot Reaction plugin allows command execution | |||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2019-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| konversation before 1.2.3 allows attackers to cause a denial of service. | |||||
| CVE-2013-4101 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness | |||||
| CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | |||||
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | |||||
| CVE-2014-9013 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2019-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | |||||
| CVE-2019-15966 | 1 Cisco | 1 Telepresence Advanced Media Gateway | 2019-11-07 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. | |||||
| CVE-2013-1930 | 2 Fedoraproject, Mantisbt | 2 Fedora, Mantisbt | 2019-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | |||||