Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20857 | 1 Zendesk | 1 Samlr | 2019-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. | |||||
| CVE-2018-14732 | 1 Webpack.js | 1 Webpack-dev-server | 2019-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin. | |||||
| CVE-2017-17831 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2019-08-01 | 6.8 MEDIUM | 8.8 HIGH |
| GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. | |||||
| CVE-2008-1748 | 1 Cisco | 1 Unified Communications Manager | 2019-08-01 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. | |||||
| CVE-2007-5570 | 1 Cisco | 1 Firewall Services Module | 2019-08-01 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. | |||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | |||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | |||||
| CVE-2008-1747 | 1 Cisco | 1 Unified Communications Manager | 2019-07-31 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. | |||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2019-07-30 | 5.4 MEDIUM | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | |||||
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Patch and 6 more | 2019-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | |||||
| CVE-2014-0679 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 9.0 HIGH | N/A |
| Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. | |||||
| CVE-2016-1291 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 9.3 HIGH | 9.8 CRITICAL |
| Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | |||||
| CVE-2016-1408 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. | |||||
| CVE-2016-1442 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 9.0 HIGH | 8.8 HIGH |
| The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | |||||
| CVE-2016-1359 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. | |||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2019-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | |||||
| CVE-2009-2185 | 2 Strongswan, Xelerance | 2 Strongswan, Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | |||||
| CVE-2009-0790 | 2 Strongswan, Xelerance | 2 Strongswan, Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | |||||
| CVE-2019-11697 | 1 Mozilla | 1 Firefox | 2019-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. | |||||