Total
803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0313 | 1 Cisco | 72 Nexus 172tq-xl, Nexus 2148t, Nexus 2224tp Ge and 69 more | 2020-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234. | |||||
| CVE-2020-12855 | 1 Seczetta | 1 Neprofile | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. | |||||
| CVE-2020-13863 | 1 Mitel | 1 Micollab | 2020-09-01 | 5.5 MEDIUM | 8.1 HIGH |
| The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. | |||||
| CVE-2020-24364 | 1 Ethz | 1 Minetime | 2020-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | |||||
| CVE-2019-11073 | 1 Paessler | 1 Prtg Network Monitor | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed. | |||||
| CVE-2019-5314 | 1 Arubanetworks | 1 Arubaos | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | |||||
| CVE-2019-4396 | 1 Ibm | 1 Cloud Orchestrator | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. | |||||
| CVE-2019-4461 | 1 Ibm | 1 Cloud Orchestrator | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. | |||||
| CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | |||||
| CVE-2019-17513 | 1 Ratpack Project | 1 Ratpack | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. | |||||
| CVE-2019-1490 | 1 Microsoft | 1 Skype For Business | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | |||||
| CVE-2019-13915 | 1 B3log | 1 Wide | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. | |||||
| CVE-2019-13146 | 1 Field Test Project | 1 Field Test | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS). | |||||
| CVE-2019-12966 | 1 Fehelper Project | 1 Fehelper | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. | |||||
| CVE-2019-12463 | 1 Librenms | 1 Librenms | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. | |||||
| CVE-2019-10665 | 1 Librenms | 1 Librenms | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. | |||||
| CVE-2019-1010310 | 1 Glpi-project | 1 Glpi | 2020-08-24 | 3.5 LOW | 3.5 LOW |
| GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1. | |||||
| CVE-2019-0319 | 1 Sap | 2 Gateway, Ui5 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. | |||||
| CVE-2018-7032 | 1 Myrepos Project | 1 Myrepos | 2020-08-24 | 5.1 MEDIUM | 7.5 HIGH |
| webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. | |||||
| CVE-2018-6603 | 1 Promise | 1 Webpam Proe | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. | |||||