Total
803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8800 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | |||||
| CVE-2020-5216 | 1 Twitter | 1 Secure Headers | 2020-02-18 | 5.0 MEDIUM | 5.8 MEDIUM |
| In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. | |||||
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2014-4172 | 3 Apereo, Debian, Fedoraproject | 5 .net Cas Client, Java Cas Client, Phpcas and 2 more | 2020-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2020-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2020-5230 | 1 Apereo | 1 Opencast | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | |||||
| CVE-2017-17518 | 1 White Dune Project | 1 White Dune | 2020-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".” | |||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2020-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2020-8093 | 1 Bitdefender | 1 Antivirus | 2020-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2020-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | |||||
| CVE-2020-5219 | 1 Peerigon | 1 Angular-expressions | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | |||||
| CVE-2013-3214 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | |||||
| CVE-2015-3154 | 1 Zend | 1 Zend Framework | 2020-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | |||||