Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3865 | 1 Redhat | 1 Quay | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. | |||||
| CVE-2020-4041 | 1 Boltcms | 1 Bolt | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | |||||
| CVE-2022-26291 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. | |||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| openSIS through 7.4 allows Directory Traversal. | |||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS through 7.4 allows SQL Injection. | |||||
| CVE-2019-5319 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2013-7488 | 2 Convert\, Fedoraproject | 2 \, Fedora | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | |||||
| CVE-2018-5786 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
| CVE-2020-9409 | 2 Oracle, Tibco | 2 Retail Order Broker, Jasperreports Server | 2022-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. | |||||
| CVE-2022-25236 | 4 Debian, Libexpat Project, Oracle and 1 more | 5 Debian Linux, Libexpat, Http Server and 2 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | |||||
| CVE-2020-13539 | 1 Win911 | 1 Win-911 | 2022-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | |||||
| CVE-2020-11864 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). | |||||
| CVE-2020-36158 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2022-10-06 | 7.2 HIGH | 6.7 MEDIUM |
| mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | |||||
| CVE-2020-11865 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. | |||||
| CVE-2020-11866 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. | |||||
| CVE-2020-13541 | 1 Win911 | 1 Mobile-911 Server | 2022-10-06 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation. | |||||
| CVE-2020-13540 | 1 Win911 | 1 Win-911 | 2022-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | |||||
| CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2022-10-06 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-26298 | 2 Debian, Redcarpet Project | 2 Debian Linux, Redcarpet | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | |||||
| CVE-2020-8899 | 1 Google | 1 Android | 2022-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. | |||||