Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7559 | 2 Apache, Redhat | 3 Activemq, Jboss A-mq, Jboss Fuse | 2023-03-03 | 4.0 MEDIUM | 2.7 LOW |
| It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | |||||
| CVE-2019-14459 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | |||||
| CVE-2019-15141 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2023-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. | |||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2023-03-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | |||||
| CVE-2019-13512 | 1 Fujielectric | 1 Frenic Loader | 2023-03-03 | 4.3 MEDIUM | 3.3 LOW |
| Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. | |||||
| CVE-2019-3417 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-03-03 | 9.0 HIGH | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | |||||
| CVE-2018-20826 | 1 Atlassian | 1 Jira | 2023-03-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | |||||
| CVE-2022-48339 | 1 Gnu | 1 Emacs | 2023-03-03 | N/A | 7.8 HIGH |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | |||||
| CVE-2022-48338 | 1 Gnu | 1 Emacs | 2023-03-03 | N/A | 7.3 HIGH |
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | |||||
| CVE-2022-48285 | 1 Jszip Project | 1 Jszip | 2023-03-03 | N/A | 7.3 HIGH |
| loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | |||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-03-03 | N/A | 7.5 HIGH |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | |||||
| CVE-2018-19276 | 1 Openmrs | 1 Openmrs | 2023-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | |||||
| CVE-2018-3709 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3708 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3707 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3706 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3695 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3694 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3692 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-3685 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||