Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10873 | 1 Osstech | 1 Openam | 2021-09-09 | 6.8 MEDIUM | 8.1 HIGH |
| OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | |||||
| CVE-2017-2298 | 1 Puppet | 1 Mcollective-sshkey-security | 2021-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem". | |||||
| CVE-2017-2290 | 2 Microsoft, Puppet | 2 Windows, Mcollective-puppet-agent | 2021-09-09 | 9.0 HIGH | 8.8 HIGH |
| On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1. | |||||
| CVE-2020-24512 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2021-09-09 | 2.1 LOW | 3.3 LOW |
| Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2016-2785 | 1 Puppet | 3 Puppet, Puppet Agent, Puppet Server | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | |||||
| CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2021-09-09 | 2.1 LOW | 6.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | |||||
| CVE-2015-2802 | 4 Hp, Linux, Microsoft and 1 more | 6 Asset Manager, Asset Manager Cloudsystem Chargeback, Sitescope and 3 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. | |||||
| CVE-2021-20988 | 2 Hilscher, Pepperl-fuchs | 17 Rcx Rtos, Ice1-16di-g60l-v1d, Ice1-16di-g60l-v1d Firmware and 14 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | |||||
| CVE-2018-9109 | 1 Std42 | 1 Elfinder | 2021-09-09 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | |||||
| CVE-2011-4612 | 1 Xiph | 1 Icecast | 2021-09-09 | 5.0 MEDIUM | N/A |
| icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | |||||
| CVE-2018-9110 | 1 Std42 | 1 Elfinder | 2021-09-09 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | |||||
| CVE-2019-6257 | 1 Std42 | 1 Elfinder | 2021-09-09 | 4.0 MEDIUM | 7.7 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. | |||||
| CVE-2019-5884 | 1 Std42 | 1 Elfinder | 2021-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | |||||
| CVE-2021-27293 | 1 Restsharp | 1 Restsharp | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service. | |||||
| CVE-2021-31712 | 1 React Draft Wysiwyg Project | 1 React Draft Wysiwyg | 2021-09-09 | 3.5 LOW | 5.4 MEDIUM |
| react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. | |||||
| CVE-2020-5794 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2021-09-09 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | |||||
| CVE-2017-5528 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2021-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). | |||||
| CVE-2017-6955 | 1 Teleogistic | 1 Invite Anyone | 2021-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack. | |||||
| CVE-2016-4828 | 1 Collne | 1 Welcart E-commerce | 2021-09-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | |||||