Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20606 | 1 Mitsubishielectric | 3 Ezsocket, Gx Works2, Melsoft Navigator | 2023-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. | |||||
| CVE-2021-22798 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions) | |||||
| CVE-2021-41874 | 1 Portainer | 1 Portainer | 2023-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source. | |||||
| CVE-2019-12922 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-02-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |||||
| CVE-2021-30496 | 1 Telegram | 1 Telegram | 2023-02-02 | 3.5 LOW | 5.7 MEDIUM |
| ** DISPUTED ** The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability." | |||||
| CVE-2020-7690 | 1 Parall | 1 Jspdf | 2023-02-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method. | |||||
| CVE-2019-10386 | 1 Jenkins | 1 Xl Testview | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10388 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-02-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-15014 | 1 Zingbox | 1 Inspector | 2023-02-02 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. | |||||
| CVE-2018-3786 | 1 Eggjs | 1 Egg-scripts | 2023-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | |||||
| CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2023-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | |||||
| CVE-2022-4434 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2023-02-02 | N/A | 4.4 MEDIUM |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | |||||
| CVE-2018-3785 | 1 Git-dummy-commit Project | 1 Git-dummy-commit | 2023-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | |||||
| CVE-2022-41838 | 1 Openimageio Project | 1 Openimageio | 2023-02-02 | N/A | 9.8 CRITICAL |
| A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2023-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2023-02-02 | 9.3 HIGH | 7.8 HIGH |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | |||||
| CVE-2018-7082 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2023-02-02 | 9.0 HIGH | 7.2 HIGH |
| A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | |||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2023-02-02 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
| CVE-2020-25706 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2023-02-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field | |||||
| CVE-2019-10359 | 1 Jenkins | 1 M2release | 2023-02-02 | 6.8 MEDIUM | 6.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | |||||