Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4384 | 1 Ibm | 1 Campaign | 2023-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. | |||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-01-30 | 8.5 HIGH | 8.0 HIGH |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | |||||
| CVE-2017-1107 | 1 Ibm | 1 Marketing Platform | 2023-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. | |||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2023-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | |||||
| CVE-2020-36655 | 1 Yiiframework | 1 Gii | 2023-01-30 | N/A | 8.8 HIGH |
| Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. | |||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3743 | 1 Hekto Project | 1 Hekto | 2023-01-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | |||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2023-01-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | |||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2023-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3746 | 1 Pdfinfojs Project | 1 Pdfinfojs | 2023-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | |||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2023-24042 | 1 Lightftp Project | 1 Lightftp | 2023-01-30 | N/A | 7.5 HIGH |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | |||||
| CVE-2022-4876 | 1 Kaltura | 1 Mwembed | 2023-01-30 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The name of the patch is 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427. | |||||
| CVE-2023-21538 | 2 Fedoraproject, Microsoft | 3 Fedora, .net, Powershell | 2023-01-30 | N/A | 7.5 HIGH |
| .NET Denial of Service Vulnerability. | |||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2023-01-30 | N/A | 4.7 MEDIUM |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | |||||
| CVE-2022-38492 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. | |||||
| CVE-2022-38491 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 7.5 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. | |||||
| CVE-2022-38490 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. | |||||
| CVE-2022-38489 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. | |||||
| CVE-2022-45923 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. | |||||