Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23835 | 1 Tailor Management System Project | 1 Tailor Management System | 2022-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing. | |||||
| CVE-2020-7712 | 2 Joyent, Oracle | 5 Json, Commerce Guided Search, Financial Services Crime And Compliance Management Studio and 2 more | 2022-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | |||||
| CVE-2020-5913 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2022-12-03 | 5.8 MEDIUM | 7.4 HIGH |
| In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. | |||||
| CVE-2020-13946 | 2 Apache, Netapp | 2 Cassandra, Oncommand Insight | 2022-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. | |||||
| CVE-2022-44277 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-03 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | |||||
| CVE-2019-4040 | 1 Ibm | 1 I | 2022-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. | |||||
| CVE-2019-3912 | 1 Labkey | 1 Labkey Server | 2022-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. | |||||
| CVE-2019-3911 | 1 Labkey | 1 Labkey Server | 2022-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | |||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | |||||
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2022-12-03 | 9.0 HIGH | 8.8 HIGH |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | |||||
| CVE-2019-4043 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. | |||||
| CVE-2019-4046 | 1 Ibm | 1 Websphere Application Server | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. | |||||
| CVE-2019-4027 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. | |||||
| CVE-2019-4008 | 1 Ibm | 1 Api Connect | 2022-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | |||||
| CVE-2019-4038 | 1 Ibm | 1 Security Identity Manager | 2022-12-03 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. | |||||
| CVE-2020-15901 | 1 Nagios | 1 Nagios Xi | 2022-12-03 | 7.5 HIGH | 8.8 HIGH |
| In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | |||||
| CVE-2020-15852 | 3 Linux, Netapp, Xen | 5 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 2 more | 2022-12-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. | |||||
| CVE-2020-3481 | 4 Canonical, Clamav, Debian and 1 more | 4 Ubuntu Linux, Clamav, Debian Linux and 1 more | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
| CVE-2020-15586 | 5 Cloudfoundry, Debian, Fedoraproject and 2 more | 6 Cf-deployment, Routing-release, Debian Linux and 3 more | 2022-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | |||||
| CVE-2019-4224 | 1 Ibm | 1 Pureapplication System | 2022-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. | |||||