Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14978 | 1 Woocommerce | 1 Payu India Payment Gateway | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | |||||
| CVE-2013-7483 | 1 Hbwsl | 1 Slidedeck 2 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. | |||||
| CVE-2018-19016 | 1 Rockwellautomation | 2 Ethernet\/ip Web Server Module 1756-eweb, Ethernet\/ip Web Server Module 1768-eweb | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. | |||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 4.7 MEDIUM |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
| CVE-2019-12831 | 1 Mybb | 1 Mybb | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | |||||
| CVE-2017-18509 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. | |||||
| CVE-2016-1586 | 1 Oxide Project | 1 Oxide | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3. | |||||
| CVE-2019-1746 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically. | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | |||||
| CVE-2019-9845 | 1 Miniblog.core Project | 1 Miniblog.core | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension. | |||||
| CVE-2019-1306 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | |||||
| CVE-2019-0097 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. | |||||
| CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | |||||
| CVE-2019-11595 | 1 Ublockorigin | 1 Ublock Origin | 2024-02-04 | 6.8 MEDIUM | 9.0 CRITICAL |
| In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | |||||
| CVE-2019-0157 | 2 Intel, Linux | 3 Software Guard Extensions, Software Guard Extensions Data Center Attestation Primitives, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-02-04 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
| CVE-2019-14211 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. | |||||
| CVE-2016-10765 | 1 Edx | 1 Edx-platform | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | |||||