Skip to main content

2837 docs tagged with "MEDIUM_Vulnerabilities"

View all tags

CVE-1999-0735

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

CVE-1999-1002

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.

CVE-1999-1373

FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN

CVE-1999-1431

ZAK in Appstation mode allows users to bypass the 'Run only allowed apps' policy by starting Explore

CVE-2000-0045

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

CVE-2000-0050

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying

CVE-2000-0051

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by rep

CVE-2000-0056

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many

CVE-2000-0058

Network HotSync program in Handspring Visor does not have authentication, which allows remote attack

CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-

CVE-2000-0082

WebTV email client allows remote attackers to force the client to send email without the user's know

CVE-2000-0084

CuteFTP uses weak encryption to store password information in its tree.dat file.

CVE-2000-0087

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even i

CVE-2000-0897

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedl

CVE-2000-0898

Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null v

CVE-2000-0899

Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the ser

CVE-2000-1039

Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service b

CVE-2000-1081

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does n

CVE-2000-1082

The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not

CVE-2000-1084

The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not p

CVE-2000-1085

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not

CVE-2000-1086

The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) do

CVE-2000-1087

The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) do

CVE-2000-1088

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) doe

CVE-2000-1092

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in

CVE-2000-1097

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service

CVE-2000-1098

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service

CVE-2000-1099

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted J

CVE-2000-1101

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the 'Restrict to home d

CVE-2000-1102

PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (ser

CVE-2000-1105

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site oper

CVE-2000-1106

Trend Micro InterScan VirusWall creates an 'Intscan' share to the 'InterScan' directory with permiss

CVE-2000-1107

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of servic

CVE-2000-1108

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file

CVE-2000-1109

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when

CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the

CVE-2000-1111

Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attem

CVE-2000-1112

Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow rem

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP req

CVE-2000-1117

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 a

CVE-2000-1119

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitr

CVE-2000-1128

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which impro

CVE-2000-1129

McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recip

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the progr

CVE-2000-1133

Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into

CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a sym

CVE-2000-1136

elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows loc

CVE-2000-1137

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack

CVE-2000-1145

Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or

CVE-2000-1147

Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands v

CVE-2000-1148

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration

CVE-2000-1150

Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service v

CVE-2000-1151

Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service

CVE-2000-1152

Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service

CVE-2000-1153

PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via

CVE-2000-1154

RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a

CVE-2000-1155

RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a d

CVE-2000-1160

NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large nu

CVE-2000-1163

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the

CVE-2000-1165

Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a mal

CVE-2000-1171

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to r

CVE-2000-1173

Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no enc

CVE-2000-1177

bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB)

CVE-2000-1178

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal

CVE-2000-1179

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authenti

CVE-2000-1180

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to ga

CVE-2000-1181

Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's me

CVE-2000-1182

WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox w

CVE-2000-1184

telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to

CVE-2000-1185

The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via

CVE-2000-1188

Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read

CVE-2001-0160

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless

CVE-2001-0161

Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bit

CVE-2001-0163

Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remo

CVE-2001-1037

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell wit

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for

CVE-2002-0629

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of

CVE-2002-0630

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of

CVE-2002-1386

Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary c

CVE-2002-1387

The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary

CVE-2002-1388

Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject

CVE-2002-1389

Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.

CVE-2002-1595

Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without

CVE-2002-1596

Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service

CVE-2002-1597

Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service

CVE-2002-1600

Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows

CVE-2003-0014

gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink atta

CVE-2003-0979

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which all

CVE-2003-0980

Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remot

CVE-2003-0981

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allo

CVE-2003-0984

Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their s

CVE-2003-0996

Unknown 'System Security Vulnerability' in Computer Associates (CA) Unicenter Remote Control (URC) 6

CVE-2003-0997

Unknown 'Denial of Service Attack' vulnerability in Computer Associates (CA) Unicenter Remote Contro

CVE-2003-0998

Unknown 'potential system security vulnerability' in Computer Associates (CA) Unicenter Remote Contr

CVE-2003-1001

Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series

CVE-2003-1002

Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote a

CVE-2003-1004

Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to

CVE-2003-1012

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via

CVE-2003-1017

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is a

CVE-2003-1020

The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause

CVE-2004-0883

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote sa

CVE-2004-0899

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP l

CVE-2004-0915

Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archi

CVE-2004-0949

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does n

CVE-2004-0956

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a M

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attacke

CVE-2004-1020

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow

CVE-2004-1039

The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions,

CVE-2004-1056

Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, whic

CVE-2004-1061

Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, a

CVE-2004-1068

A 'missing serialization' error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and

CVE-2004-1075

Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to

CVE-2004-1100

Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier v

CVE-2004-1101

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a

CVE-2004-1102

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whe

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers

CVE-2004-1105

Nortel Networks Contivity VPN Client displays a different error message depending on whether the use

CVE-2004-1106

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to

CVE-2004-1109

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a

CVE-2004-1111

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and oth

CVE-2004-1112

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes

CVE-2004-1123

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a den

CVE-2004-1130

Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to

CVE-2004-1133

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remot

CVE-2004-1135

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial

CVE-2004-1136

Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to re

CVE-2004-1163

Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows

CVE-2004-1164

The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause

CVE-2004-1167

mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file

CVE-2004-1169

MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (applicati

CVE-2004-1177

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote

CVE-2004-1183

Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to ca

CVE-2004-1193

Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention f

CVE-2004-1194

Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial

CVE-2004-1195

Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (applica

CVE-2004-1196

Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to in

CVE-2004-1197

Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to in

CVE-2004-1199

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application cr

CVE-2004-1201

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhau

CVE-2004-1202

Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote atta

CVE-2004-1205

codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via a

CVE-2004-1206

Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attacke

CVE-2004-1207

The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro fa

CVE-2004-1209

Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the dat

CVE-2004-1210

Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions,

CVE-2004-1212

Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attack

CVE-2004-1213

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly

CVE-2004-1215

Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via

CVE-2004-1216

The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial o

CVE-2004-1217

Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbi

CVE-2004-1218

Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by maki

CVE-2004-1219

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote

CVE-2004-1220

Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master

CVE-2004-1221

Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbit

CVE-2004-1223

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive

CVE-2004-1224

Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users t

CVE-2004-1226

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via ce

CVE-2004-1228

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, w

CVE-2004-1230

Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache direc

CVE-2004-1231

Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .

CVE-2004-1233

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption

CVE-2004-1267

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22

CVE-2004-1269

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource li

CVE-2004-1277

The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious

CVE-2004-1281

The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary fil

CVE-2004-1294

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary file

CVE-2004-1318

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote a

CVE-2004-1786

PortalApp places user credentials under the web root with insufficient access control, which allows

CVE-2004-2761

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-depen

CVE-2005-0097

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of ser

CVE-2005-0108

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a

CVE-2005-0117

Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS

CVE-2005-0182

The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filena

CVE-2005-0266

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inj

CVE-2005-0274

Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allo

CVE-2005-0283

Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrar

CVE-2005-0287

Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the netw

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) U

CVE-2006-0035

The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to

CVE-2006-0054

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firew

CVE-2006-0063

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when 'Allowed HTML tags' is enabled, allow

CVE-2006-0069

Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allow

CVE-2006-0070

Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, whic

CVE-2006-0073

Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.

CVE-2006-0078

Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to

CVE-2006-0080

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows r

CVE-2006-0082

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other

CVE-2006-0083

Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier al

CVE-2006-0084

Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers t

CVE-2006-0086

Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition

CVE-2006-0089

Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (appli

CVE-2006-0090

Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote a

CVE-2006-0091

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with 'Inlin

CVE-2006-0093

Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inj

CVE-2006-0098

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-op

CVE-2006-0100

Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code vi

CVE-2006-0101

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow r

CVE-2006-0102

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attacke

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the (1) users/.hash and (2) users/[USERNAME].email files under t

CVE-2006-0104

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create

CVE-2006-0105

PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attacke

CVE-2006-0109

Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote a

CVE-2006-0110

Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers

CVE-2006-0111

Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attacker

CVE-2006-0112

Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remo

CVE-2006-0113

Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application v

CVE-2006-0114

The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict a

CVE-2006-0116

Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remot

CVE-2006-0117

Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial

CVE-2006-0118

Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, al

CVE-2006-0120

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attacke

CVE-2006-0122

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers

CVE-2006-0124

Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to i

CVE-2006-0125

Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include ar

CVE-2006-0126

rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linu

CVE-2006-0127

Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows r

CVE-2006-0129

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlie

CVE-2006-0131

boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1)

CVE-2006-0132

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows re

CVE-2006-0134

Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote at

CVE-2006-0136

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanat

CVE-2006-0138

aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and

CVE-2006-0139

The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows

CVE-2006-0140

Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allo

CVE-2006-0141

Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial o

CVE-2006-0142

Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows re

CVE-2006-0145

The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly va

CVE-2006-0148

NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number o

CVE-2006-0149

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows

CVE-2006-0152

Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attacker

CVE-2006-0155

Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers

CVE-2006-0156

Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrar

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the admi

CVE-2006-0161

Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOT

CVE-2006-0165

Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI

CVE-2006-0168

Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrar

CVE-2006-0173

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote

CVE-2006-0174

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote

CVE-2006-0175

Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote att

CVE-2006-0179

The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large am

CVE-2006-0180

Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to injec

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authent

CVE-2006-0185

Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow

CVE-2006-0187

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defi

CVE-2006-0341

Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and ea

CVE-2006-6919

Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in

CVE-2006-6920

Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject ar

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=

CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote atta

CVE-2006-6928

Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject a

CVE-2006-6929

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers t

CVE-2007-0012

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer

CVE-2007-0015

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a lon

CVE-2007-0017

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/a

CVE-2007-0044

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers

CVE-2007-0045

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and

CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microso

CVE-2007-0048

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x

CVE-2007-0051

Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows rem

CVE-2007-0054

Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote

CVE-2007-0055

Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote

CVE-2007-0056

Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Pan

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attacke

CVE-2007-0077

lblog stores sensitive information under the web root with insufficient access control, which allows

CVE-2007-0078

BattleBlog stores sensitive information under the web root with insufficient access control, which a

CVE-2007-0080

Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers

CVE-2007-0081

Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local

CVE-2007-0082

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple exten

CVE-2007-0083

Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to in

CVE-2007-0084

Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows loc

CVE-2007-0085

Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD

CVE-2007-0088

Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary f

CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for

CVE-2007-0098

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g

CVE-2007-0101

Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthor

CVE-2007-0102

The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers t

CVE-2007-0103

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attacke

CVE-2007-0104

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.

CVE-2007-0106

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc

CVE-2007-0108

nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no

CVE-2007-0110

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server b

CVE-2007-0111

Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running

CVE-2007-0113

Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause

CVE-2007-0114

Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote aut

CVE-2007-0118

Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbit

CVE-2007-0119

Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject

CVE-2007-0121

Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inj

CVE-2007-0122

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote a

CVE-2007-0123

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and ex

CVE-2007-0125

Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infini

CVE-2007-0135

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, whe

CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, a

CVE-2007-0137

Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier,

CVE-2007-0138

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2)

CVE-2007-0141

Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote

CVE-2007-0143

Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attacker

CVE-2007-0144

Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 a

CVE-2007-0146

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers

CVE-2007-0147

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.con

CVE-2007-0148

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of

CVE-2007-0159

Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpd

CVE-2007-0161

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, u

CVE-2007-0162

Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) Application

CVE-2007-0166

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/con

CVE-2007-0173

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist

CVE-2007-0175

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attac

CVE-2007-0176

Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remot

CVE-2007-0177

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.

CVE-2007-0183

Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attacker

CVE-2007-0185

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memor

CVE-2007-0186

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to

CVE-2007-0188

F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses

CVE-2007-0191

Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject

CVE-2007-0195

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for fa

CVE-2007-0197

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of se

CVE-2007-0198

The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted,

CVE-2007-0199

The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cau

CVE-2007-0204

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote atta

CVE-2007-0206

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 al

CVE-2007-0225

Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earli

CVE-2007-0227

slocate 3.1 does not properly manage database entries that specify names of files in protected direc

CVE-2007-0228

The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause

CVE-2007-0231

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and un

CVE-2007-4769

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 befo

CVE-2007-4772

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 befo

CVE-2007-5401

Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote au

CVE-2007-5402

Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute

CVE-2007-5404

Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid i

CVE-2007-5965

QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which migh

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0

CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a d

CVE-2007-6388

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6

CVE-2007-6420

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap

CVE-2007-6422

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w

CVE-2007-6531

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow re

CVE-2007-6598

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not prop

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before

CVE-2007-6611

Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers

CVE-2007-6612

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x

CVE-2007-6613

Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GN

CVE-2007-6614

PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.

CVE-2007-6615

Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows rem

CVE-2007-6616

Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows

CVE-2007-6617

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 all

CVE-2007-6618

JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter

CVE-2007-6620

Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers t

CVE-2007-6621

Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote

CVE-2007-6623

Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to lis

CVE-2007-6624

Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attack

CVE-2007-6625

The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manag

CVE-2007-6628

LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereferenc

CVE-2007-6629

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial

CVE-2007-6630

The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote att

CVE-2007-6632

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metach

CVE-2007-6633

Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allo

CVE-2007-6634

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote atta

CVE-2007-6635

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which

CVE-2007-6636

Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted re

CVE-2007-6637

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to

CVE-2007-6640

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to danger

CVE-2007-6641

Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Redirection allows remote attack

CVE-2007-6642

Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote at

CVE-2007-6643

Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows

CVE-2007-6644

Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the

CVE-2007-6646

Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions b

CVE-2007-6648

Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote atta

CVE-2007-6651

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to ob

CVE-2007-6653

Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attacke

CVE-2007-6659

Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to

CVE-2007-6660

2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to inde

CVE-2007-6661

2z project 0.9.6.1 allows attackers to change the password without supplying the old password.

CVE-2007-6662

Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitr

CVE-2007-6667

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to exe

CVE-2007-6669

Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers

CVE-2007-6672

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the s

CVE-2007-6673

Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitra

CVE-2007-6674

Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attacke

CVE-2007-6675

The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS befor

CVE-2007-6676

The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .htm

CVE-2007-6677

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin

CVE-2007-6751

Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows

CVE-2008-0005

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev

CVE-2008-0061

MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to

CVE-2008-0090

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a de

CVE-2008-0091

Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to

CVE-2008-0092

Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State Univ

CVE-2008-0093

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 R

CVE-2008-0094

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote

CVE-2008-0095

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-be

CVE-2008-0099

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to exec

CVE-2008-0123

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other version

CVE-2008-0129

SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier a

CVE-2008-0131

Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows r

CVE-2008-0132

Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating a

CVE-2008-0134

Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier

CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficie

CVE-2008-0136

Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct reques

CVE-2008-0138

PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remo

CVE-2008-0140

Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote au

CVE-2008-0142

Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute a

CVE-2008-0146

Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inj

CVE-2008-0147

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is di

CVE-2008-0149

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpin

CVE-2008-0150

Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15,

CVE-2008-0152

SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote at

CVE-2008-0153

telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (p

CVE-2008-0155

Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attack

CVE-2008-0156

Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote att

CVE-2008-0158

Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows

CVE-2008-0159

SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to exe

CVE-2008-0184

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attacke

CVE-2008-0186

Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows r

CVE-2008-0190

Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemp

CVE-2008-0191

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p

CVE-2008-0192

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta

CVE-2008-0193

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers

CVE-2008-0197

Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th

CVE-2008-0198

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph

CVE-2008-0199

PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values

CVE-2008-0200

Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and

CVE-2008-0201

Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows r

CVE-2008-0202

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attack

CVE-2008-0203

Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.

CVE-2008-0204

Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math

CVE-2008-0205

Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th

CVE-2008-0206

Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and

CVE-2008-0207

Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote atta

CVE-2008-0208

Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows

CVE-2008-0209

Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remot

CVE-2008-0210

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set thr

CVE-2008-0218

Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows rem

CVE-2008-0225

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9

CVE-2008-0236

An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to exe

CVE-2008-0237

The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execu

CVE-2008-0239

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 thro

CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows rem

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 throu

CVE-2008-0249

PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to ad

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote

CVE-2008-5077

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal functio

CVE-2008-5808

Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56;

CVE-2008-5809

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional

CVE-2008-5817

Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 al

CVE-2008-5818

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc

CVE-2008-5819

Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc

CVE-2008-5821

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote

CVE-2008-5822

Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers

CVE-2008-5823

An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script

CVE-2008-5824

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent

CVE-2008-5828

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is

CVE-2008-5842

Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and

CVE-2008-5843

Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a

CVE-2008-5845

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow

CVE-2008-5846

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for

CVE-2008-5849

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows

CVE-2008-5852

Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control

CVE-2008-5853

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under

CVE-2008-5854

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 a

CVE-2008-5855

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient acc

CVE-2008-5856

Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attacke

CVE-2008-5857

The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain ad

CVE-2008-5858

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote atta

CVE-2008-5859

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals

CVE-2008-5860

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when

CVE-2008-5861

Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read ar

CVE-2008-5862

Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attac

CVE-2008-5867

Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary file

CVE-2008-5869

Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0

CVE-2008-5870

FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application

CVE-2008-5871

Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call pla

CVE-2008-5877

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, wh

CVE-2008-5878

Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earli

CVE-2008-5879

Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5

CVE-2008-5884

AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a G

CVE-2008-5885

The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access

CVE-2008-5886

TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access

CVE-2008-5887

phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a 'lo

CVE-2008-5889

Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject

CVE-2008-5891

Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.

CVE-2008-5894

Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include

CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from th

CVE-2009-0022

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to ac

CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenS

CVE-2009-0046

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyF

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal func

CVE-2009-0048

OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyF

CVE-2009-0049

Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the

CVE-2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify functio

CVE-2009-0051

ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function,

CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file wi

CVE-2009-0069

Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client i

CVE-2009-0072

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of servi

CVE-2009-0105

Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inj

CVE-2009-0107

Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows

CVE-2009-0112

Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote

CVE-2009-0113

Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.

CVE-2009-1996

Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenti

CVE-2009-3411

Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 1

CVE-2009-3414

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.

CVE-2009-3416

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su

CVE-2009-3734

Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control

CVE-2009-3742

Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to i

CVE-2009-4497

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attac

CVE-2009-4539

Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers

CVE-2009-4540

SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitra

CVE-2009-4542

Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remo

CVE-2009-4543

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li

CVE-2009-4544

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk

CVE-2009-4545

Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control,

CVE-2009-4547

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to injec

CVE-2009-4548

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to

CVE-2009-4552

Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote atta

CVE-2009-4553

Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (appli

CVE-2009-4554

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attacke

CVE-2009-4555

Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and Agor

CVE-2009-4558

The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6

CVE-2009-4561

Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc

CVE-2009-4562

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attack

CVE-2009-4563

Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allow

CVE-2009-4564

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allo

CVE-2009-4568

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remo

CVE-2009-4570

Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrar

CVE-2009-4572

Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack t

CVE-2009-4573

Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Jo

CVE-2009-4575

Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for J

CVE-2009-4578

Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla!

CVE-2009-4579

Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Jooml

CVE-2009-4580

Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inje

CVE-2009-4585

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access

CVE-2009-4586

Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow

CVE-2009-4587

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an

CVE-2009-4589

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink

CVE-2009-4590

Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engi

CVE-2009-4593

The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e

CVE-2009-4596

Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers t

CVE-2009-4601

Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows

CVE-2009-4602

Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x throug

CVE-2009-4603

Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.2

CVE-2009-5037

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remot

CVE-2009-5039

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS befor

CVE-2009-5040

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a

CVE-2010-0066

Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Serv

CVE-2010-0067

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 1

CVE-2010-0068

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, an

CVE-2010-0069

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.

CVE-2010-0070

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 1

CVE-2010-0074

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0,

CVE-2010-0075

Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.

CVE-2010-0076

Unspecified vulnerability in the Application Express Application Builder component in Oracle Databas

CVE-2010-0077

Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Su

CVE-2010-0078

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10

CVE-2010-0080

Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connec

CVE-2010-0215

ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions,

CVE-2010-0220

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox bef

CVE-2010-0222

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler

CVE-2010-0224

SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host com

CVE-2010-0225

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the clear

CVE-2010-0226

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows phys

CVE-2010-0227

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with

CVE-2010-0228

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key

CVE-2010-0229

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password

CVE-2010-0271

hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspeci

CVE-2010-0277

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3

CVE-2010-0278

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build

CVE-2010-0279

Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attacker

CVE-2010-10004

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic

CVE-2010-1677

MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assis

CVE-2010-2599

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows

CVE-2010-3201

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to

CVE-2010-3448

drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the

CVE-2010-3676

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenti

CVE-2010-3677

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a de

CVE-2010-3678

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash

CVE-2010-3679

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysql

CVE-2010-3680

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysql

CVE-2010-3681

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a den

CVE-2010-3682

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a de

CVE-2010-3683

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE reque

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through

CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, whic

CVE-2010-3926

Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX

CVE-2010-4013

Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-m

CVE-2010-4160

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2)

CVE-2010-4162

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to caus

CVE-2010-4163

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local

CVE-2010-4175

Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows l

CVE-2010-4225

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote at

CVE-2010-4242

The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux k

CVE-2010-4247

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c

CVE-2010-4324

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles B

CVE-2010-4348

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 al

CVE-2010-4349

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive in

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows re

CVE-2010-4497

Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIB

CVE-2010-4499

Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collabo

CVE-2010-4524

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attacke

CVE-2010-4528

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allo

CVE-2010-4534

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and

CVE-2010-4535

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4,

CVE-2010-4536

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo

CVE-2010-4539

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in

CVE-2010-4540

Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c

CVE-2010-4542

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style

CVE-2010-4645

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and oth

CVE-2010-4668

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows loc

CVE-2010-4676

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4677

emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) al

CVE-2010-4685

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map,

CVE-2010-4687

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly

CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devic

CVE-2010-4693

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier a

CVE-2010-5291

Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection

CVE-2010-5314

Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 all

CVE-2010-5315

Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attacke

CVE-2010-5316

Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remo

CVE-2010-5318

The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers t

CVE-2010-5319

Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attack

CVE-2010-5320

Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attack

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to

CVE-2011-0004

Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to in

CVE-2011-0005

Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 a

CVE-2011-0314

Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows rem

CVE-2011-0315

Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebS

CVE-2011-0316

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 a

CVE-2011-0398

The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP addre

CVE-2011-0399

Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HT

CVE-2011-0400

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https sessi

CVE-2011-0401

Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might

CVE-2011-0402

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitr

CVE-2011-0405

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, whe

CVE-2011-0443

SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disab

CVE-2011-0445

The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial o

CVE-2011-1166

Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash)

CVE-2011-1384

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.

CVE-2011-1386

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway

CVE-2011-1780

The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (ho

CVE-2011-1936

Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not prope

CVE-2011-3206

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as

CVE-2011-3337

eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Securit

CVE-2011-3657

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and

CVE-2011-3667

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3

CVE-2011-3668

Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before

CVE-2011-3669

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x befo

CVE-2011-4056

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1),

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if

CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages vi

CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, whi

CVE-2011-4530

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obta

CVE-2011-4531

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a

CVE-2011-4532

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initiali

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attacke

CVE-2011-4616

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allo

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f do

CVE-2011-4642

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy comm

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated u

CVE-2011-4778

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote at

CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form

CVE-2011-4870

Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX cont

CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor e

CVE-2011-4920

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0,

CVE-2011-4921

SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1

CVE-2011-4925

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when mu

CVE-2011-5018

Koala Framework before 2011-11-21 has XSS via the request_uri parameter.

CVE-2011-5019

Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the produ

CVE-2011-5047

Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remo

CVE-2011-5048

Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly

CVE-2011-5049

MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL poi

CVE-2011-5050

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10

CVE-2011-5052

Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitr

CVE-2011-5053

The Wi-Fi Protected Setup (WPS) protocol, when the 'external registrar' authentication method is use

CVE-2011-5054

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environm

CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the abil

CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict

CVE-2011-5058

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac

CVE-2011-5250

Snare for Linux before 1.7.0 has CSRF in the web interface.

CVE-2011-5252

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1

CVE-2011-5253

Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by

CVE-2011-5294

The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kof

CVE-2011-5296

Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to

CVE-2011-5297

Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject

CVE-2011-5298

Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote

CVE-2011-5299

Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers

CVE-2011-5300

Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR

CVE-2011-5301

Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject

CVE-2011-5302

Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote

CVE-2011-5303

Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject a

CVE-2011-5304

Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo

CVE-2011-5305

Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attacker

CVE-2011-5306

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10

CVE-2011-5307

Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a

CVE-2011-5309

Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to in

CVE-2011-5310

Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbi

CVE-2011-5311

Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attacker

CVE-2011-5312

Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject a

CVE-2011-5314

templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive informa

CVE-2011-5315

Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remot

CVE-2011-5316

Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows

CVE-2011-5317

Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attac

CVE-2011-5318

Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote att

CVE-2012-0005

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2

CVE-2012-0007

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate cha

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST bl

CVE-2012-0309

Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20

CVE-2012-0310

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if th

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit

CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public

CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all

CVE-2012-0696

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 b

CVE-2012-0860

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M)

CVE-2012-0861

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a ho

CVE-2012-10002

A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by th

CVE-2012-10003

A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This iss

CVE-2012-10004

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as proble

CVE-2012-10005

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problema

CVE-2012-1258

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.1989

CVE-2012-1260

Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinize

CVE-2012-1261

Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International

CVE-2012-1915

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS

CVE-2012-2251

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local

CVE-2012-2252

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows

CVE-2012-2378

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor

CVE-2012-2724

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-

CVE-2012-2898

Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibo

CVE-2012-2899

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigg

CVE-2012-3821

A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterpris

CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remot

CVE-2012-4543

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.

CVE-2012-4545

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0

CVE-2012-4549

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enter

CVE-2012-4550

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based a

CVE-2012-4555

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not pro

CVE-2012-4556

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remot

CVE-2012-4970

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Po

CVE-2012-5558

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and

CVE-2012-5573

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circu

CVE-2012-5581

Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a

CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permission

CVE-2012-5651

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow

CVE-2012-5652

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files

CVE-2012-5653

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated us

CVE-2012-5654

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically gene

CVE-2012-5655

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not prope

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.ph

CVE-2012-5666

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.1

CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execut

CVE-2012-5769

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read a

CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x befor

CVE-2012-5977

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified A

CVE-2012-6080

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (acti

CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2)

CVE-2012-6082

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.

CVE-2012-6084

modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly s

CVE-2012-6330

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x thr

CVE-2012-6433

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remo

CVE-2012-6434

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2

CVE-2012-6459

ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, wh

CVE-2012-6460

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, an

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 all

CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specificatio

CVE-2012-6463

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb

CVE-2012-6464

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb

CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via v

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP reques

CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users

CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anyw

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentiall

CVE-2012-6498

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote at

CVE-2012-6499

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f

CVE-2012-6500

Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote a

CVE-2012-6501

The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attack

CVE-2012-6667

Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module fo

CVE-2012-6668

Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technolog

CVE-2012-6670

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module

CVE-2012-6671

Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologi

CVE-2012-6682

Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Tec

CVE-2013-0001

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.

CVE-2013-0009

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and

CVE-2013-0010

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and

CVE-2013-0013

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,

CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain

CVE-2013-0722

Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and ear

CVE-2013-0737

Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inje

CVE-2013-10010

A vulnerability classified as problematic has been found in zerochplus. This affects the function Pr

CVE-2013-1420

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attac

CVE-2013-1642

Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attacker

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a de

CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows contex

CVE-2013-3713

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user

CVE-2013-3931

Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Jooml

CVE-2013-3936

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before

CVE-2013-4353

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke

CVE-2013-4564

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value

CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an

CVE-2013-5010

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 1

CVE-2013-5211

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause

CVE-2013-5571

HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

CVE-2013-6017

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers

CVE-2013-6028

Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow

CVE-2013-6242

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before

CVE-2013-6334

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Manag

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not valid

CVE-2013-6430

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring

CVE-2013-6450

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does n

CVE-2013-6923

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmw

CVE-2013-6953

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via

CVE-2013-6954

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial

CVE-2013-6974

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System

CVE-2013-6982

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction o

CVE-2013-6991

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP

CVE-2013-6992

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi

CVE-2013-6993

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all

CVE-2013-6997

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier

CVE-2013-7062

Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4

CVE-2013-7097

Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attack

CVE-2013-7138

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management Sy

CVE-2013-7222

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Applicatio

CVE-2013-7223

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remot

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to ob

CVE-2013-7225

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before

CVE-2013-7240

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word

CVE-2013-7249

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obt

CVE-2013-7251

Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote a

CVE-2013-7254

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject a

CVE-2013-7255

Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arb

CVE-2013-7256

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to h

CVE-2013-7257

Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary

CVE-2013-7258

Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer

CVE-2013-7263

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data st

CVE-2013-7264

The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certa

CVE-2013-7265

The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain

CVE-2013-7266

The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 doe

CVE-2013-7267

The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certai

CVE-2013-7268

The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain len

CVE-2013-7269

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certai

CVE-2013-7270

The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a ce

CVE-2013-7271

The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain len

CVE-2013-7275

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 all

CVE-2013-7276

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0

CVE-2013-7277

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95

CVE-2013-7279

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video

CVE-2013-7280

Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to caus

CVE-2013-7281

The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a cer

CVE-2013-7288

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php

CVE-2013-7289

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aph

CVE-2013-7351

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers t

CVE-2013-7417

Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users

CVE-2013-7419

Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote

CVE-2013-7485

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7

CVE-2013-7486

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7

CVE-2014-0104

In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py scri

CVE-2014-0161

ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote e

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all application

CVE-2014-0183

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS v

CVE-2014-0245

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was n

CVE-2014-0620

Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01

CVE-2014-0621

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200

CVE-2014-0651

The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce author

CVE-2014-0652

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA)

CVE-2014-0653

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow

CVE-2014-0654

Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack

CVE-2014-0655

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow

CVE-2014-0656

Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of cer

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier do

CVE-2014-0658

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) vi

CVE-2014-0663

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System

CVE-2014-0664

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service

CVE-2014-0752

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary proje

CVE-2014-0791

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP thr

CVE-2014-0802

Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and Z

CVE-2014-0803

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3

CVE-2014-0804

Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earli

CVE-2014-0805

Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free appli

CVE-2014-0977

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5

CVE-2014-10398

Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Cli

CVE-2014-1232

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre

CVE-2014-125029

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as cri

CVE-2014-125031

A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is a

CVE-2014-125034

A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this

CVE-2014-125035

A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability i

CVE-2014-125036

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affecte

CVE-2014-125039

A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected b

CVE-2014-125045

A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability i

CVE-2014-125046

A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affe

CVE-2014-125048

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affe

CVE-2014-125050

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue

CVE-2014-125051

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critic

CVE-2014-125052

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issu

CVE-2014-125054

A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affect

CVE-2014-125055

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is

CVE-2014-125056

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is s

CVE-2014-125068

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects so

CVE-2014-125069

A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected

CVE-2014-125070

A vulnerability has been found in yanheven console and classified as problematic. Affected by this v

CVE-2014-125074

A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vu

CVE-2014-1405

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.2

CVE-2014-1406

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with

CVE-2014-1407

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with run

CVE-2014-1454

Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper va

CVE-2014-1679

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 bef

CVE-2014-1858

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symli

CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/te

CVE-2014-2598

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5

CVE-2014-2838

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo

CVE-2014-3471

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS use

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in t

CVE-2014-3607

DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server host

CVE-2014-3628

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo

CVE-2014-3753

AgileBits 1Password through 1.0.9.340 allows security feature bypass

CVE-2014-3764

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N

CVE-2014-4196

Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9

CVE-2014-4553

Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al

CVE-2014-4561

The ultimate-weather plugin 1.0 for WordPress has XSS

CVE-2014-4635

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) befo

CVE-2014-4636

Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6

CVE-2014-4637

Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote att

CVE-2014-4638

EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injecti

CVE-2014-4639

EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a

CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files v

CVE-2014-4996

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arb

CVE-2014-5003

chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby al

CVE-2014-5069

Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inj

CVE-2014-5209

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET

CVE-2014-5394

Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving

CVE-2014-5509

clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink

CVE-2014-5516

Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems Kon

CVE-2014-6199

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 a

CVE-2014-6212

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0

CVE-2014-6268

The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of serv

CVE-2014-6275

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by pr

CVE-2014-7221

TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (

CVE-2014-7222

Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a

CVE-2014-7293

Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlie

CVE-2014-7294

Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libr

CVE-2014-8020

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a deni

CVE-2014-8031

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attacke

CVE-2014-8032

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sens

CVE-2014-8033

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administ

CVE-2014-8035

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL reques

CVE-2014-8036

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which a

CVE-2014-8085

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/con

CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly ha

CVE-2014-8275

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constr

CVE-2014-8674

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) bef

CVE-2014-9271

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remot

CVE-2014-9272

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly va

CVE-2014-9276

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki b

CVE-2014-9405

A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item o

CVE-2014-9435

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to ex

CVE-2014-9436

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to

CVE-2014-9437

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f

CVE-2014-9438

Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 al

CVE-2014-9439

Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers

CVE-2014-9441

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0

CVE-2014-9442

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word

CVE-2014-9443

Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows

CVE-2014-9444

Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows

CVE-2014-9446

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.

CVE-2014-9447

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils

CVE-2014-9449

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows rem

CVE-2014-9452

Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attacke

CVE-2014-9453

Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor

CVE-2014-9454

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before

CVE-2014-9457

SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote

CVE-2014-9459

Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.ph

CVE-2014-9460

Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo

CVE-2014-9500

Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows

CVE-2014-9508

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and

CVE-2014-9510

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (

CVE-2014-9516

Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to

CVE-2014-9517

Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allo

CVE-2014-9518

Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmwar

CVE-2014-9522

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote

CVE-2014-9523

Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc

CVE-2014-9524

Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo

CVE-2014-9525

Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi

CVE-2014-9526

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow r

CVE-2014-9527

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini

CVE-2014-9529

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through

CVE-2014-9908

A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows mal

CVE-2015-0204

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and

CVE-2015-0205

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1

CVE-2015-0206

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1

CVE-2015-0559

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wi

CVE-2015-0560

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissect

CVE-2015-0561

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 do

CVE-2015-0562

Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing

CVE-2015-0563

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x be

CVE-2015-0564

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wiresha

CVE-2015-0582

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to c

CVE-2015-0921

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO)

CVE-2015-0922

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across

CVE-2015-10006

A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected

CVE-2015-10007

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as probl

CVE-2015-10010

A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this

CVE-2015-10013

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has

CVE-2015-10016

A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affe

CVE-2015-10019

A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL.

CVE-2015-10021

A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is a

CVE-2015-10028

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerabil

CVE-2015-10030

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affe

CVE-2015-10032

A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vu

CVE-2015-10033

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects

CVE-2015-10128

A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problema

CVE-2015-1208

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allow

CVE-2015-2981

The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL server

CVE-2015-9247

An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabil

CVE-2015-9248

An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabiliti

CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file.

CVE-2015-9540

Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-

CVE-2016-0336

Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7

CVE-2016-10256

The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is

CVE-2016-10257

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

CVE-2016-10706

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

CVE-2016-10736

The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp

CVE-2016-15006

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issu

CVE-2016-15008

A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the

CVE-2016-15011

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this

CVE-2016-15014

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as proble

CVE-2016-15015

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Modu

CVE-2016-4642

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016

CVE-2016-4643

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver

CVE-2016-6585

A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.1

CVE-2016-6587

An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec

CVE-2016-6588

A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Sy

CVE-2016-6589

A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symant

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi

CVE-2016-9722

IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows t

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing at

CVE-2017-1000415

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate vali

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem whe

CVE-2017-1000425

Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0

CVE-2017-1000426

MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service

CVE-2017-1000427

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.

CVE-2017-1000431

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in

CVE-2017-1000434

Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect para

CVE-2017-1000442

Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password worksp

CVE-2017-1000443

Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions compon

CVE-2017-1000445

ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore c

CVE-2017-1000455

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectl

CVE-2017-1000457

Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote at

CVE-2017-1000459

Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes

CVE-2017-1000460

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017),

CVE-2017-1000461

Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access c

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the e

CVE-2017-1000465

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the p

CVE-2017-1000466

Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the i

CVE-2017-1000467

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog c

CVE-2017-1000472

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does

CVE-2017-1000476

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in co

CVE-2017-1000478

ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component

CVE-2017-1000481

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a '

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile,

CVE-2017-1000483

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc

CVE-2017-1000484

By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled nod

CVE-2017-1000495

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name fie

CVE-2017-1002152

Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by in

CVE-2017-11004

A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobil

CVE-2017-12697

A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Cl

CVE-2017-13218

Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear

CVE-2017-13886

In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configurati

CVE-2017-13891

In iOS before 11.2, an inconsistent user interface issue was addressed through improved state manage

CVE-2017-14383

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior

CVE-2017-1459

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical

CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version

CVE-2017-1493

IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they s

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor

CVE-2017-1533

IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerabilit

CVE-2017-1534

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phish

CVE-2017-1557

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially cr

CVE-2017-15717

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidH

CVE-2017-15941

Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.

CVE-2017-1623

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to emb

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/adminto

CVE-2017-1664

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithm

CVE-2017-1665

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithm

CVE-2017-1668

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing

CVE-2017-1673

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulne

CVE-2017-16732

A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows

CVE-2017-16741

An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Seri

CVE-2017-16862

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to m

CVE-2017-16864

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject a

CVE-2017-16878

Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS

CVE-2017-1727

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages

CVE-2017-1739

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scrip

CVE-2017-1740

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-sit

CVE-2017-17837

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The defaul

CVE-2017-17841

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decrypt

CVE-2017-18008

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

CVE-2017-18010

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via th

CVE-2017-18011

The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.

CVE-2017-18013

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.

CVE-2017-18015

The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter

CVE-2017-18016

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtai

CVE-2017-18018

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a pla

CVE-2017-18023

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.

CVE-2017-18024

AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a para

CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in co

CVE-2017-18028

In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImag

CVE-2017-18029

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in c

CVE-2017-18319

Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9

CVE-2017-18321

Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in vers

CVE-2017-18322

Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear i

CVE-2017-18323

Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon

CVE-2017-18324

Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear

CVE-2017-18326

Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in v

CVE-2017-18327

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile,

CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This is

CVE-2017-20164

A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected

CVE-2017-20168

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue

CVE-2017-20188

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected

CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by

CVE-2017-3718

Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privil

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allo

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allo

CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it wa

CVE-2017-7998

Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers t

CVE-2017-9796

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s

CVE-2017-9964

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions

CVE-2017-9965

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert E

CVE-2018-0002

On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP respon

CVE-2018-0003

A specially crafted MPLS packet received or processed by the system, on an interface configured with

CVE-2018-0004

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption

CVE-2018-0006

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain

CVE-2018-0008

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script al

CVE-2018-0009

On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs

CVE-2018-0010

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not hav

CVE-2018-0011

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote a

CVE-2018-0013

A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may

CVE-2018-0014

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could

CVE-2018-0282

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticat

CVE-2018-0449

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco

CVE-2018-0482

A vulnerability in the web-based management interface of Cisco Prime Network Control System could al

CVE-2018-0483

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker

CVE-2018-0484

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and

CVE-2018-0666

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and

CVE-2018-0671

Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrato

CVE-2018-0677

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same n

CVE-2018-0678

Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same netwo

CVE-2018-0688

Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released

CVE-2018-0698

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arb

CVE-2018-0741

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allo

CVE-2018-0745

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version

CVE-2018-0746

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 160

CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Win

CVE-2018-0750

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an informat

CVE-2018-0753

Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Wind

CVE-2018-0754

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Win

CVE-2018-0766

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows

CVE-2018-0767

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an att

CVE-2018-0780

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows

CVE-2018-0785

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET C

CVE-2018-0799

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise

CVE-2018-0800

Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further comp

CVE-2018-0803

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows

CVE-2018-0819

Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a u

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/

CVE-2018-1000407

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in

CVE-2018-1000408

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in co

CVE-2018-1000409

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in cor

CVE-2018-1000411

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestOb

CVE-2018-1000413

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier i

CVE-2018-1000415

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildA

CVE-2018-1000416

A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and

CVE-2018-1000419

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha

CVE-2018-1000420

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl

CVE-2018-1000421

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earli

CVE-2018-1000426

A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitCh

CVE-2018-11005

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11006

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11007

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11008

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11798

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to

CVE-2018-1190

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v2

CVE-2018-12166

Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010

CVE-2018-12167

Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us

CVE-2018-14481

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-628

CVE-2018-15456

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authentic

CVE-2018-15457

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u

CVE-2018-15461

A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticate

CVE-2018-15464

A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauth

CVE-2018-15467

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) c

CVE-2018-15780

RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote mali

CVE-2018-16066

A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent

CVE-2018-16067

A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to pot

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allo

CVE-2018-16078

Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a

CVE-2018-16079

A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.

CVE-2018-16080

A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497

CVE-2018-16082

An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacke

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed

CVE-2018-16087

Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote

CVE-2018-16088

A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowe

CVE-2018-16164

Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote aut

CVE-2018-16165

Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to injec

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was dis

CVE-2018-16173

Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to i

CVE-2018-16174

Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect

CVE-2018-16179

The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, wh

CVE-2018-16180

Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to in

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers t

CVE-2018-16187

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the dis

CVE-2018-16191

Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3,

CVE-2018-16192

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm

CVE-2018-16193

Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver

CVE-2018-16197

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a

CVE-2018-16199

Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home

CVE-2018-16204

Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote au

CVE-2018-16205

Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arb

CVE-2018-16206

Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a

CVE-2018-1657

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil

CVE-2018-16870

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+

CVE-2018-16885

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and sim

CVE-2018-16887

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with

CVE-2018-17459

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 all

CVE-2018-18004

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware be

CVE-2018-18005

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with li

CVE-2018-18688

The Portable Document Format (PDF) specification does not provide any information regarding the conc

CVE-2018-18689

The Portable Document Format (PDF) specification does not provide any information regarding the conc

CVE-2018-18893

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/Jinja

CVE-2018-18997

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthen

CVE-2018-1918

IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scriptin

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access cont

CVE-2018-19371

The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allow

CVE-2018-19414

Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to in

CVE-2018-19478

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long runni

CVE-2018-19505

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impers

CVE-2018-1951

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil

CVE-2018-19523

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80

CVE-2018-19600

Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.

CVE-2018-19992

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated user

CVE-2018-19993

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to in

CVE-2018-19995

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated user

CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Na

CVE-2018-20068

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed

CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior

CVE-2018-20070

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80

CVE-2018-20071

Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome

CVE-2018-20326

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser

CVE-2018-20651

A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary

CVE-2018-20652

An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in ti

CVE-2018-20659

An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an a

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica

CVE-2018-20663

The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Pers

CVE-2018-20671

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow

CVE-2018-20673

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.

CVE-2018-20680

Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.

CVE-2018-20681

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to

CVE-2018-20682

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka 'Admi

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrict

CVE-2018-20699

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption

CVE-2018-2362

A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP request

CVE-2018-25063

A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by thi

CVE-2018-25065

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic.

CVE-2018-25067

A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affect

CVE-2018-25097

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7.

CVE-2018-3610

SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the a

CVE-2018-3815

The 'XML Interface to Messaging, Scheduling, and Signaling' (XIMSS) protocol implementation in Commu

CVE-2018-3986

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of th

CVE-2018-4032

An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improp

CVE-2018-4033

The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper

CVE-2018-4034

The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due

CVE-2018-4035

The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due

CVE-2018-4036

The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper

CVE-2018-4037

The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper

CVE-2018-4041

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve

CVE-2018-4042

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve

CVE-2018-4043

An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper

CVE-2018-4044

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve

CVE-2018-4045

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve

CVE-2018-4046

An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, versi

CVE-2018-4047

An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve

CVE-2018-4179

In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This is

CVE-2018-4181

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improve

CVE-2018-4255

In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat

CVE-2018-4256

In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo

CVE-2018-4868

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication s

CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

CVE-2018-5073

Online Ticket Booking has CSRF via admin/movieedit.php.

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

CVE-2018-5075

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

CVE-2018-5077

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

CVE-2018-5078

Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

CVE-2018-5212

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (

CVE-2018-5213

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downlo

CVE-2018-5214

The 'Add Link to Facebook' plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parame

CVE-2018-5215

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

CVE-2018-5216

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/

CVE-2018-5249

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remot

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value

CVE-2018-5252

libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_

CVE-2018-5263

The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.

CVE-2018-5268

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modul

CVE-2018-5269

In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bi

CVE-2018-5280

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO

CVE-2018-5281

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Cat

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options

CVE-2018-5286

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5288

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5292

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUIn

CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function

CVE-2018-5296

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection fun

CVE-2018-5301

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resu

CVE-2018-5309

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStr

CVE-2018-5310

In the 'Media from FTP' plugin before 9.85 for WordPress, Directory Traversal exists via the searchd

CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options paramete

CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post

CVE-2018-5316

The 'SagePay Server Gateway for WooCommerce' plugin before 1.0.9 for WordPress has XSS via the inclu

CVE-2018-5331

Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated

CVE-2018-5333

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases

CVE-2018-5334

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was ad

CVE-2018-5335

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed i

CVE-2018-5357

ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.

CVE-2018-5358

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as

CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[page] parameter to wp-admin/

CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[en] or wpglobus_option[enabl

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[redirect_by_language] parame

CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[show_selector] parameter to

CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option parameter to wp-admin/option

CVE-2018-5367

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post] parameter to wp-admin/

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/opt

CVE-2018-5375

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete a

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.

CVE-2018-5650

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_mat

CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi

CVE-2018-5652

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi

CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5657

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5659

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5660

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5661

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5662

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5663

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5664

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5665

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5666

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5667

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a

CVE-2018-5668

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a

CVE-2018-5670

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-5671

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-5672

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-6091

Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google

CVE-2018-6093

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacke

CVE-2018-6096

A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.335

CVE-2018-6100

Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0

CVE-2018-6109

readAsText() can indefinitely read the file picked by the user, rather than only once at the time th

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote atta

CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359

CVE-2018-6113

Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.

CVE-2018-6114

Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allo

CVE-2018-6117

Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to

CVE-2018-6123

A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potent

CVE-2018-6133

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62

CVE-2018-6135

Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome pr

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cros

CVE-2018-6143

Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to pe

CVE-2018-6147

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a

CVE-2018-6160

JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacke

CVE-2018-6163

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a

CVE-2018-6165

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote

CVE-2018-6166

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6167

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6169

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 all

CVE-2018-6172

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6173

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6175

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75

CVE-2018-6178

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed

CVE-2018-6179

Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chr

CVE-2018-7900

There is an information leak vulnerability in some Huawei HG products. An attacker may obtain inform

CVE-2018-8827

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2

CVE-2019-10205

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able

CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, a

CVE-2019-11761

By using a form with a data URI it was possible to gain access to the privileged JSONView object tha

CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible

CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly

CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click

CVE-2019-13765

Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote a

CVE-2019-13766

Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to

CVE-2019-14302

On Ricoh SP C250DN 1.06 devices, a debug port can be used.

CVE-2019-14820

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.c

CVE-2019-14854

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log

CVE-2019-14862

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the conte

CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i

CVE-2019-14918

XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows

CVE-2019-15602

The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cro

CVE-2019-15603

The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a ma

CVE-2019-15983

A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authentic

CVE-2019-15999

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could all

CVE-2019-16154

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 ma

CVE-2019-16271

DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF docum

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name fiel

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New

CVE-2019-17000

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This

CVE-2019-17001

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execu

CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged an

CVE-2019-17016

When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incor

CVE-2019-17018

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to imp

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet,

CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content

CVE-2019-17022

When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, res

CVE-2019-17151

This vulnerability allows remote attackers redirect users to an external resource on affected instal

CVE-2019-18588

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions

CVE-2019-18652

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing

CVE-2019-18842

A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT U

CVE-2019-18859

Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.

CVE-2019-19086

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).

CVE-2019-19087

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).

CVE-2019-19254

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect

CVE-2019-19255

GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.

CVE-2019-19256

GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

CVE-2019-19257

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control

CVE-2019-19258

GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

CVE-2019-19259

GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Referenc

CVE-2019-19260

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control

CVE-2019-19262

GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.

CVE-2019-19263

GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.

CVE-2019-19265

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS

CVE-2019-19266

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS

CVE-2019-19309

GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.

CVE-2019-19310

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

CVE-2019-19312

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project change

CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the

CVE-2019-19441

HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak

CVE-2019-19817

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils

CVE-2019-19819

The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtil

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function

CVE-2019-20153

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.

CVE-2019-20154

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4.

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The

CVE-2019-20203

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr

CVE-2019-20208

dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.

CVE-2019-20220

In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.ph

CVE-2019-20221

In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XS

CVE-2019-20222

In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in t

CVE-2019-20223

In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that u

CVE-2019-20334

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter i

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without pro

CVE-2019-20354

The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a

CVE-2019-20363

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.

CVE-2019-20364

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.js

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search p

CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Conte

CVE-2019-20372

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demon

CVE-2019-20375

A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attacker

CVE-2019-20376

A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attacker

CVE-2019-20378

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.

CVE-2019-20379

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.

CVE-2019-25013

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on In

CVE-2019-25094

A vulnerability, which was classified as problematic, was found in innologi appointments Extension u

CVE-2019-25097

A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by

CVE-2019-25098

A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. Th

CVE-2019-25099

A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects

CVE-2019-3405

In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deau

CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutraliza

CVE-2019-3501

The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandl

CVE-2019-3572

An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function wri

CVE-2019-3573

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fr

CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The C

CVE-2019-3768

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A

CVE-2019-4559

IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The infor

CVE-2019-5005

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of

CVE-2019-5006

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer d

CVE-2019-5188

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the

CVE-2019-5311

An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability vi

CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac

CVE-2019-5844

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker

CVE-2019-5845

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker

CVE-2019-5846

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker

CVE-2019-5884

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enable

CVE-2019-5892

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x befor

CVE-2019-5988

Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 2

CVE-2019-5989

DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 Jun

CVE-2019-6129

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE:

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonst

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbo

CVE-2019-6133

In PolicyKit (aka polkit) 0.115, the 'start time' protection mechanism can be bypassed because fork(

CVE-2019-6243

Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).

CVE-2019-6248

PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the src

CVE-2019-6332

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerab

CVE-2019-6529

An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versio

CVE-2019-6700

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2

CVE-2019-9465

In the Titan M handling of cryptographic operations, there is a possible information disclosure due

CVE-2019-9537

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

CVE-2019-9538

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

CVE-2019-9539

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

CVE-2019-9540

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

CVE-2019-9541

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System al

CVE-2019-9542

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

CVE-2020-0003

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-che

CVE-2020-0004

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceed

CVE-2020-0006

In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of he

CVE-2020-0007

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to un

CVE-2020-0008

In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds re

CVE-2020-0009

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a perm

CVE-2020-10137

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or

CVE-2020-13116

OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy

CVE-2020-13922

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over

CVE-2020-15799

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All

CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 an

CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote

CVE-2020-16027

Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an

CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attack

CVE-2020-16031

Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker

CVE-2020-16032

Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote atta

CVE-2020-16033

Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attac

CVE-2020-16034

Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attack

CVE-2020-16036

Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote atta

CVE-2020-16040

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker

CVE-2020-16042

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain p

CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: A

CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to f

CVE-2020-1767

Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change t

CVE-2020-1785

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system

CVE-2020-1786

HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authent

CVE-2020-1787

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authenticat

CVE-2020-1810

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA a

CVE-2020-1826

Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an informa

CVE-2020-23249

GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.

CVE-2020-23631

Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers

CVE-2020-23643

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/We

CVE-2020-23644

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executin

CVE-2020-23986

Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a ref

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the

CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with

CVE-2020-24701

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite

CVE-2020-24900

The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to

CVE-2020-24901

The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS d

CVE-2020-24902

Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validati

CVE-2020-24903

Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper

CVE-2020-25427

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-mast

CVE-2020-25476

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulner

CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher t

CVE-2020-25659

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, vi

CVE-2020-25678

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear

CVE-2020-25680

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificat

CVE-2020-25950

Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that

CVE-2020-26046

FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie steali

CVE-2020-26186

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulner

CVE-2020-26199

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password

CVE-2020-26293

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can l

CVE-2020-26294

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golan

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdB

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can

CVE-2020-26628

A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which a

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can

CVE-2020-26713

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The informa

CVE-2020-26768

Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by i

CVE-2020-26800

A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially craft

CVE-2020-26975

When a malicious application installed on the user's device broadcast an Intent to Firefox for Andro

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo

CVE-2020-26977

By attempting to connect a website using an unresponsive port, an attacker could have controlled the

CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both

CVE-2020-26979

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a websit

CVE-2020-26981

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-27260

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabiliti

CVE-2020-27262

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (X

CVE-2020-27283

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001)

CVE-2020-27428

A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers

CVE-2020-27835

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found

CVE-2020-27841

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is a

CVE-2020-27842

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provi

CVE-2020-27843

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide spe

CVE-2020-27845

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is abl

CVE-2020-28208

An email address enumeration vulnerability exists in the password reset function of Rocket.Chat thro

CVE-2020-28390

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3

CVE-2020-28391

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All

CVE-2020-28395

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCAL

CVE-2020-28841

MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioct

CVE-2020-29489

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text passwor

CVE-2020-29490

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service v

CVE-2020-29496

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability

CVE-2020-29497

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability

CVE-2020-29498

Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote un

CVE-2020-29500

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil

CVE-2020-29501

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil

CVE-2020-29502

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil

CVE-2020-35111

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest ca

CVE-2020-35170

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers

CVE-2020-35204

Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code

CVE-2020-35206

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly i

CVE-2020-35493

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be p

CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input f

CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be

CVE-2020-35496

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacke

CVE-2020-35507

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 wh

CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE ima

CVE-2020-35719

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35720

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in mu

CVE-2020-35721

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force

CVE-2020-35723

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35724

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35726

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35727

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i

CVE-2020-35952

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages tha

CVE-2020-35964

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrec

CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel t

CVE-2020-36159

Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup p

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e

CVE-2020-36190

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

CVE-2020-36191

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstr

CVE-2020-36644

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic.

CVE-2020-36647

A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is

CVE-2020-36650

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This

CVE-2020-4336

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to i

CVE-2020-4487

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de

CVE-2020-4544

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de

CVE-2020-4606

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) a

CVE-2020-4663

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th

CVE-2020-4664

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th

CVE-2020-4666

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th

CVE-2020-4667

IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obta

CVE-2020-4673

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further

CVE-2020-4674

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against

CVE-2020-4691

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users

CVE-2020-4697

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users

CVE-2020-4733

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users

CVE-2020-4761

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerab

CVE-2020-4869

IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflo

CVE-2020-4892

IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability al

CVE-2020-4893

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information

CVE-2020-4895

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-si

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by imp

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could al

CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privile

CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due t

CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By inter

CVE-2020-5017

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to informati

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by im

CVE-2020-5020

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking

CVE-2020-5021

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset w

CVE-2020-5022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to

CVE-2020-5147

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti

CVE-2020-5205

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to se

CVE-2020-5305

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manag

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the catego

CVE-2020-5393

In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.

CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to user

CVE-2020-5512

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.

CVE-2020-5513

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.

CVE-2020-5842

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=

CVE-2020-5843

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.

CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax wi

CVE-2020-6166

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti

CVE-2020-6583

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijackin

CVE-2020-6610

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_

CVE-2020-6611

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

CVE-2020-6615

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (d

CVE-2020-6629

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decomp

CVE-2020-6630

An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function g

CVE-2020-6631

An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function g

CVE-2020-6632

In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is relat

CVE-2020-6750

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address ins

CVE-2020-6758

A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.

CVE-2020-6847

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator att

CVE-2020-7202

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and In

CVE-2020-7336

Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7

CVE-2020-8160

MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a

CVE-2020-9059

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to

CVE-2020-9060

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited

CVE-2020-9061

Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to t

CVE-2021-0301

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to lo

CVE-2021-0304

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsaf

CVE-2021-0308

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds

CVE-2021-0309

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to lo

CVE-2021-0311

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds

CVE-2021-0312

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer ov

CVE-2021-0320

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible b

CVE-2021-0321

In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determ

CVE-2021-0322

In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to

CVE-2021-0342

In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could le

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kerne

CVE-2021-1054

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode lay

CVE-2021-1055

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode lay

CVE-2021-1061

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause

CVE-2021-1066

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validate

CVE-2021-1637

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1646

Windows WLAN Service Elevation of Privilege Vulnerability

CVE-2021-1656

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1663

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1670

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1672

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1676

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1677

Azure Active Directory Pod Identity Spoofing Vulnerability

CVE-2021-1683

Microsoft is aware of the &quot;Impersonation in the Passkey Entry Protocol&quot; vulnerability. For

CVE-2021-1684

Microsoft is aware of the &quot;Impersonation in the Passkey Entry Protocol&quot; vulnerability. For

CVE-2021-1696

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1699

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1705

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

CVE-2021-1725

Bot Framework SDK Information Disclosure Vulnerability

CVE-2021-1918

Improper handling of resource allocation in virtual machines can lead to information exposure in Sna

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain und

CVE-2021-20868

Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earli

CVE-2021-20869

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se

CVE-2021-20870

Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C7

CVE-2021-20871

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se

CVE-2021-20872

Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and

CVE-2021-21200

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacke

CVE-2021-21235

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there i

CVE-2021-21236

CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before

CVE-2021-21445

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to inc

CVE-2021-21447

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attac

CVE-2021-21448

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application S

CVE-2021-21464

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr

CVE-2021-21467

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an au

CVE-2021-21468

The BW Database Interface does not perform necessary authorization checks for an authenticated user,

CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, vers

CVE-2021-21471

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can le

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is p

CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in

CVE-2021-23123

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs ari

CVE-2021-23125

An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related param

CVE-2021-23173

The affected product is vulnerable to an improper access control, which may allow an authenticated u

CVE-2021-23241

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLes

CVE-2021-23242

MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonst

CVE-2021-23927

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.

CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML

CVE-2021-23930

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file.

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.

CVE-2021-23933

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.

CVE-2021-23934

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.

CVE-2021-23935

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript

CVE-2021-23936

OX App Suite through 7.10.4 allows XSS via the subject of a task.

CVE-2021-24680

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of

CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame

CVE-2021-24991

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab

CVE-2021-24999

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic

CVE-2021-25000

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet

CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat

CVE-2021-25016

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d

CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape

CVE-2021-25027

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b

CVE-2021-25040

The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par

CVE-2021-25043

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b

CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc

CVE-2021-26328

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of

CVE-2021-26343

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attack

CVE-2021-26355

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid mess

CVE-2021-26396

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss

CVE-2021-26403

Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potential

CVE-2021-26404

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading

CVE-2021-26407

A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key pot

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.

CVE-2021-28711

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV

CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV

CVE-2021-28713

Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets f

CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets f

CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.

CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF numb

CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrol

CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via t

CVE-2021-3026

Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or com

CVE-2021-30278

Improper input validation in TrustZone memory transfer interface can lead to information disclosure

CVE-2021-30283

Possible denial of service due to improper handling of debug register trap from user applications in

CVE-2021-30348

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon A

CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

CVE-2021-31589

A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Re

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications.

CVE-2021-35093

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sa

CVE-2021-35452

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

CVE-2021-35500

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO D

CVE-2021-36408

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decodi

CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fal

CVE-2021-36411

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ

CVE-2021-36603

Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript co

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) att

CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable

CVE-2021-36739

The 'first name' and 'last name' fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetyp

CVE-2021-36751

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver

CVE-2021-37112

Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful ex

CVE-2021-37114

There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerabi

CVE-2021-37118

The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful e

CVE-2021-37132

PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful e

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C

CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C

CVE-2021-37529

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream func

CVE-2021-37530

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_strea

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the ST

CVE-2021-38674

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud.

CVE-2021-38895

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulne

CVE-2021-38928

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Shar

CVE-2021-38956

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in H

CVE-2021-39980

Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability

CVE-2021-39981

Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling nu

CVE-2021-40001

The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability

CVE-2021-40003

HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may

CVE-2021-40006

Vulnerability of design defects in the security algorithm component. Successful exploitation of this

CVE-2021-40009

There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat

CVE-2021-40037

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M

CVE-2021-40041

There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network

CVE-2021-40111

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND a

CVE-2021-40559

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc fu

CVE-2021-40562

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box

CVE-2021-40563

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the

CVE-2021-40564

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 vi

CVE-2021-40565

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1

CVE-2021-40566

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via th

CVE-2021-41043

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.

CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview

CVE-2021-41767

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-priv

CVE-2021-41789

In wifi driver, there is a possible system crash due to a missing validation check. This could lead

CVE-2021-41823

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to

CVE-2021-42558

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulne

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism

CVE-2021-42749

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing

CVE-2021-42841

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input

CVE-2021-4301

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by t

CVE-2021-4302

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. T

CVE-2021-4303

A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x.

CVE-2021-4307

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Aff

CVE-2021-4309

A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue

CVE-2021-4310

A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Aff

CVE-2021-43333

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for conf

CVE-2021-43436

MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field duri

CVE-2021-43677

Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.

CVE-2021-43850

Discourse is an open source platform for community discussion. In affected versions admins users can

CVE-2021-43942

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrar

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to a

CVE-2021-43949

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re

CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re

CVE-2021-43960

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires admi

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 a

CVE-2021-43974

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end

CVE-2021-44528

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a

CVE-2021-44584

Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote at

CVE-2021-44590

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Re

CVE-2021-44591

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that

CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an

CVE-2021-44674

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability al

CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or

CVE-2021-45449

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or

CVE-2021-45452

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory t

CVE-2021-45744

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in lo

CVE-2021-45745

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in lo

CVE-2021-45829

HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.

CVE-2021-45830

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/

CVE-2021-45831

A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which cau

CVE-2021-45832

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which c

CVE-2021-45833

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_m

CVE-2021-46038

A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial

CVE-2021-46039

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, w

CVE-2021-46040

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets fun

CVE-2021-46041

A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes

CVE-2021-46042

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a De

CVE-2021-46043

A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes

CVE-2021-46044

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Deni

CVE-2021-46045

GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent

CVE-2021-46046

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause

CVE-2021-46047

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.

CVE-2021-46048

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina

CVE-2021-46049

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which cou

CVE-2021-46050

A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

CVE-2021-46051

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, whi

CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::v

CVE-2021-46053

A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL

CVE-2021-46054

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina

CVE-2021-46055

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina

CVE-2021-46068

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi

CVE-2021-46069

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi

CVE-2021-46070

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi

CVE-2021-46071

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi

CVE-2021-46072

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi

CVE-2021-46073

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen

CVE-2021-46074

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen

CVE-2021-46078

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System

CVE-2021-46080

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. A

CVE-2021-46109

Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.3

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali

CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Ca

CVE-2021-46145

The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is rela

CVE-2021-46146

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

CVE-2021-46148

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

CVE-2021-46150

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

CVE-2021-46163

Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.

CVE-2021-46166

Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive inf

CVE-2021-46225

A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial

CVE-2021-46283

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local us

CVE-2022-0012

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex

CVE-2022-0013

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that ena

CVE-2022-0014

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enable

CVE-2022-0079

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

CVE-2022-0083

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

CVE-2022-0087

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S

CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site

CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local a

CVE-2022-0155

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CVE-2022-0157

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('C

CVE-2022-0159

orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-sit

CVE-2022-0174

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 al

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypt

CVE-2022-0801

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote

CVE-2022-1102

A vulnerability classified as problematic has been found in SourceCodester Royale Event Management S

CVE-2022-20013

In vow driver, there is a possible memory corruption due to a race condition. This could lead to loc

CVE-2022-20014

In vow driver, there is a possible memory corruption due to improper input validation. This could le

CVE-2022-20015

In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This c

CVE-2022-20016

In vow driver, there is a possible memory corruption due to improper locking. This could lead to loc

CVE-2022-20018

In seninf driver, there is a possible information disclosure due to uninitialized data. This could l

CVE-2022-20019

In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. Thi

CVE-2022-20020

In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This coul

CVE-2022-20021

In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the re

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a con

CVE-2022-20023

In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_r

CVE-2022-20612

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earl

CVE-2022-20613

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attacker

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier a

CVE-2022-20620

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configurat

CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a

CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template

CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with 'https

CVE-2022-21650

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in

CVE-2022-21651

Shopware is an open source e-commerce software platform. An open redirect vulnerability has been dis

CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that

CVE-2022-21672

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2

CVE-2022-21839

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

CVE-2022-21877

Storage Spaces Controller Information Disclosure Vulnerability

CVE-2022-21891

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

CVE-2022-21892

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21899

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

CVE-2022-21906

Windows Defender Application Control Security Feature Bypass Vulnerability

CVE-2022-21918

DirectX Graphics Kernel File Denial of Service Vulnerability

CVE-2022-21921

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVE-2022-21924

Workstation Service Remote Protocol Security Feature Bypass Vulnerability

CVE-2022-21925

Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability

CVE-2022-21928

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21930

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-21931

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-21932

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2022-21954

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-21958

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21959

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21960

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21961

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21962

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21963

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2022-21964

Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability

CVE-2022-21970

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-22079

Denial of service while processing fastboot flash command on mmc due to buffer over read

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker t

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker t

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS

CVE-2022-22117

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in t

CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset fea

CVE-2022-22263

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applica

CVE-2022-22268

Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate a

CVE-2022-22271

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allow

CVE-2022-22284

Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to byp

CVE-2022-22287

Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isola

CVE-2022-22289

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotel

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_T

CVE-2022-22337

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive inform

CVE-2022-22352

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scr

CVE-2022-22371

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session aft

CVE-2022-22470

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read b

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creatin

CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugi

CVE-2022-22815

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVE-2022-22816

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImageP

CVE-2022-22821

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lea

CVE-2022-22836

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacke

CVE-2022-22844

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving

CVE-2022-22846

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matche

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between t

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function w

CVE-2022-23108

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build l

CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a

CVE-2022-23111

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlie

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying w

CVE-2022-23115

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allo

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native application

CVE-2022-23546

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2022-24913

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure T

CVE-2022-25722

Information exposure in DSP services due to improper handling of freeing memory

CVE-2022-25725

Denial of service in MODEM due to improper pointer handling

CVE-2022-28975

A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to

CVE-2022-30332

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provide

CVE-2022-3145

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an att

CVE-2022-32623

In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to

CVE-2022-32636

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead t

CVE-2022-32637

In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could l

CVE-2022-32638

In isp, there is a possible out of bounds write due to a race condition. This could lead to local es

CVE-2022-32639

In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead t

CVE-2022-32640

In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead

CVE-2022-32641

In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead

CVE-2022-32644

In vow, there is a possible use after free due to a race condition. This could lead to local escalat

CVE-2022-32645

In vow, there is a possible information disclosure due to a race condition. This could lead to local

CVE-2022-32646

In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to loc

CVE-2022-32647

In ccu, there is a possible out of bounds write due to improper input validation. This could lead to

CVE-2022-32648

In disp, there is a possible use after free due to a race condition. This could lead to local escala

CVE-2022-32649

In jpeg, there is a possible use after free due to a logic error. This could lead to local escalatio

CVE-2022-32650

In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escala

CVE-2022-32651

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala

CVE-2022-32652

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala

CVE-2022-32653

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala

CVE-2022-32657

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could

CVE-2022-32658

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could

CVE-2022-32659

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could

CVE-2022-32919

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2,

CVE-2022-32931

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An

CVE-2022-33252

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

CVE-2022-33253

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

CVE-2022-33255

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and

CVE-2022-33283

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame

CVE-2022-33284

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

CVE-2022-3341

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of liba

CVE-2022-34323

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to

CVE-2022-34330

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scr

CVE-2022-34335

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user t

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unw

CVE-2022-3514

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7,

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7

CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that w

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Serv

CVE-2022-3628

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occu

CVE-2022-36442

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the page

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plug

CVE-2022-37934

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch se

CVE-2022-38481

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflecte

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

CVE-2022-38489

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-si

CVE-2022-3855

The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, w

CVE-2022-3863

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package

CVE-2022-38678

In contacts service, there is a missing permission check. This could lead to local denial of service

CVE-2022-38682

In contacts service, there is a missing permission check. This could lead to local denial of service

CVE-2022-38683

In contacts service, there is a missing permission check. This could lead to local denial of service

CVE-2022-38684

In contacts service, there is a missing permission check. This could lead to local denial of service

CVE-2022-3870

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7

CVE-2022-38773

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of t

CVE-2022-39081

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39082

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39083

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39084

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39085

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39086

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39087

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39088

In network service, there is a missing permission check. This could lead to local escalation of priv

CVE-2022-39104

In contacts service, there is a missing permission check. This could lead to local denial of service

CVE-2022-39116

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This

CVE-2022-39118

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This

CVE-2022-39183

Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.

CVE-2022-39186

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured

CVE-2022-39187

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability throug

CVE-2022-3923

The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check w

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's

CVE-2022-4025

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attack

CVE-2022-40361

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code vi

CVE-2022-4057

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export

CVE-2022-40615

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remot

CVE-2022-40711

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Adm

CVE-2022-4103

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF check

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some

CVE-2022-4131

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7

CVE-2022-41336

An improper neutralization of input during web page generation vulnerability in FortiPortal version

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte

CVE-2022-41740

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fiel

CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings

CVE-2022-4200

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti

CVE-2022-42281

NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privil

CVE-2022-42282

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitra

CVE-2022-42284

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This ma

CVE-2022-42288

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some

CVE-2022-4260

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c

CVE-2022-42704

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp)

CVE-2022-42710

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.3

CVE-2022-42816

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.

CVE-2022-4301

The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo

CVE-2022-4310

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when loggi

CVE-2022-4325

The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a paramete

CVE-2022-4329

The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a

CVE-2022-43391

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t

CVE-2022-43392

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID

CVE-2022-4344

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 all

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and

CVE-2022-43524

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c

CVE-2022-43525

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O

CVE-2022-43526

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O

CVE-2022-43527

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator wit

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c

CVE-2022-43532

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut

CVE-2022-43539

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an atta

CVE-2022-43540

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local m

CVE-2022-43573

IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email

CVE-2022-4362

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7

CVE-2022-4368

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputti

CVE-2022-4369

The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete

CVE-2022-4374

The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter bef

CVE-2022-4381

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4382

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver

CVE-2022-4391

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its s

CVE-2022-4392

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and es

CVE-2022-4394

The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its sett

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo

CVE-2022-4426

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check

CVE-2022-4429

Avira Security for Windows contains an unquoted service path which allows attackers with local admin

CVE-2022-4432

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver t

CVE-2022-4433

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver t

CVE-2022-4434

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a loc

CVE-2022-4435

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe d

CVE-2022-44422

In music service, there is a missing permission check. This could lead to local denial of service in

CVE-2022-44423

In music service, there is a missing permission check. This could lead to local denial of service in

CVE-2022-44424

In music service, there is a missing permission check. This could lead to local denial of service in

CVE-2022-44425

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44426

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44427

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44428

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44429

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44430

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44431

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44432

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44434

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44435

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44436

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44437

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44438

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44439

In messaging service, there is a missing permission check. This could lead to local denial of servic

CVE-2022-44440

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44441

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44442

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service

CVE-2022-44443

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44444

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44445

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-44446

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service

CVE-2022-4457

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a

CVE-2022-4468

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its sho

CVE-2022-4491

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its short

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attri

CVE-2022-45027

perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request head

CVE-2022-45049

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute c

CVE-2022-45051

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute c

CVE-2022-45052

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutra

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application

CVE-2022-45166

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.

CVE-2022-45728

Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) v

CVE-2022-45729

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows att

CVE-2022-45857

An incorrect user management vulnerability in the FortiManager version 6.4.6 and below VDOM creatio

CVE-2022-45911

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login pag

CVE-2022-45913

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in we

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker wit

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perfo

CVE-2022-46180

Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum s

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a r

CVE-2022-46305

ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker

CVE-2022-46309

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user p

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow

CVE-2022-46371

Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message conta

CVE-2022-46438

A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1

CVE-2022-46456

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /

CVE-2022-46457

NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /o

CVE-2022-46489

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_iso

CVE-2022-46490

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_b

CVE-2022-46503

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student En

CVE-2022-46603

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted ma

CVE-2022-46622

A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to exe

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi

CVE-2022-46710

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, m

CVE-2022-46769

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabili

CVE-2022-46823

A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V

CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4705

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4707

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi

CVE-2022-4708

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-47086

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load

CVE-2022-4709

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4710

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in v

CVE-2022-47102

A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows at

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursio

CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download

CVE-2022-48257

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.

CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.

CVE-2022-4842

A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was foun

CVE-2022-48504

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. A

CVE-2022-48577

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventur

CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can

CVE-2022-4875

A vulnerability has been found in fossology and classified as problematic. This vulnerability affect

CVE-2022-4876

A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issu

CVE-2022-4877

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vul

CVE-2022-4878

A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of

CVE-2022-4881

A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issu

CVE-2022-4882

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected

CVE-2022-4884

Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator

CVE-2022-4885

A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulner

CVE-2022-4958

A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unkno

CVE-2022-4959

A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerab

CVE-2022-4960

A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web

CVE-2022-4962

A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issu

CVE-2023-0012

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_Loc

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 75

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 42

CVE-2023-0023

In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to naviga

CVE-2023-0038

The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross

CVE-2023-0042

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5

CVE-2023-0055

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prio

CVE-2023-0057

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver

CVE-2023-0087

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘s

CVE-2023-0106

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0107

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0108

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0110

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0111

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0112

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0114

A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by thi

CVE-2023-0125

A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affe

CVE-2023-0130

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74

CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a

CVE-2023-0132

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.541

CVE-2023-0133

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.541

CVE-2023-0139

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5

CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.7

CVE-2023-0141

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote att

CVE-2023-0162

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of i

CVE-2023-0227

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.

CVE-2023-0246

A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affe

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘or

CVE-2023-0258

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as pr

CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socke

CVE-2023-2030

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6

CVE-2023-21525

Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-21536

Event Tracing for Windows Information Disclosure Vulnerability

CVE-2023-21540

Windows Cryptographic Information Disclosure Vulnerability

CVE-2023-21550

Windows Cryptographic Information Disclosure Vulnerability

CVE-2023-21559

Windows Cryptographic Information Disclosure Vulnerability

CVE-2023-21560

Windows Boot Manager Security Feature Bypass Vulnerability

CVE-2023-21682

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability

CVE-2023-21725

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVE-2023-21753

Event Tracing for Windows Information Disclosure Vulnerability

CVE-2023-21766

Windows Overlay Filter Information Disclosure Vulnerability

CVE-2023-22395

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks

CVE-2023-22397

An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Pac

CVE-2023-22398

An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Net

CVE-2023-22402

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthen

CVE-2023-22404

An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper

CVE-2023-22405

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerab

CVE-2023-22406

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks

CVE-2023-22407

An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos O

CVE-2023-22409

An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS al

CVE-2023-22410

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS

CVE-2023-22414

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were genera

CVE-2023-22453

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2023-22455

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2023-22456

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scr

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to

CVE-2023-22465

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.2

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to vers

CVE-2023-22475

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-

CVE-2023-22479

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legiti

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flar

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read r

CVE-2023-22492

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows ap

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In

CVE-2023-22622

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and th

CVE-2023-22945

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via

CVE-2023-22963

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digi

CVE-2023-23454

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a de

CVE-2023-23455

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a

CVE-2023-23456

A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The f

CVE-2023-23457

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An att

CVE-2023-26159

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation d

CVE-2023-26998

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e

CVE-2023-27000

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e

CVE-2023-28185

An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.

CVE-2023-28898

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles request

CVE-2023-28899

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause ve

CVE-2023-29049

The 'upsell' widget at the portal page could be abused to inject arbitrary script code. Attackers th

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inje

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to cap

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

CVE-2023-30617

Kruise provides automated management of large-scale applications on Kubernetes. Starting in version

CVE-2023-31001

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation

CVE-2023-31211

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker t

CVE-2023-32424

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16

CVE-2023-32831

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could

CVE-2023-32872

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lea

CVE-2023-32875

In keyInstall, there is a possible information disclosure due to a missing bounds check. This could

CVE-2023-32876

In keyInstall, there is a possible information disclosure due to a missing bounds check. This could

CVE-2023-32877

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t

CVE-2023-32878

In battery, there is a possible information disclosure due to a missing bounds check. This could lea

CVE-2023-32879

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t

CVE-2023-32880

In battery, there is a possible information disclosure due to a missing bounds check. This could lea

CVE-2023-32881

In battery, there is a possible information disclosure due to an integer overflow. This could lead t

CVE-2023-32882

In battery, there is a possible memory corruption due to a missing bounds check. This could lead to

CVE-2023-32883

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could

CVE-2023-32884

In netdagent, there is a possible information disclosure due to an incorrect bounds check. This coul

CVE-2023-32885

In display drm, there is a possible memory corruption due to a missing bounds check. This could lead

CVE-2023-32891

In bluetooth service, there is a possible out of bounds write due to improper input validation. This

CVE-2023-33014

Information disclosure in Core services while processing a Diag command.

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVE-2023-34323

When a transaction is committed, C Xenstored will first checkthe quota is correct before attempting

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock.This happens when the clos

CVE-2023-34327

AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests u

CVE-2023-34328

AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests u

CVE-2023-36629

The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-

CVE-2023-36842

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcp

CVE-2023-3726

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Sc

CVE-2023-37644

SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted d

CVE-2023-37932

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in

CVE-2023-37934

An allocation of resources without limits or throttling vulnerability in FortiPAM 1.0 all versions

CVE-2023-38267

IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.

CVE-2023-38607

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An

CVE-2023-38827

Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows

CVE-2023-39853

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive i

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of acce

CVE-2023-40385

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Sa

CVE-2023-40411

This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An a

CVE-2023-40430

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may

CVE-2023-40433

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app

CVE-2023-40437

A privacy issue was addressed with improved private data redaction for log entries. This issue is fi

CVE-2023-40438

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonom

CVE-2023-41069

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 an

CVE-2023-41603

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This

CVE-2023-4164

There is a possible information disclosure due to a missing permission check. This could lead to loc

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly

CVE-2023-41779

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability

CVE-2023-41781

There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input valida

CVE-2023-41782

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file

CVE-2023-41784

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

CVE-2023-41987

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be

CVE-2023-41994

A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera ex

CVE-2023-4246

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-4247

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-4248

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-42829

The issue was addressed with additional restrictions on the observability of app states. This issue

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.

CVE-2023-42862

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven

CVE-2023-42865

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven

CVE-2023-42872

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14,

CVE-2023-42929

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be

CVE-2023-42934

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i

CVE-2023-42941

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An at

CVE-2023-4372

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi'

CVE-2023-45169

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in

CVE-2023-45171

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in

CVE-2023-45173

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in

CVE-2023-45175

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in

CVE-2023-45561

An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications

CVE-2023-46738

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in Cub

CVE-2023-46739

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the C

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found t

CVE-2023-46835

The current setup of the quarantine page tables assumes that thequarantine domain (dom_io) has been

CVE-2023-46836

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (SpeculativeReturn Stack Overflow) are no

CVE-2023-46906

juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a

CVE-2023-47171

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path function

CVE-2023-47216

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resour

CVE-2023-47559

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vu

CVE-2023-47857

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash throu

CVE-2023-47858

Mattermost fails to properly verify the permissions needed for viewing archived public channels,  al

CVE-2023-47993

A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers

CVE-2023-47995

Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap

CVE-2023-47996

An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attacke

CVE-2023-47997

An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an in

CVE-2023-4812

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, a

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths o

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system un

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card

CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of

CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests conta

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate H

CVE-2023-48360

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash throu

CVE-2023-48728

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionalit

CVE-2023-48730

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionali

CVE-2023-48732

Mattermost fails to scope the WebSocket response around notified users to a each user separately res

CVE-2023-48783

An Authorization Bypass Through User-Controlled Key vulnerability affecting PortiPortal version 7.2

CVE-2023-49099

Discourse is a platform for community discussion. Under very specific circumstances, secure upload U

CVE-2023-49135

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash throu

CVE-2023-49258

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker

CVE-2023-49260

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the 'terminal_

CVE-2023-49295

quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker

CVE-2023-49394

Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from fu

CVE-2023-49554

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of se

CVE-2023-49555

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand

CVE-2023-49556

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of s

CVE-2023-49557

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_s

CVE-2023-49558

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand

CVE-2023-4960

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_sto

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup'

CVE-2023-49722

Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to

CVE-2023-49810

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of W

CVE-2023-49862

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa

CVE-2023-49863

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa

CVE-2023-49864

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa

CVE-2023-50019

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific

CVE-2023-50072

A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Pro

CVE-2023-50092

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).

CVE-2023-50093

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.

CVE-2023-50120

MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in t

CVE-2023-50121

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).

CVE-2023-50124

Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials

CVE-2023-50125

A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to

CVE-2023-50126

Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers t

CVE-2023-50127

Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via

CVE-2023-50128

The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio f

CVE-2023-50129

Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a c

CVE-2023-50136

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation fu

CVE-2023-50253

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s

CVE-2023-50333

Mattermost fails to update the permissions of the current session for a user who was just demoted to

CVE-2023-50342

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A us

CVE-2023-50343

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Cer

CVE-2023-50344

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnera

CVE-2023-50345

HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to

CVE-2023-50346

HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints with

CVE-2023-50348

HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application retur

CVE-2023-50609

Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version

CVE-2023-50630

Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to exec

CVE-2023-5091

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user

CVE-2023-50920

An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID aft

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are

CVE-2023-51062

An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE

CVE-2023-51064

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based re

CVE-2023-5118

The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentSe

CVE-2023-51246

A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mod

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online

CVE-2023-5138

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Pri

CVE-2023-51678

Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This

CVE-2023-51744

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used.

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive i

CVE-2023-51805

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain se

CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a c

CVE-2023-51978

In PHPGurukul Art Gallery Management System v1.1, 'Update Artist Image' functionality of 'imageid' p

CVE-2023-52124

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52125

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52126

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Use

CVE-2023-52146

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.Thi

CVE-2023-52148

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatem

CVE-2023-52151

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncan

CVE-2023-52178

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52196

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52197

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52198

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52203

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52213

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52271

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any

CVE-2023-52274

member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.

CVE-2023-52322

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input fr

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploit

CVE-2023-52339

In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing.

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver

CVE-2023-5691

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi

CVE-2023-5770

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an

CVE-2023-5879

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Con

CVE-2023-5911

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and e

CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating exist

CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit un

CVE-2023-6037

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of i

CVE-2023-6129

Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that mig

CVE-2023-6139

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i

CVE-2023-6141

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i

CVE-2023-6147

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to

CVE-2023-6148

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to

CVE-2023-6149

Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected b

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthor

CVE-2023-6161

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before ou

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version

CVE-2023-6242

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of d

CVE-2023-6446

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its playe

CVE-2023-6493

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vu

CVE-2023-6496

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2023-6498

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure

CVE-2023-6520

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to adm

CVE-2023-6551

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing

CVE-2023-6552

Lack of 'current' GET parameter validation during the action of changing a language leads to an open

CVE-2023-6554

When access to the 'admin' folder is not protected by some external authorization mechanisms e.g. Ap

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter

CVE-2023-6556

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Store

CVE-2023-6561

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2023-6594

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2023-6598

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a mis

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to un

CVE-2023-6621

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before ou

CVE-2023-6624

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect mo

CVE-2023-6629

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting

CVE-2023-6637

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modifica

CVE-2023-6638

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of

CVE-2023-6645

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_c

CVE-2023-6684

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2023-6693

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flu

CVE-2023-6733

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2023-6737

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th

CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St

CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauth

CVE-2023-6747

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2023-6751

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mis

CVE-2023-6776

The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Fun

CVE-2023-6781

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2023-6782

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2023-6788

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request

CVE-2023-6798

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2023-6801

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr

CVE-2023-6830

The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and inc

CVE-2023-6842

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder pl

CVE-2023-6855

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W

CVE-2023-6878

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘

CVE-2023-6883

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2023-6924

The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wid

CVE-2023-6934

The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2023-6938

The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom fi

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab acces

CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versio

CVE-2023-6980

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W

CVE-2023-6984

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents

CVE-2023-6988

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p

CVE-2023-6990

The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post m

CVE-2023-6992

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting

CVE-2023-6994

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2023-7019

The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vuln

CVE-2023-7027

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-7044

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2023-7068

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v

CVE-2023-7192

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.

CVE-2023-7215

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.

CVE-2023-7223

A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This

CVE-2023-7226

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this

CVE-2024-0181

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as pro

CVE-2024-0183

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as p

CVE-2024-0184

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as pro

CVE-2024-0189

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as probl

CVE-2024-0190

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problemati

CVE-2024-0191

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as p

CVE-2024-0192

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as cri

CVE-2024-0193

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall elem

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification o

CVE-2024-0226

Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerab

CVE-2024-0246

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects

CVE-2024-0262

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this i

CVE-2024-0266

A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management

CVE-2024-0270

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up

CVE-2024-0271

A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as criti

CVE-2024-0272

A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.

CVE-2024-0273

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as c

CVE-2024-0274

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as cri

CVE-2024-0275

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critic

CVE-2024-0276

A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0.

CVE-2024-0277

A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This

CVE-2024-0278

A vulnerability, which was classified as critical, has been found in Kashipara Food Management Syste

CVE-2024-0279

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up

CVE-2024-0280

A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as criti

CVE-2024-0281

A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.

CVE-2024-0282

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as p

CVE-2024-0283

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as pro

CVE-2024-0284

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as proble

CVE-2024-0286

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management Sy

CVE-2024-0310

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15

CVE-2024-0333

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attac

CVE-2024-0340

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does

CVE-2024-0343

A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Aff

CVE-2024-0345

A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System

CVE-2024-0346

A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic

CVE-2024-0348

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as p

CVE-2024-0349

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as pro

CVE-2024-0350

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as proble

CVE-2024-0422

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared

CVE-2024-0423

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problem

CVE-2024-0424

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. Thi

CVE-2024-0429

A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker co

CVE-2024-0443

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to

CVE-2024-0454

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enume

CVE-2024-0465

A vulnerability classified as problematic was found in code-projects Employee Profile Management Sys

CVE-2024-0467

A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Ma

CVE-2024-20655

Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability

CVE-2024-20660

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2024-20662

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability

CVE-2024-20663

Windows Message Queuing Client (MSMQC) Information Disclosure

CVE-2024-20664

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2024-20675

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-20680

Windows Message Queuing Client (MSMQC) Information Disclosure

CVE-2024-20692

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2024-20694

Windows CoreMessaging Information Disclosure Vulnerability

CVE-2024-20710

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20711

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20712

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20713

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20714

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20715

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to

CVE-2024-20803

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 a

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Andro

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android

CVE-2024-20806

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacke

CVE-2024-20808

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local

CVE-2024-20809

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local

CVE-2024-21305

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

CVE-2024-21311

Windows Cryptographic Services Information Disclosure Vulnerability

CVE-2024-21314

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2024-21316

Windows Server Key Distribution Service Security Feature Bypass

CVE-2024-21337

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21585

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N

CVE-2024-21587

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber manag

CVE-2024-21594

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks

CVE-2024-21596

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks

CVE-2024-21599

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine

CVE-2024-21600

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding En

CVE-2024-21601

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulne

CVE-2024-21603

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Netw

CVE-2024-21607

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200

CVE-2024-21613

A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD)

CVE-2024-21617

An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks J

CVE-2024-21627

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event a

CVE-2024-21628

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is

CVE-2024-21631

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` f

CVE-2024-21636

view_component is a framework for building reusable, testable, and encapsulated view components in R

CVE-2024-21637

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site S

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` rou

CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerab

CVE-2024-21651

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2024-21655

Discourse is a platform for community discussion. For fields that are client editable, limits on siz

CVE-2024-21665

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthori

CVE-2024-21666

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management,

CVE-2024-21667

pimcore/customer-data-framework is the Customer Management Framework for management of customer data

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before

CVE-2024-21732

FlyCms through abbaa5a allows XSS via the permission management feature.

CVE-2024-21734

SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user t

CVE-2024-21736

SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled i

CVE-2024-21744

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-21745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-21747

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unaut

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and un

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauth

CVE-2024-21982

ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a rem

CVE-2024-22048

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnera

CVE-2024-22049

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote a

CVE-2024-22075

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-22142

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachmen

CVE-2024-22165

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Inv

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code si

CVE-2024-22196

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load avera

CVE-2024-22199

This package provides universal methods to use multiple template engines with the Fiber web framewor

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition dur

CVE-2024-22370

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, whic

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, whic

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which

CVE-2024-23171

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through

CVE-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.

CVE-2024-23173

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x be

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39

CVE-2024-23177

An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur vi

CVE-2024-23178

An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i

CVE-2024-23179

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:Gl

CVE-2024-23301

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T