| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8267 | Hig | 0.49 | 7.5 | 0.02 | Mar 8, 2019 | UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. | ||
| CVE-2019-1003039 | Hig | 0.57 | 8.8 | 0.01 | Mar 8, 2019 | An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to… | ||
| CVE-2019-1003038 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,… | ||
| CVE-2019-1003033 | Hig | 0.50 | 8.8 | 0.03 | Mar 8, 2019 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | ||
| CVE-2017-3164 | Hig | 0.50 | 7.5 | 0.19 | Mar 8, 2019 | Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. | ||
| CVE-2019-5015 | Hig | 0.51 | 7.8 | 0.01 | Mar 8, 2019 | A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a… | ||
| CVE-2019-1606 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI… | ||
| CVE-2019-1605 | Hig | 0.51 | 7.8 | 0.01 | Mar 8, 2019 | A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a… | ||
| CVE-2018-4054 | Hig | 0.51 | 7.8 | 0.01 | Mar 8, 2019 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine… | ||
| CVE-2019-9627 | Hig | 0.46 | 7.0 | 0.00 | Mar 8, 2019 | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | ||
| CVE-2019-1604 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated… | ||
| CVE-2019-1603 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by… | ||
| CVE-2019-1602 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem… | ||
| CVE-2019-1601 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2019 | A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted… | ||
| CVE-2018-20236 | Hig | 0.58 | 8.8 | 0.06 | Mar 8, 2019 | There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | ||
| CVE-2018-20235 | Hig | 0.58 | 8.8 | 0.07 | Mar 8, 2019 | There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to… | ||
| CVE-2018-20234 | Hig | 0.58 | 8.8 | 0.06 | Mar 8, 2019 | There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit… | ||
| CVE-2019-3780 | Hig | 0.57 | 8.8 | 0.01 | Mar 8, 2019 | Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the… | ||
| CVE-2019-3779 | Hig | 0.57 | 8.8 | 0.01 | Mar 8, 2019 | Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate… | ||
| CVE-2019-9634 | Hig | 0.51 | 7.8 | 0.03 | Mar 8, 2019 | Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | ||
| CVE-2019-9632 | Hig | 0.52 | 7.5 | 0.40 | Mar 8, 2019 | ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. | ||
| CVE-2019-9185 | Hig | 0.00 | 8.8 | 0.03 | Mar 7, 2019 | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | ||
| CVE-2019-8437 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. | ||
| CVE-2019-7175 | Hig | 0.42 | 7.5 | 0.03 | Mar 7, 2019 | In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. | ||
| CVE-2019-6710 | Hig | 0.60 | 8.8 | 0.03 | Mar 7, 2019 | Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | ||
| CVE-2018-18449 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. | ||
| CVE-2018-17429 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | ||
| CVE-2018-17420 | Hig | 0.47 | 7.2 | 0.01 | Mar 7, 2019 | An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | ||
| CVE-2018-17419 | Hig | 0.42 | 7.5 | 0.02 | Mar 7, 2019 | An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||
| CVE-2018-17418 | Hig | 0.47 | 7.2 | 0.03 | Mar 7, 2019 | Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | ||
| CVE-2018-17416 | Hig | 0.47 | 7.2 | 0.01 | Mar 7, 2019 | A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | ||
| CVE-2018-17415 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | ||
| CVE-2018-17414 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | ||
| CVE-2017-12447 | Hig | 0.51 | 7.8 | 0.01 | Mar 7, 2019 | GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | ||
| CVE-2013-7468 | Hig | 0.53 | 8.1 | 0.02 | Mar 7, 2019 | Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. | ||
| CVE-2013-7466 | Hig | 0.58 | 8.8 | 0.04 | Mar 7, 2019 | Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | ||
| CVE-2019-8986 | Hig | 0.50 | 7.7 | 0.01 | Mar 7, 2019 | The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected… | ||
| CVE-2018-18816 | Hig | 0.52 | 8.0 | 0.01 | Mar 7, 2019 | The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a… | ||
| CVE-2018-18808 | Hig | 0.57 | 8.8 | 0.02 | Mar 7, 2019 | The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS… | ||
| CVE-2019-1599 | Hig | 0.57 | 8.6 | 0.14 | Mar 7, 2019 | A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack.… | ||
| CVE-2019-1598 | Hig | 0.56 | 8.6 | 0.03 | Mar 7, 2019 | Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service… | ||
| CVE-2019-1597 | Hig | 0.56 | 8.6 | 0.03 | Mar 7, 2019 | Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service… | ||
| CVE-2019-1596 | Hig | 0.51 | 7.8 | 0.00 | Mar 7, 2019 | A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a… | ||
| CVE-2019-3784 | Hig | 0.53 | 8.2 | 0.01 | Mar 7, 2019 | Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the… | ||
| CVE-2019-3783 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | ||
| CVE-2019-3781 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2019 | Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. | ||
| CVE-2019-3777 | Hig | 0.52 | 8.0 | 0.02 | Mar 7, 2019 | Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's… | ||
| CVE-2019-3776 | Hig | 0.47 | 7.2 | 0.01 | Mar 7, 2019 | Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user… | ||
| CVE-2019-3775 | Hig | 0.46 | 7.1 | 0.01 | Mar 7, 2019 | Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. | ||
| CVE-2019-3712 | Hig | 0.53 | 8.2 | 0.01 | Mar 7, 2019 | Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with… |
- risk 0.49cvss 7.5epss 0.02
UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.
- risk 0.57cvss 8.8epss 0.01
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to…
- risk 0.51cvss 7.8epss 0.00
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,…
- risk 0.50cvss 8.8epss 0.03
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
- risk 0.50cvss 7.5epss 0.19
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
- risk 0.51cvss 7.8epss 0.01
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI…
- risk 0.51cvss 7.8epss 0.01
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a…
- risk 0.51cvss 7.8epss 0.01
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine…
- risk 0.46cvss 7.0epss 0.00
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted…
- risk 0.58cvss 8.8epss 0.06
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.
- risk 0.58cvss 8.8epss 0.07
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to…
- risk 0.58cvss 8.8epss 0.06
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit…
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the…
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate…
- risk 0.51cvss 7.8epss 0.03
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
- risk 0.52cvss 7.5epss 0.40
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
- risk 0.00cvss 8.8epss 0.03
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
- risk 0.57cvss 8.8epss 0.01
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.
- risk 0.42cvss 7.5epss 0.03
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
- risk 0.60cvss 8.8epss 0.03
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
- risk 0.57cvss 8.8epss 0.01
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
- risk 0.57cvss 8.8epss 0.01
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.
- risk 0.47cvss 7.2epss 0.03
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
- risk 0.47cvss 7.2epss 0.01
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.
- risk 0.57cvss 8.8epss 0.01
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
- risk 0.57cvss 8.8epss 0.01
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
- risk 0.51cvss 7.8epss 0.01
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
- risk 0.53cvss 8.1epss 0.02
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
- risk 0.58cvss 8.8epss 0.04
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
- risk 0.50cvss 7.7epss 0.01
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected…
- risk 0.52cvss 8.0epss 0.01
The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a…
- risk 0.57cvss 8.8epss 0.02
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS…
- risk 0.57cvss 8.6epss 0.14
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack.…
- risk 0.56cvss 8.6epss 0.03
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service…
- risk 0.56cvss 8.6epss 0.03
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a…
- risk 0.53cvss 8.2epss 0.01
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the…
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
- risk 0.52cvss 8.0epss 0.02
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's…
- risk 0.47cvss 7.2epss 0.01
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user…
- risk 0.46cvss 7.1epss 0.01
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
- risk 0.53cvss 8.2epss 0.01
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with…