Total
190 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9862 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | |||||
CVE-2020-27604 | 1 Bigbluebutton | 1 Bigbluebutton | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. | |||||
CVE-2020-24592 | 1 Mitel | 1 Micloud Management Portal | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | |||||
CVE-2020-26283 | 1 Protocol | 1 Go-ipfs | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0. | |||||
CVE-2020-29023 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2023-12-10 | 4.9 MEDIUM | 3.5 LOW |
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3. | |||||
CVE-2021-20405 | 1 Ibm | 1 Security Verify Information Queue | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. | |||||
CVE-2020-25646 | 1 Ansible Collections Project | 1 Community.crypto | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality | |||||
CVE-2020-28954 | 1 Bigbluebutton | 1 Bigbluebutton | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | |||||
CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | |||||
CVE-2020-5304 | 1 Whitesourcesoftware | 1 Whitesource | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries. | |||||
CVE-2020-10960 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). | |||||
CVE-2018-20586 | 1 Bitcoin | 1 Bitcoin Core | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | |||||
CVE-2020-16281 | 1 Rangee | 1 Rangeeos | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | |||||
CVE-2020-13625 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. | |||||
CVE-2017-18892 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | |||||
CVE-2020-24972 | 3 Fedoraproject, Kleopatra Project, Opensuse | 4 Fedora, Kleopatra, Backports Sle and 1 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | |||||
CVE-2019-11325 | 1 Sensiolabs | 1 Symfony | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. | |||||
CVE-2013-2011 | 1 Automattic | 1 W3 Super Cache | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. | |||||
CVE-2019-12675 | 1 Cisco | 17 Firepower 4110, Firepower 4110 Firmware, Firepower 4115 and 14 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. | |||||
CVE-2019-19714 | 1 Contao | 1 Contao | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered. |