Vulnerabilities (CVE)

Total 211446 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3626 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-3598 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2022-3052 2 Fedoraproject, Google 4 Fedora, Chrome, Chrome Os and 1 more 2023-03-31 N/A 8.8 HIGH
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3051 2 Fedoraproject, Google 4 Fedora, Chrome, Chrome Os and 1 more 2023-03-31 N/A 8.8 HIGH
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2023-1088 1 Hasthemes 1 Wp Plugin Manager 2023-03-31 N/A 4.3 MEDIUM
The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2022-36379 1 Yookassa 1 Yukassa For Woocommerce 2023-03-31 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.
CVE-2020-36499 1 Taotesting 1 Tao Assessment Platform 2023-03-31 3.5 LOW 5.4 MEDIUM
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.
CVE-2020-18754 1 Dcce 2 Mac1100 Plc, Mac1100 Plc Firmware 2023-03-31 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
CVE-2019-11274 1 Cloudfoundry 1 User Account And Authentication 2023-03-31 4.3 MEDIUM 6.1 MEDIUM
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.
CVE-2018-1987 1 Ibm 1 Data Protection 2023-03-31 1.9 LOW 7.8 HIGH
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.
CVE-2023-0491 1 Schedulicity 1 Schedulicity 2023-03-31 N/A 5.4 MEDIUM
The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2019-1935 1 Cisco 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data 2023-03-31 10.0 HIGH 9.8 CRITICAL
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
CVE-2019-1900 1 Cisco 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more 2023-03-31 7.8 HIGH 7.5 HIGH
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
CVE-2019-1896 1 Cisco 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more 2023-03-31 9.0 HIGH 7.2 HIGH
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.
CVE-2019-1885 1 Cisco 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more 2023-03-31 9.0 HIGH 7.2 HIGH
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.
CVE-2019-1883 1 Cisco 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more 2023-03-31 7.2 HIGH 7.8 HIGH
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
CVE-2019-1865 1 Cisco 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more 2023-03-31 9.0 HIGH 8.8 HIGH
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
CVE-2019-1864 1 Cisco 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more 2023-03-31 9.0 HIGH 8.8 HIGH
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.
CVE-2016-10894 2 Debian, Xtrlock Project 2 Debian Linux, Xtrlock 2023-03-31 2.1 LOW 4.6 MEDIUM
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
CVE-2023-1087 1 Hasthemes 1 Wc Sales Notification 2023-03-31 N/A 4.3 MEDIUM
The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack