Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2020-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2020-5230 | 1 Apereo | 1 Opencast | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | |||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2020-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2020-8093 | 1 Bitdefender | 1 Antivirus | 2020-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2020-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | |||||
| CVE-2020-5219 | 1 Peerigon | 1 Angular-expressions | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | |||||
| CVE-2013-3214 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | |||||
| CVE-2015-3154 | 1 Zend | 1 Zend Framework | 2020-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | |||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2020-01-30 | 6.0 MEDIUM | 7.2 HIGH |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | |||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | |||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| Local file inclusion in WebCalendar before 1.2.5. | |||||
| CVE-2017-5630 | 1 Php | 1 Pear | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | |||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | |||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-01-22 | 6.5 MEDIUM | 7.2 HIGH |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | |||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | |||||
| CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | |||||