Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9062 | 1 Lenovo | 97 20hm, 20hn, 20hq and 94 more | 2019-10-15 | 7.2 HIGH | 6.8 MEDIUM |
| In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | |||||
| CVE-2019-4558 | 1 Ibm | 1 Spectrum Scale | 2019-10-11 | 7.2 HIGH | 7.8 HIGH |
| A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | |||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | |||||
| CVE-2019-11277 | 1 Cloudfoundry | 2 Cf-deployment, Nfs Volume Release | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | |||||
| CVE-2018-1943 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385. | |||||
| CVE-2018-1896 | 1 Ibm | 1 Connections | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. | |||||
| CVE-2018-18996 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | |||||
| CVE-2018-18992 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | |||||
| CVE-2018-16492 | 1 Extend Project | 1 Extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | |||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |||||
| CVE-2017-6031 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. | |||||
| CVE-2017-6015 | 1 Rockwellautomation | 1 Factorytalk Activation | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. | |||||
| CVE-2017-1202 | 1 Ibm | 1 Bigfix Compliance | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677. | |||||
| CVE-2017-1115 | 1 Ibm | 1 Campaign | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153. | |||||
| CVE-2017-16766 | 1 Synology | 1 Diskstation Manager | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | |||||
| CVE-2017-16719 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. | |||||
| CVE-2017-16043 | 1 Shout Project | 1 Shout | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3. | |||||