| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). |
| Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. |
| Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. |
| Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. |
| A security misconfiguration exists in Combodo iTop, which can expose sensitive information. |
| Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. |
| A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. |
| Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. |
| D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. |
| A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. |
| An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. |
| An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will |
| exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. |
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. |
