Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7695 | 1 Encode | 1 Uvicorn | 2024-09-17 | 5.3 Medium |
| Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. | ||||
| CVE-2019-4461 | 1 Ibm | 1 Cloud Orchestrator | 2024-09-17 | 5.4 Medium |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. | ||||
| CVE-2019-9614 | 1 Ofcms Project | 1 Ofcms | 2024-09-16 | N/A |
| An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command. | ||||
| CVE-2021-29702 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-09-16 | 7.5 High |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. | ||||
| CVE-2021-28829 | 1 Tibco | 1 Administrator | 2024-09-16 | 6.5 Medium |
| The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1. | ||||
| CVE-2015-7309 | 1 Boltcms | 1 Bolt | 2024-09-16 | N/A |
| The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | ||||
| CVE-2019-1939 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2024-09-16 | 8.8 High |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | ||||
| CVE-2019-11282 | 2 Cloudfoundry, Pivotal Software | 2 Cf-deployment, Cloud Foundry Uaa | 2024-09-16 | 4.3 Medium |
| Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. | ||||
| CVE-2021-20574 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-09-16 | 8.8 High |
| IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. | ||||
| CVE-2020-28468 | 1 Pwntools Project | 1 Pwntools | 2024-09-16 | 8.1 High |
| This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution. | ||||
| CVE-2021-29084 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2024-09-16 | 7.5 High |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-1000453 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | ||||
| CVE-2021-23400 | 1 Nodemailer | 1 Nodemailer | 2024-09-16 | 6.3 Medium |
| The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | ||||
| CVE-2018-18996 | 1 Lcds | 1 Laquis Scada | 2024-09-16 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | ||||
| CVE-2018-1474 | 1 Ibm | 1 Bigfix Platform | 2024-09-16 | N/A |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692. | ||||
| CVE-2020-12965 | 1 Amd | 126 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 123 more | 2024-09-16 | 7.5 High |
| When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | ||||
| CVE-2022-23064 | 1 Snipeitapp | 1 Snipe-it | 2024-09-16 | 8.8 High |
| In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. | ||||
| CVE-2017-15714 | 1 Apache | 1 Ofbiz | 2024-09-16 | N/A |
| The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. | ||||
| CVE-2021-26068 | 1 Atlassian | 1 Jira Server For Slack | 2024-09-16 | 8.8 High |
| An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | ||||
| CVE-2019-11581 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. | ||||