Total
263017 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-22780 | 1 Zoom | 1 Meetings | 2024-09-16 | 4.7 Medium |
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. | ||||
CVE-2014-5248 | 1 Mybb | 1 Mybb | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. | ||||
CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2024-09-16 | N/A |
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | ||||
CVE-2020-7038 | 1 Avaya | 1 Equinox Conferencing | 2024-09-16 | 7.5 High |
A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. | ||||
CVE-2018-10469 | 1 B3log | 1 Symphony | 2024-09-16 | N/A |
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | ||||
CVE-2012-2701 | 2024-09-16 | N/A | ||
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2341. Reason: This candidate is a duplicate of CVE-2012-2341. Notes: All CVE users should reference CVE-2012-2341 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
CVE-2020-4719 | 1 Ibm | 1 Cloud Application Performance Management | 2024-09-16 | 4.9 Medium |
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861. | ||||
CVE-2021-20486 | 3 Ibm, Linux, Redhat | 3 Cloud Pak For Data, Linux Kernel, Enterprise Linux | 2024-09-16 | 6.5 Medium |
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. | ||||
CVE-2018-12414 | 1 Tibco | 5 Rendezvous, Rendezvous For Z\/linux, Rendezvous For Z\/os and 2 more | 2024-09-16 | N/A |
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. | ||||
CVE-2021-36309 | 1 Dell | 1 Enterprise Sonic Os | 2024-09-16 | 7.1 High |
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks. | ||||
CVE-2014-4853 | 1 Opendocman | 1 Opendocman | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. | ||||
CVE-2020-3472 | 1 Cisco | 1 Webex Meetings Online | 2024-09-16 | 5 Medium |
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. | ||||
CVE-2014-9958 | 1 Google | 1 Android | 2024-09-16 | N/A |
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | ||||
CVE-2018-5509 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-09-16 | N/A |
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. | ||||
CVE-2018-20251 | 1 Rarlab | 1 Winrar | 2024-09-16 | N/A |
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system. | ||||
CVE-2021-33609 | 1 Vaadin | 1 Vaadin | 2024-09-16 | 4.3 Medium |
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data. | ||||
CVE-2007-5167 | 1 Phplister | 1 Phplister | 2024-09-16 | N/A |
PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter. | ||||
CVE-2020-4202 | 1 Ibm | 1 Urbancode Deploy | 2024-09-16 | 8.8 High |
IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955. | ||||
CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2024-09-16 | N/A |
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2024-09-16 | N/A |
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. |