🍀Informationsportal für Sichterheitslücken Nachrichten
RSS Sicherheitslücken / Exploits abonnieren
Seite 1 von 15 Seiten (Bei Beitrag 1 - 100)
1.486x Beiträge in dieser Kategorie
Weiter 2 | Letzte Seite
[1] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ]
➠ CVE-2021-4261 | pacman-canvas up to 1.0.5 data/db-handler.php addHighscore sql injection
A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php.
➠ CVE-2022-44947 | Rukovoditel 3.2.1 Highlight Row Note cross site scripting (ID 13)
A vulnerability, which was classified as problematic, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality of the
➠ CVE-2022-3462 | Highlight Focus Plugin up to 1.1 on WordPress Setting cross site scripting
A vulnerability has been found in Highlight Focus Plugin up to 1.1 and classified as problematic. This vulnerability affects unknown code of the component
➠ CVE-2022-2310 | Trellix Skyhigh SWG up to 8.2.27/9.2.22/10.2.11/11.2.0 Administration User Interface authentication spoofing
A vulnerability has been found in Trellix Skyhigh SWG up to 8.2.27/9.2.22/10.2.11/11.2.0 and classified as critical. Affected by this vulnerability is
➠ CVE-2007-2067 | WebSlider plugins/highlight.php path Remote Code Execution (XFDB-33689 / EDB-3745)
A vulnerability has been found in WebSlider and classified as critical. Affected by this vulnerability is an unknown functionality of the file plugins/highlight.php.
➠ High CVE-2022-31135: Aceattorneyonline Akashi
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject
➠ High CVE-2022-25048: Control-webpanel Webpanel
➠ High CVE-2022-20859: Cisco Unified communications manager im and presence service
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &
➠ High CVE-2022-25046: Control-webpanel Webpanel
➠ High CVE-2022-20812: Cisco Telepresence video communication server
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server
➠ High CVE-2022-34877: Vicidial Vicidial
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker
➠ High CVE-2022-34878: Vicidial Vicidial
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity,
➠ High CVE-2022-34876: Vicidial Vicidial
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters
➠ High CVE-2022-32973: Tenable Nessus
➠ High CVE-2022-31801: Phoenixcontact Multiprog
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the
➠ High CVE-2021-45918: NHI Health insurance web service component
➠ High CVE-2022-20160: Google Android
➠ High CVE-2022-20164: Google Android
➠ High CVE-2022-20130: Google Android
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code
➠ High CVE-2021-33036: Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary
➠ High CVE-2022-20127: Google Android
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional
➠ High CVE-2022-20123: Google Android
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information
➠ CVE-2015-7327 | Mozilla Firefox up to 40 High Resolution Time API Time information disclosure (ID 86071 / SBV-53212)
A vulnerability classified as problematic was found in Mozilla Firefox up to 40. Affected by this vulnerability is an unknown functionality of the component
➠ High CVE-2022-27511: Citrix Application delivery management
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot,
➠ High CVE-2022-25152: Itarian Saas service desk
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory
➠ High CVE-2019-9972: Debian Debian linux
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem
➠ High CVE-2020-36529: IBM Sevone network performance management
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute
➠ High CVE-2022-1708: Fedoraproject Fedora
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request
➠ High CVE-2019-9971: Debian Debian linux
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump
➠ High CVE-2022-30713: Google Android
➠ High CVE-2022-30710: Google Android
➠ High CVE-2022-30711: Google Android
➠ High CVE-2021-34079: Docker-tester project Docker-tester
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the
➠ High CVE-2021-34080: Ssl-utils project Ssl-utils
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters
➠ High CVE-2021-34081: Gitsome project Gitsome
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target
➠ High CVE-2021-34084: S3-uploader project S3-uploader
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the
➠ High CVE-2021-34078: ADP Lifion-verifiy-dependencies
➠ High CVE-2021-34082: Proctree project Proctree
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers
➠ High CVE-2021-34083: Google-it project Google-it
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in
➠ High CVE-2021-33615: RSA Archer
➠ High CVE-2022-30190: Microsoft Windows server 2012
➠ High CVE-2022-30493: Automotive shop management system project Automotive shop management system
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers
➠ High CVE-2021-0473: Google Android
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with
➠ High CVE-2021-0474: Google Android
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with
➠ High CVE-2021-0475: Google Android
In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over
➠ High CVE-2020-4495: IBM Collaborative lifecycle management
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending
➠ High CVE-2021-20240: Fedoraproject Fedora
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is
➠ High CVE-2021-33525: Eyesofnetwork Eyesofnetwork
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php,
➠ High CVE-2021-29300: Ronomon Opened
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on
➠ High CVE-2020-28900: Nagios Fusion
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or
➠ High CVE-2020-28907: Nagios Fusion
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related
➠ High CVE-2020-28902: Nagios Fusion
➠ High CVE-2020-28901: Nagios Fusion
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component
➠ High CVE-2021-20385: IBM Security guardium
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request,
➠ High CVE-2020-28909: Nagios Fusion
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users
➠ High CVE-2021-33509: Plone Plone
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python
➠ High CVE-2021-32305: Websvn Websvn
➠ High CVE-2021-20309: Imagemagick Imagemagick
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may
➠ High CVE-2021-20312: Imagemagick Imagemagick
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior
➠ High CVE-2021-20310: Imagemagick Imagemagick
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined