Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 ...Result(s) : 139276

Alerts Feed Alerts

DateNameCategoriesDetail
92018-12-15GLSA-201812-06Gentoo CouchDB: Multiple vulnerabilities
N/A2018-12-15CVE-2018-20161cve A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the mot...
N/A2018-12-15CVE-2018-20159cve i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to up...
N/A2018-12-14CVE-2018-20157cve The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
N/A2018-12-14CVE-2018-20156cve The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
N/A2018-12-14CVE-2018-20155cve The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.
N/A2018-12-14CVE-2018-20154cve The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
N/A2018-12-14CVE-2018-20153cve In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
N/A2018-12-14CVE-2018-20152cve In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
N/A2018-12-14CVE-2018-20151cve In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search ...
N/A2018-12-14CVE-2018-20150cve In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
N/A2018-12-14CVE-2018-20149cve In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to X...
N/A2018-12-14CVE-2018-20148cve In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by ...
N/A2018-12-14CVE-2018-20147cve In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
N/A2018-12-14CVE-2018-19007cve In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as r...
N/A2018-12-14CVE-2018-1977cve IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerabil...
N/A2018-12-14CVE-2018-19413cve A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web a...
N/A2018-12-14CVE-2018-19003cve GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS210...
N/A2018-12-14CVE-2018-18984cve Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the follow...
N/A2018-12-14CVE-2018-1848cve IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th...
Page(s) : 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 ...Result(s) : 139276