| Page(s) : 1 ... 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 ... | Result(s) : 173178 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.7 | 2020-07-29 | VU#174059 | VU-CERT | GRUB2 bootloader is vulnerable to buffer overflow |
| 6.5 | 2020-07-29 | CVE-2020-9692 | cve | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 9.6 | 2020-07-29 | CVE-2020-9691 | cve | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 4.2 | 2020-07-29 | CVE-2020-9690 | cve | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification... |
| 6.5 | 2020-07-29 | CVE-2020-9689 | cve | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. |
| 9.8 | 2020-07-29 | CVE-2020-7698 | cve | This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. |
| 9.8 | 2020-07-29 | CVE-2020-7697 | cve | This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(moc... |
| 8.8 | 2020-07-29 | CVE-2020-14493 | cve | A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands. |
| 6.1 | 2020-07-29 | CVE-2020-14492 | cve | OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. |
| 8.8 | 2020-07-29 | CVE-2020-14490 | cve | OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the ex... |
| 7.5 | 2020-07-29 | CVE-2020-14489 | cve | OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. |
| 5.3 | 2020-07-29 | CVE-2020-5614 | cve | Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
| 6.1 | 2020-07-29 | CVE-2020-5613 | cve | Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. |
| 6.1 | 2020-07-29 | CVE-2020-5612 | cve | Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. |
| 7.5 | 2020-07-28 | CVE-2020-6098 | cve | An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corrupti... |
| 7.5 | 2020-07-28 | CVE-2020-13997 | cve | In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. |
| 5.4 | 2020-07-28 | CVE-2020-13971 | cve | In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An... |
| 8.8 | 2020-07-28 | CVE-2020-13970 | cve | Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, F... |
| 7.2 | 2020-07-28 | CVE-2020-11476 | cve | Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. |
| 7.8 | 2020-07-28 | CVE-2020-11474 | cve | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. |
| Page(s) : 1 ... 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 ... | Result(s) : 173178 |
