Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-19273 |
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. Published: February 04, 2020; 11:15:12 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-9674 |
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. Published: February 04, 2020; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19968 |
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. Published: February 04, 2020; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2013-2678 |
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. Published: February 04, 2020; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-2676 |
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. Published: February 04, 2020; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-7055 |
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure Published: February 04, 2020; 9:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2013-7054 |
D-Link DIR-100 4.03B07: cli.cgi XSS Published: February 04, 2020; 9:15:12 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7053 |
D-Link DIR-100 4.03B07: cli.cgi CSRF Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-7052 |
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2013-7051 |
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-1422 |
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2012-5686 |
ZPanel 10.0.1 has insufficient entropy for its password reset process. Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2012-5618 |
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2011-4912 |
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. Published: February 04, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2011-4937 |
Joomla! 1.7.1 has core information disclosure due to inadequate error checking. Published: February 04, 2020; 8:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2011-3629 |
Joomla! core 1.7.1 allows information disclosure due to weak encryption Published: February 04, 2020; 8:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-3939 |
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. Published: February 04, 2020; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-3938 |
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. Published: February 04, 2020; 12:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-3937 |
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. Published: February 04, 2020; 12:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-5236 |
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible. Published: February 03, 2020; 10:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.8 MEDIUM |