Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-11841 | 4.3 |
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain
|
17-06-2023 - 00:15 | 22-05-2019 - 17:29 | |
CVE-2020-7032 | 5.5 |
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM i
|
19-10-2022 - 14:39 | 13-11-2020 - 01:15 | |
CVE-2020-8466 | 7.5 |
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated passw
|
21-07-2021 - 11:39 | 17-12-2020 - 21:15 | |
CVE-2020-8463 | 5.0 |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
|
21-07-2021 - 11:39 | 17-12-2020 - 21:15 | |
CVE-2020-8465 | 10.0 |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user
|
21-07-2021 - 11:39 | 17-12-2020 - 21:15 | |
CVE-2020-27017 | 4.0 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already hav
|
21-07-2021 - 11:39 | 09-11-2020 - 23:15 | |
CVE-2020-27019 | 2.1 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
|
21-07-2021 - 11:39 | 09-11-2020 - 23:15 | |
CVE-2020-27181 | 6.4 |
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.
|
21-07-2021 - 11:39 | 27-10-2020 - 05:15 | |
CVE-2020-27183 | 7.5 |
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified o
|
21-07-2021 - 11:39 | 27-10-2020 - 05:15 | |
CVE-2020-27180 | 5.0 |
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
|
21-07-2021 - 11:39 | 27-10-2020 - 05:15 | |
CVE-2019-9155 | 4.3 |
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private ke
|
21-07-2021 - 11:39 | 22-08-2019 - 16:15 | |
CVE-2019-19459 | 7.5 |
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker
|
21-07-2021 - 11:39 | 03-12-2019 - 20:15 | |
CVE-2020-15593 | 7.2 |
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different p
|
21-07-2021 - 11:39 | 27-07-2020 - 14:15 | |
CVE-2020-11956 | 10.0 |
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation.
|
21-07-2021 - 11:39 | 14-07-2020 - 14:15 | |
CVE-2020-11952 | 4.9 |
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu.
|
21-07-2021 - 11:39 | 14-07-2020 - 13:15 | |
CVE-2019-6504 | 4.3 |
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
|
07-04-2021 - 18:13 | 06-02-2019 - 00:29 | |
CVE-2021-23838 | 3.5 |
An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper
|
22-01-2021 - 17:34 | 15-01-2021 - 07:15 | |
CVE-2021-23837 | 4.0 |
An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the spe
|
22-01-2021 - 17:27 | 15-01-2021 - 07:15 | |
CVE-2021-23836 | 3.5 |
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected par
|
22-01-2021 - 16:56 | 15-01-2021 - 07:15 | |
CVE-2021-23835 | 4.0 |
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected paramete
|
22-01-2021 - 16:14 | 15-01-2021 - 07:15 | |
CVE-2020-8464 | 5.0 |
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have acce
|
22-12-2020 - 17:32 | 17-12-2020 - 21:15 | |
CVE-2020-8462 | 3.5 |
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
|
21-12-2020 - 21:27 | 17-12-2020 - 21:15 | |
CVE-2020-8461 | 6.8 |
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
|
21-12-2020 - 21:25 | 17-12-2020 - 21:15 | |
CVE-2020-27016 | 6.8 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing a
|
24-11-2020 - 18:27 | 09-11-2020 - 23:15 | |
CVE-2020-27018 | 2.1 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or par
|
24-11-2020 - 18:26 | 09-11-2020 - 23:15 | |
CVE-2020-27693 | 2.1 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
|
24-11-2020 - 18:18 | 09-11-2020 - 23:15 | |
CVE-2020-27694 | 6.5 |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
|
24-11-2020 - 18:17 | 09-11-2020 - 23:15 | |
CVE-2020-27179 | 7.5 |
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
|
02-11-2020 - 16:08 | 27-10-2020 - 05:15 | |
CVE-2020-26583 | 4.3 |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vuln
|
29-10-2020 - 19:46 | 16-10-2020 - 06:15 | |
CVE-2020-26584 | 4.3 |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript
|
27-10-2020 - 19:04 | 16-10-2020 - 06:15 | |
CVE-2020-27182 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
|
27-10-2020 - 16:27 | 27-10-2020 - 05:15 | |
CVE-2019-10679 | 7.2 |
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
|
11-09-2020 - 14:27 | 03-09-2020 - 15:15 | |
CVE-2018-1000035 | 6.8 |
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
|
24-08-2020 - 17:37 | 09-02-2018 - 23:29 | |
CVE-2018-1000031 | 6.8 |
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
|
24-08-2020 - 17:37 | 09-02-2018 - 23:29 | |
CVE-2018-1000032 | 6.8 |
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
|
24-08-2020 - 17:37 | 09-02-2018 - 23:29 | |
CVE-2020-17450 | 4.3 |
PHP-Fusion 9.03 allows XSS on the preview page.
|
13-08-2020 - 17:13 | 12-08-2020 - 22:15 | |
CVE-2020-17449 | 3.5 |
PHP-Fusion 9.03 allows XSS via the error_log file.
|
13-08-2020 - 17:13 | 12-08-2020 - 22:15 | |
CVE-2020-17452 | 9.0 |
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
|
10-08-2020 - 17:27 | 09-08-2020 - 19:15 | |
CVE-2020-17451 | 3.5 |
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs
|
10-08-2020 - 17:06 | 09-08-2020 - 19:15 | |
CVE-2020-15592 | 5.0 |
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It dist
|
30-07-2020 - 19:34 | 27-07-2020 - 14:15 | |
CVE-2020-11955 | 9.0 |
An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions.
|
17-07-2020 - 15:13 | 14-07-2020 - 14:15 | |
CVE-2020-11953 | 9.0 |
An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code.
|
17-07-2020 - 14:19 | 14-07-2020 - 14:15 | |
CVE-2020-11951 | 10.0 |
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account.
|
17-07-2020 - 14:07 | 14-07-2020 - 13:15 | |
CVE-2020-7210 | 4.3 |
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
|
06-02-2020 - 19:44 | 23-01-2020 - 13:15 | |
CVE-2020-6843 | 3.5 |
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
|
27-01-2020 - 19:57 | 23-01-2020 - 15:15 | |
CVE-2019-19229 | 4.0 |
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
|
16-12-2019 - 19:24 | 04-12-2019 - 19:15 | |
CVE-2019-19228 | 5.0 |
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
|
16-12-2019 - 14:10 | 04-12-2019 - 19:15 | |
CVE-2019-19460 | 6.6 |
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458
|
13-12-2019 - 15:50 | 03-12-2019 - 19:15 | |
CVE-2019-19458 | 5.0 |
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
|
11-12-2019 - 02:57 | 03-12-2019 - 20:15 | |
CVE-2019-19457 | 3.5 |
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
|
11-12-2019 - 02:53 | 03-12-2019 - 20:15 | |
CVE-2015-7276 | 4.3 |
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
|
08-11-2019 - 19:42 | 06-11-2019 - 16:15 | |
CVE-2019-18632 | 7.5 |
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
|
05-11-2019 - 16:33 | 30-10-2019 - 22:15 | |
CVE-2019-18633 | 7.5 |
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
|
05-11-2019 - 16:31 | 30-10-2019 - 22:15 | |
CVE-2017-3216 | 10.0 |
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password
|
09-10-2019 - 23:27 | 20-06-2017 - 00:29 | |
CVE-2018-8710 | 7.5 |
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function
|
03-10-2019 - 00:03 | 14-03-2018 - 19:29 | |
CVE-2019-9153 | 5.0 |
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
|
30-08-2019 - 12:52 | 22-08-2019 - 16:15 | |
CVE-2019-9154 | 5.0 |
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
|
30-08-2019 - 12:51 | 22-08-2019 - 16:15 | |
CVE-2019-12581 | 4.3 |
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
|
28-06-2019 - 17:28 | 27-06-2019 - 15:15 | |
CVE-2018-8711 | 7.5 |
A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input v
|
12-04-2018 - 15:06 | 14-03-2018 - 19:29 | |
CVE-2018-1000034 | 6.4 |
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
|
26-02-2018 - 19:11 | 09-02-2018 - 23:29 | |
CVE-2018-1000033 | 6.4 |
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
|
26-02-2018 - 18:41 | 09-02-2018 - 23:29 |