Total
334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6245 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.7 Medium |
| SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. | ||||
| CVE-2020-5230 | 1 Apereo | 1 Opencast | 2024-11-21 | 7.7 High |
| Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | ||||
| CVE-2020-0444 | 2 Google, Redhat | 3 Android, Enterprise Linux, Rhel Eus | 2024-11-21 | 7.8 High |
| In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel | ||||
| CVE-2019-6545 | 1 Aveva | 2 Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 7.5 High |
| AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine. | ||||
| CVE-2019-3498 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-11-21 | N/A |
| In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | ||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more | 2024-11-21 | N/A |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | ||||
| CVE-2018-1000130 | 2 Jolokia, Redhat | 2 Webarchive Agent, Jboss Fuse | 2024-11-21 | N/A |
| A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | ||||
| CVE-2016-8615 | 2 Haxx, Redhat | 3 Curl, Jboss Core Services, Rhel Software Collections | 2024-11-21 | N/A |
| A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. | ||||
| CVE-2024-6051 | 2024-10-04 | N/A | ||
| Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. | ||||
| CVE-2024-7438 | 1 Simplemachines | 1 Simple Machines Forum | 2024-09-11 | 4.3 Medium |
| A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7437 | 1 Simplemachines | 2 Simple Machine Forum, Simple Machines Forum | 2024-09-11 | 5.4 Medium |
| A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39362 | 2024-07-02 | 4.4 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2021-47285 | 2024-07-02 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2017-1000500 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||