Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1248 | 3 Debian, Redhat, Vim | 3 Debian Linux, Enterprise Linux, Vim | 2025-04-12 | N/A |
| vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | ||||
| CVE-2014-2972 | 1 Exim | 1 Exim | 2025-04-12 | N/A |
| expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | ||||
| CVE-2014-2532 | 3 Openbsd, Oracle, Redhat | 3 Openssh, Communications User Data Repository, Enterprise Linux | 2025-04-12 | N/A |
| sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||||
| CVE-2013-1968 | 5 Apache, Canonical, Collabnet and 2 more | 5 Subversion, Ubuntu Linux, Subversion and 2 more | 2025-04-11 | N/A |
| Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | ||||
| CVE-2012-2694 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. | ||||
| CVE-2023-22288 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-26 | 6.8 Medium |
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | ||||
| CVE-2022-2429 | 1 Ultimatesmsnotifications | 1 Ultimate Sms Notifications For Woocommerce | 2025-01-31 | 6.5 Medium |
| The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2023-7012 | 1 Google | 1 Chrome | 2024-12-26 | 9.6 Critical |
| Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2022-0024 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 High |
| A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. | ||||
| CVE-2020-24386 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 6.8 Medium |
| An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||||
| CVE-2020-15658 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-12415 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.5 Medium |
| When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | ||||
| CVE-2020-10960 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). | ||||
| CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
| CVE-2019-11718 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 5.3 Medium |
| Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11717 | 5 Debian, Mozilla, Novell and 2 more | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 5.3 Medium |
| A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | ||||
| CVE-2019-10906 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 9 Ubuntu Linux, Fedora, Leap and 6 more | 2024-11-21 | 8.6 High |
| In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | ||||
| CVE-2018-6791 | 2 Debian, Kde | 2 Debian Linux, Plasma-workspace | 2024-11-21 | N/A |
| An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. | ||||
| CVE-2018-1274 | 1 Pivotal Software | 2 Spring Data Commons, Spring Data Rest | 2024-11-21 | N/A |
| Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). | ||||
| CVE-2017-0368 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | ||||