Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-5340 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2019-3738 1 Rsa 2 Bsafe Cert-j, Bsafe Ssl-j 2019-10-15 4.3
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable...
CVE-2015-9476 1 Teardrop Project 1 Teardrop 2019-10-15 6.5
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVE-2010-5336 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2019-17450 1 Gnu 1 Binutils 2019-10-15 4.3
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2015-9477 1 Vernissage Project 1 Vernissage 2019-10-15 6.5
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVE-2018-16202 1 Ionicframework 2 Cordova-plugin-ionic-webview, Ionic Web View 2019-10-15 5.0
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2015-9472 1 Monitorbacklinks 1 Incoming Links 2019-10-15 4.3
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
CVE-2019-1344 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 2.1
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
CVE-2019-15051 1 Softing 3 Uagate 840d Firmware, Uagate Mb Firmware, Uagate Si Firmware 2019-10-15 9.0
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
CVE-2019-17496 1 Craftcms 1 Craft Cms 2019-10-15 4.3
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVE-2015-9480 1 Robot-cpa 1 Robotcpa 2019-10-15 5.0
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
CVE-2018-9062 2019-10-15 7.2
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
CVE-2019-3652 1 Mcafee 1 Endpoint Security 2019-10-15 4.6
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with...
CVE-2019-11528 1 Softing 1 Uagate Si Firmware 2019-10-15 5.0
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
CVE-2019-5507 1 Netapp 1 Snapmanager 2019-10-15 2.1
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
CVE-2019-11527 1 Softing 1 Uagate Si Firmware 2019-10-15 9.0
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVE-2019-17383 1 Netaddr Project 1 Netaddr 2019-10-15 7.5
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
CVE-2019-1314 1 Microsoft 1 Windows 10 Mobile 2019-10-15 4.6
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
CVE-2019-17494 1 Laravel-bjyblog Project 1 Laravel-bjyblog 2019-10-15 4.3
laravel-bjyblog 6.1.1 has XSS via a crafted URL.