Latest CVE Feed
-
4.3
MEDIUMCVE-2020-6435
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.... Read more
- Published: Apr. 13, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-5947
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Onl... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +9 more products- Published: Nov. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-4029
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vuln... Read more
- Published: Jul. 01, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-32056
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.... Read more
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-3782
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without ty... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_server_tus enterprise_linux_eus software_collections enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus postgresql enterprise_linux_for_ibm_z_systems +6 more products- Published: Dec. 10, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-5851
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Nov. 01, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-7282
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Sep. 23, 2024
- Modified: Jan. 02, 2025
-
4.3
MEDIUMCVE-2024-54020
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.... Read more
Affected Products : fortimanager- Published: May. 28, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2020-27763
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application ... Read more
- Published: Dec. 03, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-2773
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticat... Read more
Affected Products : ubuntu_linux fedora debian_linux leap active_iq_unified_manager cloud_backup oncommand_insight oncommand_workflow_automation jdk jre +11 more products- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31929
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals.... Read more
Affected Products : loyalty_experience_platform- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-2659
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacke... Read more
- Published: Jan. 15, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-35249
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This... Read more
Affected Products : serv-u- Published: May. 17, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.... Read more
Affected Products : job_and_node_ownership- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-27659
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMU... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: May. 05, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2010-2172
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.... Read more
Affected Products : flash_player- Published: Jun. 15, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2009-4344
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Dec. 17, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-4347
Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more
Affected Products : daloradius- Published: Dec. 17, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2007-4349
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via ... Read more
- Published: Oct. 23, 2008
- Modified: Apr. 09, 2025