Latest CVE Feed
-
4.3
MEDIUMCVE-2007-5624
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.... Read more
Affected Products : nagios- Published: Oct. 23, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2015-6506
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.... Read more
Affected Products : request_tracker- Published: Sep. 03, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2019-2987
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr... Read more
- Published: Oct. 16, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-2910
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne... Read more
- Published: Oct. 16, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-5638
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, whic... Read more
- Published: Oct. 23, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2010-2545
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML t... Read more
Affected Products : cacti- Published: Aug. 23, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2019-18179
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even ... Read more
- Published: Jan. 06, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-19004
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.... Read more
- Published: Feb. 11, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-14834
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.... Read more
- Published: Jan. 07, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-52227
Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.... Read more
Affected Products : mailerlite- Published: Jun. 11, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-4407
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.... Read more
- Published: Sep. 18, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2019-14682
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.... Read more
Affected Products : _better_search_project- Published: Aug. 08, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-6052
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation chrome- Published: Sep. 25, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-6047
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation chrome- Published: Sep. 25, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.... Read more
Affected Products : heat- Published: Nov. 04, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2019-14727
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.... Read more
Affected Products : webpanel- Published: Sep. 10, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-11754
When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.... Read more
Affected Products : firefox- Published: Sep. 27, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-2579
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploi... Read more
- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-12248
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quo... Read more
- Published: Jun. 17, 2019
- Modified: Nov. 21, 2024