Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13175 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2020-08-14 | 7.5 High |
| The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | ||||
| CVE-2018-17246 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2020-08-14 | N/A |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2020-10865 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2020-04-02 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process. | ||||
| CVE-2018-1122 | 3 Canonical, Debian, Procps-ng Project | 3 Ubuntu Linux, Debian Linux, Procps-ng | 2020-02-25 | N/A |
| procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. | ||||
| CVE-2020-8128 | 1 Jsreport | 1 Jsreport | 2020-02-20 | 9.8 Critical |
| An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | ||||
| CVE-2013-4582 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-04 | 6.5 Medium |
| The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | ||||
| CVE-2013-3321 | 1 Netapp | 1 Oncommand System Manager | 2020-01-31 | 7.5 High |
| NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | ||||
| CVE-2012-4919 | 1 Gallery Project | 1 Gallery | 2020-01-24 | 9.8 Critical |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | ||||
| CVE-2019-11742 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-11-25 | 6.5 Medium |
| A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
| CVE-2013-1945 | 1 Ruby-lang | 1 Ruby193 | 2019-11-06 | 3.3 Low |
| ruby193 uses an insecure LD_LIBRARY_PATH setting. | ||||
| CVE-2019-10248 | 1 Eclipse | 1 Vorto | 2019-10-09 | N/A |
| Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected. | ||||
| CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | N/A |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | ||||
| CVE-2018-15486 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2019-10-03 | N/A |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. | ||||
| CVE-2018-18387 | 1 Playsms Project | 1 Playsms | 2019-10-03 | N/A |
| playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | ||||
| CVE-2017-1376 | 1 Ibm | 1 Operations Analytics Predictive Insights | 2019-10-03 | N/A |
| A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. | ||||
| CVE-2018-1000502 | 1 Mybb | 1 Mybb | 2019-10-03 | N/A |
| MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15. | ||||
| CVE-2017-6381 | 1 Drupal | 1 Drupal | 2019-10-03 | N/A |
| A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments | ||||
| CVE-2017-5397 | 1 Mozilla | 1 Firefox | 2019-10-03 | N/A |
| The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. | ||||