| ID | CVSS | Sažetak | Zadnje ažurirano | Objavljeno |
|---|---|---|---|---|
| CVE-2020-35209 | 5.0 | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | 2021-12-21 01:58:00 | 2021-12-16 20:15:00 |
| CVE-2019-19614 | 5.0 | An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed in Release 10.24.11206.1. | 2021-12-21 01:32:00 | 2020-03-09 19:15:00 |
| CVE-2020-3939 | 4.3 | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. | 2021-12-21 01:30:00 | 2020-02-04 05:15:00 |
| CVE-2020-14472 | 7.5 | On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. | 2021-12-21 01:29:00 | 2020-06-24 17:15:00 |
| CVE-2020-7667 | 5.0 | In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directo | 2021-12-21 01:10:00 | 2020-06-24 12:15:00 |
| CVE-2020-7664 | 5.0 | In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | 2021-12-21 01:05:00 | 2020-06-23 19:38:00 |
| CVE-2019-5508 | 5.0 | Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | 2021-12-21 00:55:00 | 2019-10-25 19:15:00 |
| CVE-2019-19611 | 5.0 | An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1 | 2021-12-21 00:54:00 | 2020-03-13 19:15:00 |
| CVE-2020-15771 | 5.0 | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation. | 2021-12-21 00:49:00 | 2020-09-18 14:15:00 |
| CVE-2020-15767 | 2.6 | An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the | 2021-12-21 00:47:00 | 2020-09-18 14:15:00 |
| ID | CVSS | Sažetak | Zadnje ažurirano | Objavljeno |
|---|---|---|---|---|
| CVE-2018-4451 | 9.3 | This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. | 2020-10-30 02:01:00 | 2020-10-27 20:15:00 |
| CVE-2019-8712 | 10.0 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8709 | 9.3 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be abl | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8824 | 9.3 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2018-4452 | 9.3 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Se | 2020-10-30 02:00:00 | 2020-10-27 20:15:00 |
| CVE-2019-8716 | 10.0 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8836 | 9.3 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8740 | 9.3 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2020-27976 | 10.0 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | 2020-10-29 23:35:00 | 2020-10-28 15:15:00 |
| CVE-2019-8539 | 9.3 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary co | 2020-10-30 15:13:00 | 2020-10-27 20:15:00 |
Stranica
/29161
Zapisa po stranici: