| ID | CVSS | Sažetak | Zadnje ažurirano | Objavljeno |
|---|---|---|---|---|
| CVE-2012-5959 | 10.0 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbi | 2017-11-03 01:29:00 | 2013-01-31 21:55:00 |
| CVE-2017-14971 | 4.3 | Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific | 2017-11-02 16:44:00 | 2017-10-09 05:29:00 |
| CVE-2017-12620 | 7.5 | When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6. | 2017-11-02 16:39:00 | 2017-10-03 01:29:00 |
| CVE-2017-14498 | 4.3 | SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadFi | 2017-11-02 16:39:00 | 2017-09-15 18:29:00 |
| CVE-2017-1541 | 7.5 | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | 2017-11-02 16:22:00 | 2017-10-04 01:29:00 |
| CVE-2017-1000085 | 4.3 | Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure | 2017-11-02 16:06:00 | 2017-10-05 01:29:00 |
| CVE-2017-1000087 | 4.0 | GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of val | 2017-11-02 15:17:00 | 2017-10-05 01:29:00 |
| CVE-2017-1000088 | 3.5 | The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. | 2017-11-02 15:08:00 | 2017-10-05 01:29:00 |
| CVE-2017-1000090 | 6.8 | Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorizatio | 2017-11-02 14:58:00 | 2017-10-05 01:29:00 |
| CVE-2017-15932 | 6.8 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | 2017-11-02 01:29:00 | 2017-10-27 18:29:00 |
| ID | CVSS | Sažetak | Zadnje ažurirano | Objavljeno |
|---|---|---|---|---|
| CVE-2018-4451 | 9.3 | This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. | 2020-10-30 02:01:00 | 2020-10-27 20:15:00 |
| CVE-2019-8712 | 10.0 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8709 | 9.3 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be abl | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8824 | 9.3 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2018-4452 | 9.3 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Se | 2020-10-30 02:00:00 | 2020-10-27 20:15:00 |
| CVE-2019-8716 | 10.0 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8836 | 9.3 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2019-8740 | 9.3 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. | 2021-07-21 11:39:00 | 2020-10-27 20:15:00 |
| CVE-2020-27976 | 10.0 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | 2020-10-29 23:35:00 | 2020-10-28 15:15:00 |
| CVE-2019-8539 | 9.3 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary co | 2020-10-30 15:13:00 | 2020-10-27 20:15:00 |
Stranica
/29706
Zapisa po stranici: