phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
Max CVSS
6.1
EPSS Score
0.11%
Published
2020-03-31
Updated
2024-03-21
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations.
Max CVSS
7.5
EPSS Score
0.10%
Published
2020-03-31
Updated
2020-04-02
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-31
Updated
2021-12-10
An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized.
Max CVSS
6.1
EPSS Score
0.09%
Published
2020-03-30
Updated
2020-04-01
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-03-30
Updated
2020-04-01
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context.
Max CVSS
5.3
EPSS Score
0.13%
Published
2020-03-30
Updated
2021-07-21
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.
Max CVSS
9.1
EPSS Score
0.66%
Published
2020-03-27
Updated
2020-03-31
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-03-27
Updated
2020-03-31
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-03-27
Updated
2020-03-31
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-03-27
Updated
2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-26
Updated
2021-12-07
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
Max CVSS
8.8
EPSS Score
0.79%
Published
2020-03-26
Updated
2021-12-07
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Max CVSS
6.5
EPSS Score
0.15%
Published
2020-03-25
Updated
2022-07-12
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.
Max CVSS
8.1
EPSS Score
0.34%
Published
2020-03-25
Updated
2021-07-21
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
Max CVSS
9.8
EPSS Score
2.22%
Published
2020-03-25
Updated
2020-03-27
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
Max CVSS
7.2
EPSS Score
1.90%
Published
2020-03-25
Updated
2023-02-03
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-03-27
Updated
2020-04-01
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-03-27
Updated
2022-04-22
GitLab through 12.9 is affected by a potential DoS in repository archive download.
Max CVSS
7.5
EPSS Score
0.12%
Published
2020-03-27
Updated
2020-03-31
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
Max CVSS
7.5
EPSS Score
0.17%
Published
2020-03-27
Updated
2020-03-31
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-03-27
Updated
2021-07-21
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-03-24
Updated
2022-04-22
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
Max CVSS
5.9
EPSS Score
0.18%
Published
2020-03-24
Updated
2023-02-24
1754 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!