The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-4138 | Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | -- | May 14, 2024 | n/a |
| CVE-2024-4139 | Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | -- | May 14, 2024 | n/a |
| CVE-2021-43689 | manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. | MEDIUM | Dec 2, 2021 | n/a |
| CVE-2019-11674 | Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | MEDIUM | Oct 24, 2019 | n/a |
| CVE-2017-14361 | Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | MEDIUM | Dec 12, 2017 | n/a |
| CVE-2015-8987 | Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | Low | Mar 23, 2017 | n/a |
| CVE-2018-25078 | man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) | -- | Jan 27, 2023 | n/a |
| CVE-2018-14429 | man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | MEDIUM | Aug 14, 2018 | n/a |
| CVE-2023-4885 | Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | -- | Oct 5, 2023 | n/a |
| CVE-2011-2499 | Mambo CMS through 4.6.5 has multiple XSS. | MEDIUM | Feb 12, 2020 | n/a |
| CVE-2013-2563 | Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | Low | Jun 10, 2014 | n/a |
| CVE-2013-2562 | Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | Low | Jun 10, 2014 | n/a |
| CVE-2013-2564 | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | Medium | Jun 10, 2014 | n/a |
| CVE-2011-3754 | Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | Medium | Sep 25, 2011 | n/a |
| CVE-2024-25089 | Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | -- | Feb 5, 2024 | n/a |
| CVE-2023-27469 | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a \'\\0\' character. | -- | Jul 7, 2023 | n/a |
| CVE-2023-28892 | Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\\AdwCleaner\\Logs\\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | -- | Apr 1, 2023 | n/a |
| CVE-2015-5721 | Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | High | Sep 6, 2016 | n/a |
| CVE-2020-24656 | Maltego before 4.2.12 allows XXE attacks. | MEDIUM | Aug 28, 2020 | n/a |
| CVE-2017-10818 | MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | HIGH | Aug 4, 2017 | n/a |
| CVE-2017-10817 | MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | HIGH | Aug 4, 2017 | n/a |
| CVE-2017-10815 | MaLion for Windows 5.2.1 and earlier (only when Remote Control is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when Remote Control is installed) allows remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | MEDIUM | Aug 7, 2017 | n/a |
| CVE-2017-10819 | MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | MEDIUM | Aug 4, 2017 | n/a |
| CVE-2017-4028 | Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. | LOW | Apr 4, 2018 | n/a |
| CVE-2024-23188 | Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known. | -- | May 7, 2024 | n/a |
| CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | -- | Dec 22, 2022 | n/a |
| CVE-2022-22748 | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | -- | Dec 22, 2022 | n/a |
| CVE-2022-0475 | Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | LOW | Mar 21, 2022 | n/a |
| CVE-2018-11847 | Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016 | HIGH | Feb 12, 2019 | n/a |
| CVE-2017-5395 | Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | MEDIUM | Jun 12, 2018 | n/a |
| CVE-2017-5452 | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | MEDIUM | Jun 12, 2018 | n/a |
| CVE-2017-8046 | Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | HIGH | Jan 4, 2018 | n/a |
| CVE-2020-14511 | Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). | HIGH | Jul 15, 2020 | n/a |
| CVE-2015-8992 | Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | Medium | Mar 23, 2017 | n/a |
| CVE-2015-8991 | Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | MEDIUM | Mar 14, 2017 | n/a |
| CVE-2015-8993 | Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | MEDIUM | Mar 14, 2017 | n/a |
| CVE-2024-3094 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | HIGH | Apr 2, 2024 | n/a |
| CVE-2023-50379 | Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | -- | Feb 27, 2024 | n/a |
| CVE-2023-5247 | Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | -- | Nov 30, 2023 | n/a |
| CVE-2021-36095 | Malicious attacker is able to find out valid user logins by using the lost password feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | MEDIUM | Sep 9, 2021 | n/a |
| CVE-2020-13600 | Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr | HIGH | May 25, 2021 | n/a |
| CVE-2023-6640 | Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | -- | Feb 22, 2024 | n/a |
| CVE-2021-34798 | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2024-3051 | Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | -- | Apr 29, 2024 | n/a |
| CVE-2023-6533 | Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | -- | Feb 22, 2024 | n/a |
| CVE-2010-2480 | Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. | Medium | Jul 6, 2010 | n/a |
| CVE-2018-6112 | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | MEDIUM | Jan 10, 2019 | n/a |
| CVE-2023-51713 | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | -- | Dec 22, 2023 | n/a |
| CVE-2007-5626 | make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | Low | Oct 24, 2007 | n/a |
| CVE-2019-19746 | make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | MEDIUM | Dec 13, 2019 | n/a |
