| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). |
| An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. |
| register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. |
| PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB). |
| Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. |
| Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. |
| An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. |
| dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. |
