Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1910 | 2 Baseurl, Debian | 2 Yum, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | |||||
| CVE-2019-10197 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-08-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. | |||||
| CVE-2020-9527 | 1 Hichip | 1 Shenzhen Hichip Vision Technology Firmware | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. | |||||
| CVE-2019-3772 | 2 Oracle, Vmware | 2 Retail Customer Management And Segmentation Foundation, Spring Integration | 2020-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |||||
| CVE-2016-9180 | 1 Xmltwig | 1 Xml-twig For Perl | 2020-08-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. | |||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | |||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2020-08-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | |||||
| CVE-2018-17246 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2020-0260 | 1 Google | 1 Android | 2020-08-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 | |||||
| CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2020-08-14 | 8.5 HIGH | 9.0 CRITICAL |
| SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | |||||
| CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
| CVE-2020-11552 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2020-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM. | |||||
| CVE-2020-14324 | 1 Redhat | 1 Cloudforms Management Engine | 2020-08-13 | 6.5 MEDIUM | 9.1 CRITICAL |
| A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. | |||||
| CVE-2020-8904 | 1 Google | 1 Asylo | 2020-08-13 | 5.5 MEDIUM | 9.6 CRITICAL |
| An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later. | |||||
| CVE-2018-15386 | 1 Cisco | 1 Digital Network Architecture Center | 2020-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. | |||||
| CVE-2019-18814 | 1 Linux | 1 Linux Kernel | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. | |||||
| CVE-2017-14586 | 1 Atlassian | 1 Hipchat | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. | |||||
| CVE-2020-8025 | 1 Suse | 3 Linux Enterprise High Performance Computing, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2020-08-12 | 4.6 MEDIUM | 9.3 CRITICAL |
| A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. | |||||
| CVE-2013-5615 | 5 Canonical, Fedoraproject, Mozilla and 2 more | 10 Ubuntu Linux, Fedora, Firefox and 7 more | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-5613 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. | |||||
| CVE-2013-5616 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. | |||||
| CVE-2013-5609 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2013-5618 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. | |||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | |||||
| CVE-2020-13376 | 1 Securenvoy | 1 Securmail | 2020-08-12 | 9.3 HIGH | 9.0 CRITICAL |
| SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | |||||
| CVE-2020-7356 | 1 Cayintech | 1 Xpost | 2020-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. | |||||
| CVE-2020-5609 | 1 Yokogawa | 8 B\/m9000cs, B\/m9000cs Firmware, B\/m9000vp and 5 more | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. | |||||
| CVE-2020-5608 | 1 Yokogawa | 8 B\/m9000cs, B\/m9000cs Firmware, B\/m9000vp and 5 more | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. | |||||
| CVE-2018-0448 | 1 Cisco | 1 Digital Network Architecture Center | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users. | |||||
| CVE-2020-8597 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2020-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | |||||
| CVE-2020-13292 | 1 Gitlab | 1 Gitlab | 2020-08-11 | 5.5 MEDIUM | 9.6 CRITICAL |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | |||||
| CVE-2019-11286 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2020-08-11 | 6.5 MEDIUM | 9.1 CRITICAL |
| VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution. | |||||
| CVE-2014-1493 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-11 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2020-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | |||||
| CVE-2020-3681 | 1 Qualcomm | 1 - | 2020-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. | |||||
| CVE-2020-12441 | 1 Ivanti | 2 Desktop\&server Management, Service Manager Heat Remote Control | 2020-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet. | |||||
| CVE-2020-10921 | 1 Automationdirect | 13 C-more Hmi Ea9 Firmware, Ea9-pgmsw, Ea9-rhmi and 10 more | 2020-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482. | |||||
| CVE-2017-3881 | 1 Cisco | 323 Catalyst 2350-48td-s, Catalyst 2350-48td-sd, Catalyst 2360-48td-s and 320 more | 2020-08-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. | |||||
| CVE-2014-1486 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2020-08-07 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. | |||||
| CVE-2014-1477 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2020-08-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2020-16271 | 1 Kee | 1 Keepassrpc | 2020-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | |||||
| CVE-2020-16272 | 1 Kee | 1 Keepassrpc | 2020-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection. | |||||
| CVE-2020-13921 | 1 Apache | 1 Skywalking | 2020-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | |||||
| CVE-2019-18394 | 1 Igniterealtime | 1 Openfire | 2020-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | |||||
| CVE-2020-5616 | 8 Calendar01 Project, Calendar02 Project, Calendarform01 Project and 5 more | 8 Calendar01, Calendar02, Calendarform01 and 5 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. | |||||
| CVE-2014-1532 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | |||||
| CVE-2014-1524 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. | |||||
| CVE-2020-3374 | 1 Cisco | 1 Sd-wan | 2020-08-06 | 9.0 HIGH | 9.9 CRITICAL |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. | |||||
| CVE-2020-16163 | 1 Ripe | 1 Rpki Validator 3 | 2020-08-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182. | |||||
| CVE-2019-20025 | 1 Nec | 2 Sv9100, Sv9100 Firmware | 2020-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0. | |||||