Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5556 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2020-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2020-5561 | 1 Keijiban Tsumiki Project | 1 Keijiban Tsumiki | 2020-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2019-20562 | 1 Google | 1 Android | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019). | |||||
| CVE-2019-20563 | 1 Google | 1 Android | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019). | |||||
| CVE-2019-20558 | 2 Google, Samsung | 2 Android, Exynos | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019). | |||||
| CVE-2020-10848 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2020-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020). | |||||
| CVE-2020-6989 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. | |||||
| CVE-2020-6985 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | |||||
| CVE-2020-6995 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2020-10835 | 1 Samsung | 1 Exynos | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020). | |||||
| CVE-2020-10850 | 1 Google | 1 Android | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020). | |||||
| CVE-2020-5555 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2020-03-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. | |||||
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2020-03-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | |||||
| CVE-2020-6981 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | |||||
| CVE-2019-20545 | 1 Google | 1 Android | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019). | |||||
| CVE-2019-20544 | 1 Google | 1 Android | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019). | |||||
| CVE-2020-6991 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | |||||
| CVE-2019-20548 | 1 Google | 1 Android | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019). | |||||
| CVE-2019-20621 | 1 Google | 1 Android | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019). | |||||
| CVE-2019-20622 | 1 Google | 1 Android | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019). | |||||
| CVE-2020-10806 | 1 Ez | 2 Ez Publish-kernel, Ez Publish-legacy | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | |||||
| CVE-2020-7007 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | |||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2020-03-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | |||||
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2020-03-25 | 5.8 MEDIUM | 9.1 CRITICAL |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | |||||
| CVE-2020-8868 | 1 Quest | 1 Foglight Evolve | 2020-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | |||||
| CVE-2019-12767 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. | |||||
| CVE-2019-6560 | 1 Auto-maskin | 5 Dcu 210, Dcu 210 Firmware, Marine Pro Observer and 2 more | 2020-03-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | |||||
| CVE-2020-7480 | 1 Schneider-electric | 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | |||||
| CVE-2020-9752 | 1 Naver | 1 Cloud Explorer | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | |||||
| CVE-2020-8137 | 1 Blamer Project | 1 Blamer | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | |||||
| CVE-2019-11574 | 1 Simplemachines | 1 Simple Machine Forum | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | |||||
| CVE-2019-16072 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. | |||||
| CVE-2020-10799 | 1 Svglib Project | 1 Svglib | 2020-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | |||||
| CVE-2020-8135 | 1 Uppy | 1 Uppy | 2020-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | |||||
| CVE-2018-20334 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2020-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. | |||||
| CVE-2019-16064 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-23 | 5.5 MEDIUM | 9.6 CRITICAL |
| NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance. | |||||
| CVE-2020-9423 | 1 Logicaldoc | 1 Logicaldoc | 2020-03-20 | 10.0 HIGH | 9.8 CRITICAL |
| LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges. | |||||
| CVE-2020-10674 | 1 Perlspeak Project | 1 Perlspeak | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | |||||
| CVE-2020-8600 | 1 Trendmicro | 1 Worry-free Business Security | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | |||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2020-6990 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 10.0 HIGH | 9.8 CRITICAL |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | |||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | |||||
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | |||||
| CVE-2020-10567 | 1 Tecrail | 1 Responsive Filemanager | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.) | |||||
| CVE-2019-12131 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | |||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12112 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12971 | 1 G-u | 2 Bks Ebk Ethernet-buskoppler Pro, Bks Ebk Ethernet-buskoppler Pro Firmware | 2020-03-19 | 10.0 HIGH | 9.8 CRITICAL |
| BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. | |||||