Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14045 | 1 Qualcomm | 10 Apq8096au, Apq8096au Firmware, Qcs605 and 7 more | 2020-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130 | |||||
| CVE-2016-1000005 | 1 Facebook | 1 Hhvm | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | |||||
| CVE-2015-0565 | 1 Google | 1 Native Client | 2020-03-05 | 10.0 HIGH | 10.0 CRITICAL |
| NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | |||||
| CVE-2016-1000004 | 1 Facebook | 1 Hhvm | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | |||||
| CVE-2020-7450 | 1 Freebsd | 1 Freebsd | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | |||||
| CVE-2019-5613 | 1 Freebsd | 1 Freebsd | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. | |||||
| CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | |||||
| CVE-2019-19607 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2020-9751 | 1 Naver | 1 Cloud Explorer | 2020-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | |||||
| CVE-2020-5531 | 1 Mitsubishielectric | 10 Mi5122-vw, Mi5122-vw Firmware, Q24dhccpu-v and 7 more | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | |||||
| CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2020-9465 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | |||||
| CVE-2019-18902 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. | |||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | |||||
| CVE-2019-18903 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. | |||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | |||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | |||||
| CVE-2019-12511 | 1 Netgear | 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware | 2020-03-03 | 9.3 HIGH | 9.8 CRITICAL |
| In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. | |||||
| CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | |||||
| CVE-2020-9398 | 1 Ispconfig | 1 Ispconfig | 2020-03-03 | 9.3 HIGH | 9.8 CRITICAL |
| ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | |||||
| CVE-2017-10672 | 2 Debian, Xml-libxml Project | 2 Debian Linux, Xml-libxml | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | |||||
| CVE-2016-11020 | 1 Kunena | 1 Kunena | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | |||||
| CVE-2019-15609 | 1 Kill-port-process Project | 1 Kill-port-process | 2020-03-02 | 10.0 HIGH | 9.8 CRITICAL |
| The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | |||||
| CVE-2018-14705 | 1 Drobo | 2 5n2, 5n2 Firmware | 2020-03-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself. | |||||
| CVE-2014-3484 | 1 Musl-libc | 1 Musl | 2020-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. | |||||
| CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2020-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | |||||
| CVE-2020-9432 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9433 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9434 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2019-17275 | 1 Netapp | 1 Oncommand Cloud Manager | 2020-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | |||||
| CVE-2019-8641 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2020-3158 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-02-28 | 8.8 HIGH | 9.1 CRITICAL |
| A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. | |||||
| CVE-2015-1425 | 1 Jakweb | 1 Gecko Cms | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities | |||||
| CVE-2015-6970 | 1 Boschsecurity | 2 Nbn-498 Dinion2x Day\/night Ip Cameras, Nbn-498 Dinion2x Day\/night Ip Cameras Firmware | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. | |||||
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | |||||
| CVE-2014-3879 | 1 Freebsd | 1 Freebsd | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | |||||
| CVE-2019-19994 | 1 Seling | 1 Visual Access Manager | 2020-02-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php. | |||||
| CVE-2015-8710 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. | |||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
| CVE-2015-6922 | 1 Kaseya | 1 Virtual System Administrator | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. | |||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |||||
| CVE-2020-8963 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | |||||
| CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | |||||
| CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | |||||
| CVE-2013-3725 | 1 Invisioncommunity | 1 Invision Power Board | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | |||||
| CVE-2013-6236 | 1 Izoncam | 2 Izon Ip, Izon Ip Firmware | 2020-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| IZON IP 2.0.2: hard-coded password vulnerability | |||||
| CVE-2014-0234 | 1 Redhat | 1 Openshift | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
| CVE-2019-20046 | 1 S3india | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045. | |||||