Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5213 | 1 Nethack | 1 Nethack | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | |||||
| CVE-2020-5212 | 1 Nethack | 1 Nethack | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | |||||
| CVE-2020-8591 | 1 Eginnovations | 1 Eg Manager | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | |||||
| CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | |||||
| CVE-2019-15975 | 1 Cisco | 1 Data Center Network Manager | 2020-02-06 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-15976 | 1 Cisco | 1 Data Center Network Manager | 2020-02-06 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-8508 | 1 Norman | 1 Malware Cleaner | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. | |||||
| CVE-2020-5235 | 1 Nanopb Project | 1 Nanopb | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4. | |||||
| CVE-2020-8125 | 1 Klona Project | 1 Klona | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | |||||
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | |||||
| CVE-2020-8510 | 1 Phpabook Project | 1 Phpabook | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | |||||
| CVE-2019-0189 | 1 Apache | 1 Ofbiz | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 | |||||
| CVE-2013-2571 | 1 Hcomm | 1 Xpient Iris | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | |||||
| CVE-2020-6959 | 1 Honeywell | 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. | |||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||||
| CVE-2014-8322 | 1 Aircrack-ng | 1 Aircrack-ng | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | |||||
| CVE-2020-8592 | 1 Eginnovations | 1 Eg Manager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | |||||
| CVE-2020-8440 | 1 Simplejobscript | 1 Simplejobscript | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | |||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2020-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5206 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.4 MEDIUM | 10.0 CRITICAL |
| In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | |||||
| CVE-2018-16836 | 1 Rubedo Project | 1 Rubedo | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | |||||
| CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | |||||
| CVE-2019-19825 | 1 Totolink | 16 A3002ru, A3002ru Firmware, A702r and 13 more | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. | |||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | |||||
| CVE-2014-3719 | 1 Exlibrisgroup | 1 Aleph 500 | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. | |||||
| CVE-2013-3960 | 1 Easytimestudio | 1 Easy File Manager | 2020-02-04 | 8.7 HIGH | 9.9 CRITICAL |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | |||||
| CVE-2013-7052 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | |||||
| CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2020-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | |||||
| CVE-2013-7055 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2014-2896 | 1 Wolfssl | 1 Wolfssl | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. | |||||
| CVE-2014-2897 | 1 Wolfssl | 1 Wolfssl | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | |||||
| CVE-2014-2898 | 1 Wolfssl | 1 Wolfssl | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | |||||
| CVE-2013-4864 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. | |||||
| CVE-2020-7956 | 1 Hashicorp | 1 Nomad | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | |||||
| CVE-2020-4207 | 2 Ibm, Linux | 3 Iot Messagesight, Watson Iot Platform - Message Gateway, Linux Kernel | 2020-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. | |||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2020-02-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | |||||
| CVE-2016-10935 | 1 Visser | 1 Store Exporter For Woocommerce | 2020-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | |||||
| CVE-2017-11125 | 1 Xar Project | 1 Xar | 2020-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. | |||||
| CVE-2017-11124 | 1 Xar Project | 1 Xar | 2020-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. | |||||
| CVE-2019-17095 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. | |||||
| CVE-2013-2568 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2013-2570 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2020-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. | |||||
| CVE-2013-4333 | 1 Tejimaya | 1 Openpne | 2020-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | |||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2020-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | |||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | |||||
| CVE-2015-0244 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | |||||