Search
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10943 | 1 Siemens | 22 Simatic Et 200sp Open Controller Cpu 1515sp Pc, Simatic Et 200sp Open Controller Cpu 1515sp Pc2, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 Firmware and 19 more | 2020-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication. | |||||
| CVE-2019-16007 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2020-09-28 | 5.8 MEDIUM | 7.1 HIGH |
| A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application. | |||||
| CVE-2020-11493 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-09 | 5.8 MEDIUM | 8.1 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | |||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2020-09-03 | 4.3 MEDIUM | 7.5 HIGH |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2019-0805 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841. | |||||
| CVE-2019-6475 | 1 Isc | 1 Bind | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4. | |||||
| CVE-2019-7323 | 1 Logmx | 1 Logmx | 2020-08-24 | 5.1 MEDIUM | 7.5 HIGH |
| GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file. | |||||
| CVE-2017-11103 | 5 Apple, Debian, Freebsd and 2 more | 6 Iphone Os, Mac Os X, Debian Linux and 3 more | 2020-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. | |||||
| CVE-2020-15899 | 1 Grin | 1 Grin | 2020-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. | |||||
| CVE-2020-12406 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-07-22 | 9.3 HIGH | 8.8 HIGH |
| Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | |||||
| CVE-2020-12119 | 1 Ledger | 1 Ledger Live | 2020-07-08 | 5.8 MEDIUM | 8.1 HIGH |
| Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent. | |||||
| CVE-2019-19160 | 2 Cabsoftware, Microsoft | 4 Reportexpress Proplus, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). | |||||
| CVE-2020-6443 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2020-14453 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | |||||
| CVE-2019-11480 | 1 Canonical | 1 C-kernel | 2020-04-14 | 6.8 MEDIUM | 8.1 HIGH |
| The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16 | |||||
| CVE-2020-10266 | 1 Universal-robots | 4 Ur10, Ur3, Ur5 and 1 more | 2020-04-06 | 6.8 MEDIUM | 8.1 HIGH |
| UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand. | |||||
| CVE-2020-10831 | 1 Google | 1 Android | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). | |||||
| CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2020-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | |||||
| CVE-2019-17636 | 1 Eclipse | 1 Theia | 2020-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit. | |||||
| CVE-2019-15613 | 1 Nextcloud | 1 Server | 2020-02-16 | 6.0 MEDIUM | 8.0 HIGH |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | |||||
| CVE-2016-4554 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2019-12-27 | 5.0 MEDIUM | 8.6 HIGH |
| mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | |||||
| CVE-2016-4553 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2019-12-27 | 5.0 MEDIUM | 8.6 HIGH |
| client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | |||||
| CVE-2015-7539 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 7.6 HIGH | 7.5 HIGH |
| The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | |||||
| CVE-2017-12972 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2019-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | |||||
| CVE-2019-8112 | 1 Magento | 1 Magento | 2019-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation. | |||||
| CVE-2017-3218 | 1 Samsung | 1 Magician | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
| Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||||
| CVE-2017-3224 | 3 Quagga, Redhat, Suse | 4 Quagga, Package Manager, Opensuse and 1 more | 2019-10-09 | 4.3 MEDIUM | 8.2 HIGH |
| Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). | |||||
| CVE-2017-3219 | 1 Acronis | 1 True Image | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
| Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||||
| CVE-2017-10624 | 1 Juniper | 1 Junos Space | 2019-10-09 | 5.1 MEDIUM | 7.5 HIGH |
| Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | |||||
| CVE-2018-12333 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. | |||||
| CVE-2017-17023 | 2 Ncp-e, Sophos | 2 Ncp Secure Entry Client, Ipsec Client | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it. | |||||
| CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. | |||||
| CVE-2018-6562 | 1 Totemo | 1 Totemomail Encryption Gateway | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. | |||||
| CVE-2017-11178 | 1 Finecms Project | 1 Finecms | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked. | |||||
| CVE-2017-11130 | 1 Stashcat | 1 Heinekingmedia | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks. | |||||
| CVE-2017-0563 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. | |||||
| CVE-2018-7932 | 1 Huawei | 1 Appgallery | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone. | |||||
| CVE-2019-13483 | 1 Auth0 | 1 Passport-sharepoint | 2019-07-31 | 7.5 HIGH | 7.3 HIGH |
| Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. | |||||
| CVE-2016-1493 | 1 Intel | 1 Driver Update Utility | 2018-10-09 | 7.6 HIGH | 7.5 HIGH |
| Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2018-10080 | 1 Secutech Project | 6 Ris-11, Ris-11 Firmware, Ris-22 and 3 more | 2018-05-22 | 5.0 MEDIUM | 8.6 HIGH |
| Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. | |||||
| CVE-2017-14091 | 1 Trendmicro | 1 Scanmail | 2017-12-27 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | |||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2017-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2016-2309 | 1 Irz | 1 Ruh2 | 2017-01-10 | 8.0 HIGH | 7.2 HIGH |
| iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2016-9450 | 1 Drupal | 1 Drupal | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | |||||
| CVE-2016-2346 | 1 Allroundautomations | 1 Pl\/sql Developer | 2016-05-04 | 6.8 MEDIUM | 8.1 HIGH |
| Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | |||||
| CVE-2016-3983 | 1 Mcafee | 1 Advanced Threat Defense | 2016-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||||