Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5949 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. | |||||
| CVE-2020-27508 | 1 Frappe | 1 Frappe | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | |||||
| CVE-2020-6019 | 1 Valvesoftware | 1 Game Networking Sockets | 2020-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. | |||||
| CVE-2016-5790 | 1 Enghousenetworks | 1 Lighthouse Sms | 2020-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | |||||
| CVE-2020-27151 | 1 Katacontainers | 1 Kata Containers | 2020-12-08 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes. | |||||
| CVE-2018-1327 | 1 Apache | 1 Struts | 2020-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. | |||||
| CVE-2017-1000080 | 1 Onosproject | 1 Onos | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | |||||
| CVE-2017-1000079 | 1 Onosproject | 1 Onos | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | |||||
| CVE-2020-7777 | 1 Jsen Project | 1 Jsen | 2020-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution. | |||||
| CVE-2019-19869 | 1 Br-automation | 1 Industrial Automation Aprol | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | |||||
| CVE-2020-28975 | 1 Scikit-learn | 1 Scikit-learn | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. | |||||
| CVE-2020-26242 | 1 Ethereum | 1 Go Ethereum | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | |||||
| CVE-2020-15481 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2020-12-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0. | |||||
| CVE-2020-25698 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2020-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2020-27696 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2020-12-02 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2020-27217 | 1 Eclipse | 1 Hono | 2020-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception. | |||||
| CVE-2020-13356 | 1 Gitlab | 1 Gitlab | 2020-12-01 | 6.4 MEDIUM | 8.2 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13958 | 1 Apache | 1 Openoffice | 2020-12-01 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. | |||||
| CVE-2020-27191 | 1 Lionwiki | 1 Lionwiki | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-27623 | 1 Jetbrains | 1 Ideavim | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | |||||
| CVE-2020-26224 | 1 Prestashop | 1 Prestashop | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. | |||||
| CVE-2020-26548 | 1 Aviatrix | 1 Controller | 2020-11-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | |||||
| CVE-2020-12927 | 1 Amd | 1 Vbios Flash Tool Software Development Kit | 2020-11-30 | 7.2 HIGH | 7.8 HIGH |
| A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. | |||||
| CVE-2020-12593 | 1 Symantec | 1 Endpoint Detection And Response | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | |||||
| CVE-2020-1847 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2020-27694 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 6.5 MEDIUM | 8.8 HIGH |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | |||||
| CVE-2020-28267 | 1 Set Project | 1 Set | 2020-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2015-5436 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out Firmware | 2020-11-24 | 7.8 HIGH | 7.5 HIGH |
| A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020. | |||||
| CVE-2020-26810 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. | |||||
| CVE-2020-4700 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. | |||||
| CVE-2020-4476 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | |||||
| CVE-2020-25013 | 1 Jetbrains | 1 Toolbox | 2020-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | |||||
| CVE-2020-12318 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2020-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-3556 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2020-11-20 | 4.4 MEDIUM | 7.3 HIGH |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability. | |||||
| CVE-2018-8768 | 1 Jupyter | 1 Notebook | 2020-11-19 | 6.8 MEDIUM | 7.8 HIGH |
| In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. | |||||
| CVE-2020-0418 | 1 Google | 1 Android | 2020-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813 | |||||
| CVE-2020-27977 | 1 Capasystems | 1 Capainstaller | 2020-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. | |||||
| CVE-2019-1010023 | 1 Gnu | 1 Glibc | 2020-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." | |||||
| CVE-2020-5793 | 2 Microsoft, Tenable | 3 Windows, Nessus, Nessus Agent | 2020-11-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | |||||
| CVE-2020-5941 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command. | |||||
| CVE-2020-5946 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Fraud Protection Service | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | |||||
| CVE-2020-5942 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2020-11-16 | 4.3 MEDIUM | 7.5 HIGH |
| In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. | |||||
| CVE-2017-16046 | 1 Mariadb | 1 Mariadb | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2020-13661 | 1 Telerik | 1 Fiddler | 2020-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. | |||||
| CVE-2020-10937 | 1 Protocol | 1 Ipfs | 2020-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this. | |||||
| CVE-2020-8580 | 1 Netapp | 1 E-series Santricity Os Controller | 2020-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). | |||||
| CVE-2020-14425 | 1 Foxitsoftware | 1 Foxit Reader | 2020-11-12 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. | |||||
| CVE-2020-13948 | 1 Apache | 1 Superset | 2020-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | |||||
| CVE-2020-13249 | 2 Mariadb, Opensuse | 2 Connector\/c, Leap | 2020-11-11 | 6.8 MEDIUM | 8.8 HIGH |
| libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | |||||
| CVE-2020-5939 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-11-10 | 4.3 MEDIUM | 7.5 HIGH |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. | |||||