Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||
| CVE-2020-6417 | 1 Google | 1 Chrome | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||||
| CVE-2020-6414 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | |||||
| CVE-2020-8892 | 1 Misp | 1 Misp | 2020-02-14 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. | |||||
| CVE-2020-2121 | 1 Jenkins | 1 Google Kubernetes Engine | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-8893 | 1 Misp | 1 Misp | 2020-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. | |||||
| CVE-2020-3925 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2020-02-12 | 9.3 HIGH | 8.8 HIGH |
| A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | |||||
| CVE-2012-1567 | 1 Linuxmint | 1 Linuxmint | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. | |||||
| CVE-2012-1566 | 1 Linuxmint | 1 Linuxmint | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. | |||||
| CVE-2020-6410 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. | |||||
| CVE-2020-6409 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. | |||||
| CVE-2012-6307 | 1 Impulseadventure | 1 Jpegsnoop | 2020-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code | |||||
| CVE-2012-6309 | 1 Arctic Torrent Project | 1 Arctic Torrent | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. | |||||
| CVE-2020-2556 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2020-02-07 | 4.4 MEDIUM | 7.3 HIGH |
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L). | |||||
| CVE-2020-2549 | 1 Oracle | 1 Weblogic Server | 2020-02-07 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2518 | 1 Oracle | 1 Database Server | 2020-02-07 | 6.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2688 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2020-02-07 | 5.5 MEDIUM | 7.1 HIGH |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2020-2728 | 1 Oracle | 1 Identity Manager | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2020-2511 | 1 Oracle | 1 Database Server | 2020-02-07 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2013-2646 | 1 Tp-link | 2 Tl-wr1043nd, Tl-wr1043nd Firmware | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. | |||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||||
| CVE-2011-4115 | 1 Cpan | 1 Parallel\ | 2020-02-05 | 6.4 MEDIUM | 7.5 HIGH |
| Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4117 | 1 Cpan | 1 Batch\ | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||||
| CVE-2020-5852 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2 | |||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | |||||
| CVE-2015-2929 | 1 Torproject | 1 Tor | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. | |||||
| CVE-2015-2928 | 1 Torproject | 1 Tor | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | |||||
| CVE-2014-3979 | 1 Bytemark | 1 Symbiosis | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. | |||||
| CVE-2012-6613 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2020-01-30 | 9.0 HIGH | 7.2 HIGH |
| D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | |||||
| CVE-2019-19232 | 1 Sudo | 1 Sudo | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. | |||||
| CVE-2019-19234 | 1 Sudo | 1 Sudo | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash. | |||||
| CVE-2020-7931 | 1 Jfrog | 1 Artifactory | 2020-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. | |||||
| CVE-2020-7952 | 1 Valvesoftware | 1 Dota 2 | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. | |||||
| CVE-2019-17584 | 1 Meinbergglobal | 2 Syncbox\/ptpv2, Syncbox\/ptpv2 Firmware | 2020-01-29 | 8.5 HIGH | 7.5 HIGH |
| The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. | |||||
| CVE-2012-3490 | 1 Wisc | 1 Htcondor | 2020-01-29 | 9.0 HIGH | 8.8 HIGH |
| The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2020-7949 | 1 Valvesoftware | 1 Dota 2 | 2020-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. | |||||
| CVE-2020-7950 | 1 Valvesoftware | 1 Dota 2 | 2020-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. | |||||
| CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2020-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | |||||
| CVE-2019-20373 | 2 Debian, Ltsp | 2 Debian Linux, Ldm | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | |||||
| CVE-2011-2668 | 1 Mozilla | 1 Firefox | 2020-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | |||||
| CVE-2019-11993 | 1 Hp | 16 Simplivity 2600 Gen10, Simplivity 2600 Gen10 Firmware, Simplivity 380 Gen10 and 13 more | 2020-01-21 | 9.4 HIGH | 7.5 HIGH |
| A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | |||||
| CVE-2015-3159 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2020-01-21 | 7.2 HIGH | 7.8 HIGH |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | |||||
| CVE-2018-11083 | 1 Cloud Foundry | 1 Bosh | 2020-01-17 | 6.8 MEDIUM | 8.1 HIGH |
| Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources. | |||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | |||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2020-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | |||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2020-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | |||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2020-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. | |||||
| CVE-2017-7323 | 1 Modx | 1 Modx Revolution | 2020-01-10 | 6.8 MEDIUM | 8.1 HIGH |
| The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. | |||||
| CVE-2016-3477 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2019-12-27 | 4.1 MEDIUM | 8.1 HIGH |
| Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. | |||||