Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16000 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | |||||
| CVE-2020-24481 | 1 Intel | 1 Quartus | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24462 | 1 Intel | 1 Graphics Drivers | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-24453 | 1 Intel | 1 Epid Software Development Kit | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2021-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
| CVE-2020-24451 | 1 Intel | 1 Optane Dc Persistent Memory Module Management | 2021-02-23 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24450 | 1 Intel | 1 Graphics Drivers | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-22858 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | |||||
| CVE-2020-26982 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898) | |||||
| CVE-2020-26992 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-23 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-26993 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-26994 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-26983 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900) | |||||
| CVE-2020-26996 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027) | |||||
| CVE-2020-10664 | 1 Windriver | 1 Vxworks | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. | |||||
| CVE-2020-11620 | 4 Debian, Fasterxml, Netapp and 1 more | 18 Debian Linux, Jackson-databind, Active Iq Unified Manager and 15 more | 2021-02-22 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | |||||
| CVE-2020-26984 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972) | |||||
| CVE-2020-11619 | 4 Debian, Fasterxml, Netapp and 1 more | 21 Debian Linux, Jackson-databind, Active Iq Unified Manager and 18 more | 2021-02-22 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | |||||
| CVE-2021-27232 | 1 Pelco | 1 Digital Sentry Server | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered. | |||||
| CVE-2021-27224 | 1 Irfanview | 2 Irfanview, Wpg | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. | |||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | |||||
| CVE-2020-12384 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-12385 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12380 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12377 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-26985 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994) | |||||
| CVE-2020-0544 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0521 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8678 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-20443 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. | |||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-02-22 | 7.8 HIGH | 7.5 HIGH |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | |||||
| CVE-2020-29140 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
| CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
| CVE-2020-26986 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014) | |||||
| CVE-2020-26987 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017) | |||||
| CVE-2020-26988 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891) | |||||
| CVE-2020-12369 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12368 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-26980 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881) | |||||
| CVE-2020-12367 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-12366 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-14872 | 1 Oracle | 1 Vm Virtualbox | 2021-02-22 | 7.2 HIGH | 8.2 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-8639 | 1 Testlink | 1 Testlink | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. | |||||
| CVE-2020-28851 | 1 Golang | 1 Go | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |||||
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | |||||
| CVE-2019-14733 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. | |||||
| CVE-2019-14692 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. | |||||
| CVE-2020-12362 | 2 Intel, Linux | 2 Graphics Drivers, Linux Kernel | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-12339 | 1 Intel | 1 Collaboration Suite | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2020-29139 | 1 Open-emr | 1 Openemr | 2021-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | |||||