Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2020-10-20 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-24889 | 1 Libraw | 1 Libraw | 2020-10-20 | 5.1 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | |||||
| CVE-2019-6477 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). | |||||
| CVE-2020-8616 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-10-20 | 5.0 MEDIUM | 8.6 HIGH |
| A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. | |||||
| CVE-2020-8617 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | |||||
| CVE-2020-4772 | 1 Ibm | 1 Curam Social Program Management | 2020-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. | |||||
| CVE-2020-4254 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. | |||||
| CVE-2020-4636 | 2 Ibm, Linux | 2 Resilient Security Orchestration Automation And Response, Linux Kernel | 2020-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | |||||
| CVE-2020-7383 | 1 Rapid7 | 1 Nexpose | 2020-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. | |||||
| CVE-2019-9510 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2020-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later. | |||||
| CVE-2019-16005 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2020-10-19 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. | |||||
| CVE-2019-1950 | 1 Cisco | 34 Asr 1000-x, Asr 1001-hx, Asr 1002-hx and 31 more | 2020-10-19 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. | |||||
| CVE-2020-7811 | 2 Microsoft, Samsung | 2 Windows, Update | 2020-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | |||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-19 | 6.8 MEDIUM | 7.7 HIGH |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | |||||
| CVE-2020-9891 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9888 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9890 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-17417 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657. | |||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2020-10-19 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | |||||
| CVE-2020-9799 | 1 Apple | 1 Mac Os X | 2020-10-19 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-17416 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11497. | |||||
| CVE-2020-15235 | 1 Ractf | 1 Core | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched. | |||||
| CVE-2020-25263 | 1 Pyrocms | 1 Pyrocms | 2020-10-19 | 5.8 MEDIUM | 7.1 HIGH |
| PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. | |||||
| CVE-2019-11847 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2020-10-19 | 7.2 HIGH | 7.8 HIGH |
| An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. | |||||
| CVE-2020-4776 | 1 Ibm | 1 Curam Social Program Management | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. | |||||
| CVE-2019-7611 | 1 Elastic | 1 Elasticsearch | 2020-10-19 | 6.8 MEDIUM | 8.1 HIGH |
| A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. | |||||
| CVE-2019-3879 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2020-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests. | |||||
| CVE-2019-3827 | 1 Gnome | 1 Gvfs | 2020-10-19 | 3.3 LOW | 7.0 HIGH |
| An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. | |||||
| CVE-2019-5415 | 1 Zeit | 1 Serve | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | |||||
| CVE-2019-3833 | 3 Fedoraproject, Opensuse, Openwsman Project | 3 Fedora, Leap, Openwsman | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | |||||
| CVE-2019-3780 | 1 Cloudfoundry | 1 Container Runtime | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account. | |||||
| CVE-2019-8269 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207. | |||||
| CVE-2019-3781 | 1 Cloudfoundry | 1 Command Line Interface | 2020-10-19 | 3.5 LOW | 8.8 HIGH |
| Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. | |||||
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2020-10-19 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||
| CVE-2019-3921 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code. | |||||
| CVE-2019-3917 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | |||||
| CVE-2019-6528 | 1 Psigridconnect | 10 Iec104 Security Proxy, Iec104 Security Proxy Firmware, Smart Telecontrol Unit Tcg and 7 more | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | |||||
| CVE-2019-3782 | 1 Cloudfoundry | 1 Credhub Cli | 2020-10-19 | 2.1 LOW | 7.8 HIGH |
| Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | |||||
| CVE-2019-3806 | 1 Powerdns | 1 Recursor | 2020-10-19 | 6.8 MEDIUM | 8.1 HIGH |
| An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. | |||||
| CVE-2020-26898 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-10-19 | 8.3 HIGH | 8.8 HIGH |
| NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. | |||||
| CVE-2019-3613 | 1 Mcafee | 1 Agent | 2020-10-19 | 4.4 MEDIUM | 7.3 HIGH |
| DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-4779 | 1 Ibm | 1 Curam Social Program Management | 2020-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. | |||||
| CVE-2020-24216 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. | |||||
| CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||||
| CVE-2020-13760 | 1 Joomla | 1 Joomla\! | 2020-10-19 | 6.8 MEDIUM | 8.8 HIGH |
| In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | |||||
| CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | |||||
| CVE-2019-14557 | 1 Intel | 55 Bios, Celeron 4205u, Celeron 4305u and 52 more | 2020-10-19 | 5.2 MEDIUM | 8.0 HIGH |
| Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access. | |||||
| CVE-2017-8452 | 1 Elastic | 1 Kibana | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. | |||||