Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15621 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-07-29 | 7.8 HIGH | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9711. | |||||
| CVE-2020-15622 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-07-29 | 7.8 HIGH | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9712. | |||||
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2020-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | |||||
| CVE-2017-11464 | 1 Gnome | 1 Librsvg | 2020-07-28 | 6.8 MEDIUM | 7.8 HIGH |
| A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | |||||
| CVE-2019-13312 | 1 Ffmpeg | 1 Ffmpeg | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | |||||
| CVE-2020-15631 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2020-07-28 | 5.8 MEDIUM | 8.0 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084. | |||||
| CVE-2020-10922 | 1 Automationdirect | 13 C-more Hmi Ea9 Firmware, Ea9-pgmsw, Ea9-rhmi and 10 more | 2020-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527. | |||||
| CVE-2020-15632 | 1 Dlink | 2 Dir-842, Dir-842 Firmware | 2020-07-28 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. | |||||
| CVE-2020-10918 | 1 Automationdirect | 13 C-more Hmi Ea9 Firmware, Ea9-pgmsw, Ea9-rhmi and 10 more | 2020-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182. | |||||
| CVE-2020-15633 | 1 D-link | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2020-07-28 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. | |||||
| CVE-2014-0160 | 10 Canonical, Debian, Fedoraproject and 7 more | 31 Ubuntu Linux, Debian Linux, Fedora and 28 more | 2020-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
| CVE-2017-12122 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14440 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14441 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14442 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14448 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14449 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-14450 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | |||||
| CVE-2018-3839 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2020-15713 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2020-15714 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2017-2718 | 1 Huawei | 1 Fusionsphere Openstack | 2020-07-28 | 8.3 HIGH | 8.8 HIGH |
| FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2018-11695 | 1 Sass-lang | 1 Libsass | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2020-6624 | 1 Jhead Project | 1 Jhead | 2020-07-28 | 5.8 MEDIUM | 7.1 HIGH |
| jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. | |||||
| CVE-2020-6625 | 1 Jhead Project | 1 Jhead | 2020-07-28 | 5.8 MEDIUM | 7.1 HIGH |
| jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. | |||||
| CVE-2019-0102 | 1 Intel | 1 Data Center Manager | 2020-07-28 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2011-3359 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 7.8 HIGH | 7.5 HIGH |
| The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. | |||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2020-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | |||||
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | |||||
| CVE-2012-1097 | 3 Linux, Redhat, Suse | 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more | 2020-07-27 | 7.2 HIGH | 7.8 HIGH |
| The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. | |||||
| CVE-2011-1771 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 4.4 MEDIUM | 7.8 HIGH |
| The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. | |||||
| CVE-2020-15908 | 1 Cauldrondevelopment | 1 C\! | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. | |||||
| CVE-2011-1770 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2020-07-27 | 7.8 HIGH | 7.5 HIGH |
| Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. | |||||
| CVE-2011-2534 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. | |||||
| CVE-2011-4087 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 4.3 MEDIUM | 7.5 HIGH |
| The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
| CVE-2020-10379 | 1 Python | 1 Pillow | 2020-07-27 | 6.8 MEDIUM | 7.8 HIGH |
| In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | |||||
| CVE-2020-11538 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2020-07-27 | 6.8 MEDIUM | 8.1 HIGH |
| In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |||||
| CVE-2020-7514 | 1 Schneider-electric | 1 Easergy Builder | 2020-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access. | |||||
| CVE-2020-7518 | 1 Schneider-electric | 1 Easergy Builder | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | |||||
| CVE-2020-7519 | 1 Schneider-electric | 1 Easergy Builder | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | |||||
| CVE-2020-5611 | 1 Wpsocialrocket | 1 Social Sharing | 2020-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-17514 | 1 Python | 1 Python | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. | |||||
| CVE-2019-9674 | 1 Python | 1 Python | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | |||||
| CVE-2017-11738 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-07-27 | 6.8 MEDIUM | 8.1 HIGH |
| In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. | |||||
| CVE-2017-3857 | 1 Cisco | 2 Ios, Ios Xe | 2020-07-27 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078. | |||||
| CVE-2020-15896 | 1 Dlink | 2 Dap-1522, Dap-1522 Firmware | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. | |||||
| CVE-2020-15923 | 1 Midasolutions | 1 Eframework | 2020-07-27 | 7.8 HIGH | 7.5 HIGH |
| Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. | |||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | |||||