Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13650 | 1 Digdash | 1 Digdash | 2020-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service. | |||||
| CVE-2019-20804 | 1 Gilacms | 1 Gila Cms | 2020-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | |||||
| CVE-2018-21258 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | |||||
| CVE-2017-18917 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | |||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2020-06-23 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | |||||
| CVE-2020-11622 | 1 Arista | 2 Cloudeos, Veos | 2020-06-23 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured. | |||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2020-06-23 | 8.3 HIGH | 8.8 HIGH |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | |||||
| CVE-2020-3268 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3274 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-3275 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-3278 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-3279 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2019-20854 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | |||||
| CVE-2019-20862 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. | |||||
| CVE-2019-20868 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | |||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2020-06-23 | 4.3 MEDIUM | 8.1 HIGH |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||||
| CVE-2013-6648 | 1 Google | 1 Skia | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2019-20871 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. | |||||
| CVE-2020-3276 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-3277 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2020-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-13238 | 1 Mitsubishielectric | 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more | 2020-06-23 | 7.8 HIGH | 7.5 HIGH |
| Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. | |||||
| CVE-2019-20886 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | |||||
| CVE-2019-15123 | 1 Vikisolutions | 1 Vera | 2020-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. | |||||
| CVE-2019-1003044 | 1 Jenkins | 1 Slack Notification | 2020-06-23 | 2.1 LOW | 7.1 HIGH |
| A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-20857 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | |||||
| CVE-2019-20858 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | |||||
| CVE-2019-20865 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | |||||
| CVE-2020-12827 | 1 Mjml | 1 Mjml | 2020-06-23 | 6.4 MEDIUM | 7.2 HIGH |
| MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | |||||
| CVE-2020-9225 | 1 Huawei | 1 Fusionsphere Openstack | 2020-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. | |||||
| CVE-2020-12850 | 1 Pydio | 1 Cells | 2020-06-22 | 6.9 MEDIUM | 7.0 HIGH |
| The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more. | |||||
| CVE-2020-0234 | 1 Google | 1 Android | 2020-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280 | |||||
| CVE-2020-5358 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-06-22 | 7.2 HIGH | 7.8 HIGH |
| Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | |||||
| CVE-2020-14156 | 1 Openbmc-project | 1 Openbmc | 2020-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. | |||||
| CVE-2020-12713 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2020-06-22 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. | |||||
| CVE-2018-3976 | 1 Canvasgfx | 1 Canvas Draw | 2020-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution. | |||||
| CVE-2020-14432 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2020-06-22 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2018-3980 | 1 Canvasgfx | 1 Canvas Draw | 2020-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2020-11090 | 1 Linuxfoundation | 1 Indy-node | 2020-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3. | |||||
| CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2020-06-22 | 6.9 MEDIUM | 7.3 HIGH |
| A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
| CVE-2020-11957 | 1 Cypress | 1 Psoc 4.2 Ble | 2020-06-22 | 5.4 MEDIUM | 7.5 HIGH |
| The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing. | |||||
| CVE-2020-12725 | 1 Redash | 1 Redash | 2020-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc. | |||||
| CVE-2020-4310 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | |||||
| CVE-2020-14448 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. | |||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | |||||
| CVE-2019-20888 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | |||||
| CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||||
| CVE-2020-14450 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. | |||||
| CVE-2019-20842 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. | |||||
| CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||||
| CVE-2020-14447 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. | |||||