Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2020-03-31 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-8535 | 1 Lenovo | 1 Solution Center | 2020-03-31 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | |||||
| CVE-2020-10954 | 1 Gitlab | 1 Gitlab | 2020-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab through 12.9 is affected by a potential DoS in repository archive download. | |||||
| CVE-2020-9375 | 1 Tp-link | 2 Archer C5, Archer C50 | 2020-03-31 | 7.8 HIGH | 7.5 HIGH |
| TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | |||||
| CVE-2018-1000222 | 3 Canonical, Debian, Libgd | 3 Ubuntu Linux, Debian Linux, Libgd | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. | |||||
| CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
| CVE-2020-9066 | 1 Huawei | 2 Oxfordp-an10b, Oxfordp-an10b Firmware | 2020-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | |||||
| CVE-2018-20786 | 1 Leonerd | 1 Libvterm | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c. | |||||
| CVE-2020-2160 | 1 Jenkins | 1 Jenkins | 2020-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | |||||
| CVE-2020-5281 | 1 Cesnet | 1 Perun | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. | |||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2020-03-30 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2020-03-30 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7335 | 1 Lenovo | 1 System Update | 2020-03-30 | 6.9 MEDIUM | 7.0 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2019-20613 | 1 Google | 1 Android | 2020-03-30 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019). | |||||
| CVE-2020-5280 | 1 Typelevel | 1 Http4s | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. | |||||
| CVE-2020-5129 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. | |||||
| CVE-2018-20452 | 1 Libxls Project | 1 Libxls | 2020-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c. | |||||
| CVE-2018-9841 | 1 Ffmpeg | 1 Ffmpeg | 2020-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | |||||
| CVE-2019-20592 | 1 Google | 1 Android | 2020-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019). | |||||
| CVE-2019-20591 | 1 Google | 1 Android | 2020-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019). | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2020-03-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | |||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2167 | 1 Jenkins | 1 Openshift Pipeline | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2019-20604 | 1 Google | 1 Android | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019). | |||||
| CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-19886 | 1 Trustwave | 1 Modsecurity | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2020-03-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | |||||
| CVE-2019-20499 | 1 D-link | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2020-03-28 | 7.2 HIGH | 7.8 HIGH |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | |||||
| CVE-2020-3769 | 1 Adobe | 1 Experience Manager | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-2165 | 1 Jfrog | 1 Artifactory | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-9551 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9552 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-7005 | 1 Honeywell | 1 Win-pak | 2020-03-27 | 6.8 MEDIUM | 8.8 HIGH |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-10931 | 1 Memcached | 1 Memcached | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. | |||||
| CVE-2019-16337 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | |||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | |||||
| CVE-2020-6978 | 1 Honeywell | 1 Win-pak | 2020-03-27 | 6.4 MEDIUM | 7.2 HIGH |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | |||||
| CVE-2019-6558 | 1 Auto-maskin | 5 Dcu 210e, Dcu 210e Firmware, Marine Pro Observer and 2 more | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | |||||
| CVE-2020-8984 | 1 Zend | 1 Zendto | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | |||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2020-03-27 | 6.8 MEDIUM | 8.8 HIGH |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | |||||
| CVE-2019-20573 | 1 Google | 1 Android | 2020-03-27 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). | |||||
| CVE-2019-20574 | 1 Google | 1 Android | 2020-03-27 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). | |||||
| CVE-2019-20531 | 1 Google | 1 Android | 2020-03-27 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019). | |||||
| CVE-2018-8974 | 1 Cdc | 1 Microbetrace | 2020-03-27 | 9.3 HIGH | 7.8 HIGH |
| Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. Fix released on 2018-03-28. | |||||
| CVE-2018-9113 | 1 Cdc | 1 Microbetrace | 2020-03-27 | 9.3 HIGH | 7.8 HIGH |
| Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. Fix released on 2018-03-29. | |||||
| CVE-2019-20565 | 1 Google | 1 Android | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). | |||||
| CVE-2020-6650 | 1 Eaton | 1 Ups Companion | 2020-03-27 | 5.8 MEDIUM | 8.8 HIGH |
| UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. | |||||