Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18894 | 1 Lexmark | 98 6500e, 6500e Firmware, C748 and 95 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | |||||
| CVE-2020-5254 | 1 Nethack | 1 Nethack | 2020-03-20 | 6.8 MEDIUM | 8.1 HIGH |
| In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. | |||||
| CVE-2018-21037 | 1 Intelliants | 1 Subrion | 2020-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | |||||
| CVE-2020-6984 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | |||||
| CVE-2020-3947 | 1 Vmware | 2 Fusion, Workstation | 2020-03-20 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. | |||||
| CVE-2020-6988 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. | |||||
| CVE-2019-5543 | 2 Microsoft, Vmware | 4 Windows, Horizon Client, Remote Console and 1 more | 2020-03-20 | 7.2 HIGH | 7.8 HIGH |
| For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. | |||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-9859 | 1 Vestacp | 1 Vesta Control Panel | 2020-03-20 | 9.0 HIGH | 8.8 HIGH |
| Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: "escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument." It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places. | |||||
| CVE-2019-11111 | 1 Intel | 1 Graphics Driver | 2020-03-20 | 4.6 MEDIUM | 7.8 HIGH |
| Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0565 | 1 Intel | 1 Graphics Driver | 2020-03-20 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2020-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | |||||
| CVE-2018-11354 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |||||
| CVE-2018-11355 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. | |||||
| CVE-2018-11356 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | |||||
| CVE-2018-11357 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |||||
| CVE-2018-11358 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. | |||||
| CVE-2018-11359 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | |||||
| CVE-2018-11360 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. | |||||
| CVE-2018-11361 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. | |||||
| CVE-2018-11362 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. | |||||
| CVE-2018-14339 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. | |||||
| CVE-2018-14340 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. | |||||
| CVE-2018-14341 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | |||||
| CVE-2018-14342 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. | |||||
| CVE-2018-14343 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | |||||
| CVE-2018-14344 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. | |||||
| CVE-2018-14367 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. | |||||
| CVE-2018-14368 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. | |||||
| CVE-2018-14369 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. | |||||
| CVE-2018-14370 | 1 Wireshark | 1 Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. | |||||
| CVE-2018-18226 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | |||||
| CVE-2018-18227 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |||||
| CVE-2018-19622 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | |||||
| CVE-2018-19623 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. | |||||
| CVE-2018-19627 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | |||||
| CVE-2018-19628 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. | |||||
| CVE-2020-9471 | 1 Umbraco | 1 Umbraco Cms | 2020-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | |||||
| CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2020-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | |||||
| CVE-2020-10568 | 1 Onthegosystems | 1 Sitepress-multilingual-cms | 2020-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. | |||||
| CVE-2020-6585 | 1 Nagios | 1 Nagios | 2020-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| Nagios Log Server 2.1.3 has CSRF. | |||||
| CVE-2020-5546 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2020-03-19 | 5.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-10566 | 1 Freebsd | 1 Freebsd | 2020-03-19 | 4.6 MEDIUM | 7.8 HIGH |
| grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | |||||
| CVE-2020-10238 | 1 Joomla | 1 Joomla\! | 2020-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | |||||
| CVE-2019-13195 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | |||||
| CVE-2019-13196 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13206 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13203 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2020-10562 | 1 Devome | 1 Grr | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | |||||