Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2108 | 1 Jenkins | 1 Websphere Deployer | 2020-01-30 | 6.5 MEDIUM | 7.6 HIGH |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | |||||
| CVE-2018-16270 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. | |||||
| CVE-2018-16269 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | |||||
| CVE-2019-5647 | 1 Rapid7 | 1 Appspider | 2020-01-30 | 3.6 LOW | 7.1 HIGH |
| The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215. | |||||
| CVE-2019-19807 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-01-30 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. | |||||
| CVE-2013-3074 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2020-01-30 | 7.8 HIGH | 7.5 HIGH |
| NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). | |||||
| CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2020-01-30 | 6.4 MEDIUM | 7.2 HIGH |
| In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | |||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2020-01-30 | 6.0 MEDIUM | 7.2 HIGH |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | |||||
| CVE-2019-19232 | 1 Sudo | 1 Sudo | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. | |||||
| CVE-2019-19234 | 1 Sudo | 1 Sudo | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash. | |||||
| CVE-2020-7053 | 1 Linux | 1 Linux Kernel | 2020-01-30 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. | |||||
| CVE-2012-4981 | 1 Toshiba | 1 Configfree | 2020-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | |||||
| CVE-2019-17202 | 1 Fasttracksoftware | 1 Admin By Request | 2020-01-30 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. | |||||
| CVE-2020-7931 | 1 Jfrog | 1 Artifactory | 2020-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. | |||||
| CVE-2019-4639 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | |||||
| CVE-2013-2267 | 1 Fudforum | 1 Fudforum | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. | |||||
| CVE-2019-19893 | 1 Ixpdata | 1 Easyinstall | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | |||||
| CVE-2013-2474 | 1 Aws-dms | 1 Aws Xms | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. | |||||
| CVE-2014-9627 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. | |||||
| CVE-2012-5698 | 1 Babygekko | 1 Babygekko | 2020-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| BabyGekko before 1.2.4 has SQL injection. | |||||
| CVE-2014-8742 | 1 Lexmark | 1 Markvision Enterprise | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-9626 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | |||||
| CVE-2020-5224 | 1 Django-user-sessions Project | 1 Django-user-sessions | 2020-01-29 | 4.0 MEDIUM | 8.8 HIGH |
| In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | |||||
| CVE-2019-15989 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2020-01-29 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-20429 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2. | |||||
| CVE-2019-20425 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. | |||||
| CVE-2019-20428 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter. | |||||
| CVE-2019-20431 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. | |||||
| CVE-2013-6056 | 1 Alienvault | 1 Open Source Security Information Management | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability | |||||
| CVE-2020-7952 | 1 Valvesoftware | 1 Dota 2 | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. | |||||
| CVE-2019-16022 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2020-01-29 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-16020 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2020-01-29 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2014-9628 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | |||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| Local file inclusion in WebCalendar before 1.2.5. | |||||
| CVE-2019-17584 | 1 Meinbergglobal | 2 Syncbox\/ptpv2, Syncbox\/ptpv2 Firmware | 2020-01-29 | 8.5 HIGH | 7.5 HIGH |
| The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. | |||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | |||||
| CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||||
| CVE-2020-7105 | 1 Redislabs | 1 Hiredis | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | |||||
| CVE-2014-9625 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | |||||
| CVE-2014-9629 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | |||||
| CVE-2020-7213 | 1 Parallels | 1 Parallels | 2020-01-29 | 7.6 HIGH | 7.5 HIGH |
| Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. | |||||
| CVE-2014-9630 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | |||||
| CVE-2018-12415 | 1 Tibco | 1 Enterprise Message Service | 2020-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below. | |||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | |||||
| CVE-2012-3490 | 1 Wisc | 1 Htcondor | 2020-01-29 | 9.0 HIGH | 8.8 HIGH |
| The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2016-5311 | 1 Symantec | 9 Endpoint Protection, Endpoint Protection Cloud, Norton 360 and 6 more | 2020-01-29 | 6.9 MEDIUM | 7.8 HIGH |
| A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | |||||
| CVE-2011-4322 | 1 Websitebaker | 1 Websitebaker | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| websitebaker prior to and including 2.8.1 has an authentication error in backup module. | |||||
| CVE-2019-20385 | 1 Logaritmo | 1 Aware Callmanager | 2020-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI. | |||||
| CVE-2018-13718 | 1 Futurxe | 1 Futurxe | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||