Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1098 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2019-1099 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2019-1100 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2019-1101 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1116. | |||||
| CVE-2018-19871 | 2 Opensuse, Qt | 2 Leap, Qt | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | |||||
| CVE-2018-19872 | 3 Fedoraproject, Opensuse, Qt | 3 Fedora, Leap, Qt | 2020-09-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. | |||||
| CVE-2020-12840 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php | |||||
| CVE-2020-12841 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php | |||||
| CVE-2020-12280 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. | |||||
| CVE-2020-12281 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. | |||||
| CVE-2020-24370 | 1 Lua | 1 Lua | 2020-09-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | |||||
| CVE-2020-5628 | 1 Uniqlo | 1 Uniqlo | 2020-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | |||||
| CVE-2020-5629 | 1 Uniqlo | 1 Uniqlo | 2020-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | |||||
| CVE-2020-14023 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | |||||
| CVE-2020-14024 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. | |||||
| CVE-2020-14027 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 3.5 LOW | 5.3 MEDIUM |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks. | |||||
| CVE-2020-14021 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges. | |||||
| CVE-2019-19054 | 3 Fedoraproject, Linux, Opensuse | 3 Fedora, Linux Kernel, Leap | 2020-09-25 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. | |||||
| CVE-2020-16150 | 1 Arm | 1 Mbed Tls | 2020-09-25 | 2.1 LOW | 5.5 MEDIUM |
| A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. | |||||
| CVE-2020-16200 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 3.3 LOW | 6.5 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | |||||
| CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 5.8 MEDIUM | 6.3 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2020-14506 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2019-19067 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2020-09-25 | 4.9 MEDIUM | 4.4 MEDIUM |
| ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. | |||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | |||||
| CVE-2020-15773 | 1 Gradle | 1 Enterprise | 2020-09-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. | |||||
| CVE-2020-26115 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | |||||
| CVE-2020-26114 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | |||||
| CVE-2017-5499 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-5503 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-5504 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||||
| CVE-2017-5505 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||||
| CVE-2017-9782 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. | |||||
| CVE-2018-18873 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||||
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
| CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-09-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
| CVE-2018-20622 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-09-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | |||||
| CVE-2020-12625 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |||||
| CVE-2020-15562 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | |||||
| CVE-2020-16145 | 1 Roundcube | 1 Webmail | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | |||||
| CVE-2020-25735 | 1 Webtareas Project | 1 Webtareas | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | |||||
| CVE-2020-25734 | 1 Webtareas Project | 1 Webtareas | 2020-09-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| webTareas through 2.1 allows files/Default/ Directory Listing. | |||||
| CVE-2020-9416 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2020-09-24 | 3.5 LOW | 5.4 MEDIUM |
| The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. | |||||
| CVE-2020-0318 | 1 Google | 1 Android | 2020-09-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | |||||
| CVE-2020-0268 | 1 Google | 1 Android | 2020-09-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | |||||
| CVE-2020-5540 | 1 Cybersolutions | 1 Cybermail | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. | |||||
| CVE-2020-5541 | 1 Cybersolutions | 1 Cybermail | 2020-09-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2020-25729 | 1 Zoneminder | 1 Zoneminder | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. | |||||
| CVE-2020-5606 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2020-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | |||||
| CVE-2020-5605 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2020-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | |||||