Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4048 | 1 Wordpress | 1 Wordpress | 2020-09-11 | 4.9 MEDIUM | 5.7 MEDIUM |
| In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2018-5165 | 1 Mozilla | 1 Firefox | 2020-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60. | |||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2020-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | |||||
| CVE-2020-5418 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2020-09-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | |||||
| CVE-2020-7382 | 1 Rapid7 | 1 Nexpose | 2020-09-11 | 4.4 MEDIUM | 6.5 MEDIUM |
| Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40. | |||||
| CVE-2016-5011 | 3 Ibm, Kernel, Redhat | 9 Power Hardware Management Console, Powerkvm, Util-linux and 6 more | 2020-09-11 | 4.9 MEDIUM | 4.6 MEDIUM |
| The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | |||||
| CVE-2015-8613 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-11 | 1.9 LOW | 6.5 MEDIUM |
| Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | |||||
| CVE-2020-12058 | 1 Oscommerce | 1 Ce Phoenix | 2020-09-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. | |||||
| CVE-2020-6873 | 1 Zte | 2 Zxr10 2800-4 Almpufb\(low\), Zxr10 2800-4 Almpufb\(low\) Firmware | 2020-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40. | |||||
| CVE-2020-14514 | 1 Nmfc | 1 Power Line Communications | 2020-09-11 | 3.3 LOW | 4.3 MEDIUM |
| All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements. | |||||
| CVE-2020-24385 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2020-09-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). | |||||
| CVE-2020-24863 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2020-09-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. | |||||
| CVE-2020-4578 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2020-09-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. | |||||
| CVE-2020-9726 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2020-09-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious FrameMaker file. | |||||
| CVE-2020-25104 | 1 Eramba | 1 Eramba | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. | |||||
| CVE-2020-4337 | 1 Ibm | 1 Api Connect | 2020-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933. | |||||
| CVE-2019-20795 | 2 Canonical, Iproute2 Project | 2 Ubuntu Linux, Iproute2 | 2020-09-10 | 2.1 LOW | 4.4 MEDIUM |
| iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | |||||
| CVE-2015-8568 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 4.7 MEDIUM | 6.5 MEDIUM |
| Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. | |||||
| CVE-2017-18030 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 2.1 LOW | 4.4 MEDIUM |
| The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. | |||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 2.1 LOW | 6.0 MEDIUM |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | |||||
| CVE-2017-8112 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |||||
| CVE-2017-8086 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. | |||||
| CVE-2018-15746 | 1 Qemu | 1 Qemu | 2020-09-10 | 2.1 LOW | 5.5 MEDIUM |
| qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | |||||
| CVE-2018-12475 | 1 Opensuse | 1 Open Build Service | 2020-09-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service . | |||||
| CVE-2020-5419 | 1 Pivotal Software | 1 Rabbitmq | 2020-09-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. | |||||
| CVE-2020-13463 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2020-09-10 | 2.1 LOW | 4.6 MEDIUM |
| The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | |||||
| CVE-2020-8335 | 1 Lenovo | 16 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 13 more | 2020-09-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. | |||||
| CVE-2020-10720 | 1 Linux | 1 Linux Kernel | 2020-09-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||||
| CVE-2020-14373 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2020-09-10 | 2.1 LOW | 5.5 MEDIUM |
| A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. | |||||
| CVE-2020-25102 | 1 Advanced Reports Project | 1 Advanced Reports | 2020-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. | |||||
| CVE-2020-3620 | 1 Qualcomm | 126 Apq8009, Apq8009 Firmware, Apq8053 and 123 more | 2020-09-10 | 2.1 LOW | 5.5 MEDIUM |
| u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-4516 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. | |||||
| CVE-2020-4698 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. | |||||
| CVE-2020-6312 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. | |||||
| CVE-2020-6288 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-09-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed. | |||||
| CVE-2020-6283 | 1 Sap | 1 Fiori Launchpad | 2020-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. | |||||
| CVE-2017-18258 | 1 Xmlsoft | 1 Libxml2 | 2020-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. | |||||
| CVE-2018-14567 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2020-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | |||||
| CVE-2020-3365 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2020-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. | |||||
| CVE-2016-10504 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | |||||
| CVE-2016-10505 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | |||||
| CVE-2016-10506 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | |||||
| CVE-2016-10507 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | |||||
| CVE-2016-1923 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |||||
| CVE-2016-1924 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |||||
| CVE-2016-3183 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | |||||
| CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2020-09-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | |||||
| CVE-2016-4797 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2020-09-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. | |||||
| CVE-2016-9115 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||
| CVE-2016-9116 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||