Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15417 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-07-30 | 5.8 MEDIUM | 6.3 MEDIUM |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756. | |||||
| CVE-2020-5613 | 1 Kujirahand | 1 Konawiki | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. | |||||
| CVE-2020-5614 | 1 Kujirahand | 1 Konawiki | 2020-07-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2020-14492 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. | |||||
| CVE-2020-4645 | 1 Ibm | 1 Planning Analytics Local | 2020-07-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. | |||||
| CVE-2020-16095 | 1 Kitodo | 1 Kitodo.presentation | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS. | |||||
| CVE-2019-1010247 | 1 Zmartzone | 1 Mod Auth Openidc | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. | |||||
| CVE-2019-14857 | 1 Mod Auth Openidc Project | 1 Mod Auth Openidc | 2020-07-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. | |||||
| CVE-2020-15038 | 1 Seedprod | 1 Coming Soon Page\, Under Construction \& Maintenance Mode | 2020-07-29 | 3.5 LOW | 5.4 MEDIUM |
| The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. | |||||
| CVE-2011-4112 | 2 Avaya, Linux | 13 9608, 9608 Firmware, 9608g and 10 more | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. | |||||
| CVE-2020-12770 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2020-07-29 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2020-15120 | 1 Ihatemoney | 1 I Hate Money | 2020-07-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated. This is fixed in version 4.1.5. | |||||
| CVE-2011-2906 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.7 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor. | |||||
| CVE-2011-4594 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. | |||||
| CVE-2011-3353 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. | |||||
| CVE-2020-11625 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2020-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057. | |||||
| CVE-2012-0058 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. | |||||
| CVE-2020-13913 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2018-18823 | 1 Wolfcms | 1 Wolf Cms | 2020-07-29 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/. | |||||
| CVE-2018-18824 | 1 Wolfcms | 1 Wolf Cms | 2020-07-29 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/. | |||||
| CVE-2019-10646 | 1 Wolfcms | 1 Wolf Cms | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded. | |||||
| CVE-2011-4081 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. | |||||
| CVE-2011-2898 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 1.9 LOW | 5.5 MEDIUM |
| net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. | |||||
| CVE-2011-4097 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. | |||||
| CVE-2012-0038 | 1 Linux | 1 Linux Kernel | 2020-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. | |||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2020-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. | |||||
| CVE-2014-9758 | 1 Magento | 1 Magento | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | |||||
| CVE-2020-14154 | 1 Mutt | 1 Mutt | 2020-07-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | |||||
| CVE-2020-14954 | 3 Debian, Mutt, Neomutt | 3 Debian Linux, Mutt, Neomutt | 2020-07-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | |||||
| CVE-2020-11623 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2020-07-28 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable. | |||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2020-07-28 | 4.0 MEDIUM | 4.7 MEDIUM |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
| CVE-2020-15126 | 1 Parseplatform | 1 Parse Server | 2020-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | |||||
| CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2020-07-28 | 5.0 MEDIUM | 6.5 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | |||||
| CVE-2020-15092 | 1 Northwestern | 1 Timelinejs | 2020-07-28 | 3.5 LOW | 4.8 MEDIUM |
| In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is "sanitized" before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to "pin" their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS. | |||||
| CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2020-07-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | |||||
| CVE-2020-4408 | 1 Ibm | 1 Qradar Advisory | 2020-07-28 | 2.1 LOW | 4.6 MEDIUM |
| The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536. | |||||
| CVE-2019-4731 | 1 Ibm | 1 Mq Appliance | 2020-07-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. | |||||
| CVE-2020-15085 | 1 Mirumee | 1 Saleor | 2020-07-28 | 2.1 LOW | 6.1 MEDIUM |
| In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront. | |||||
| CVE-2018-3837 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2018-3838 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2020-4317 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-07-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355. | |||||
| CVE-2020-4318 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-07-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356. | |||||
| CVE-2020-4465 | 1 Ibm | 1 Mq Appliance | 2020-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. | |||||
| CVE-2020-15712 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system. | |||||
| CVE-2017-16821 | 1 B3log | 1 Symphony | 2020-07-28 | 3.5 LOW | 5.4 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | |||||
| CVE-2020-15118 | 1 Torchbox | 1 Wagtail | 2020-07-28 | 3.5 LOW | 5.4 MEDIUM |
| In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text. | |||||
| CVE-2019-19035 | 1 Jhead Project | 1 Jhead | 2020-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. | |||||
| CVE-2019-10215 | 1 Bootstrap-3-typeahead Project | 1 Bootstrap-3-typeahead | 2020-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. | |||||
| CVE-2011-3637 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2020-07-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. | |||||
| CVE-2011-3363 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2020-07-27 | 6.1 MEDIUM | 6.5 MEDIUM |
| The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. | |||||