Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5252 | 1 Pyup | 1 Safety | 2020-03-30 | 1.9 LOW | 4.1 MEDIUM |
| The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker. | |||||
| CVE-2020-10660 | 1 Hashicorp | 1 Vault | 2020-03-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. | |||||
| CVE-2020-10847 | 2 Google, Samsung | 3 Android, Galaxy Note8, Galaxy S8 | 2020-03-30 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020). | |||||
| CVE-2018-6459 | 1 Strongswan | 1 Strongswan | 2020-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. | |||||
| CVE-2020-8866 | 1 Horde | 1 Groupware | 2020-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125. | |||||
| CVE-2020-2169 | 1 Jenkins | 1 Queue Cleanup | 2020-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | |||||
| CVE-2020-2164 | 1 Jfrog | 1 Artifactory | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2170 | 1 Jenkins | 1 Rapiddeploy | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | |||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | |||||
| CVE-2020-3808 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2020-03-27 | 5.8 MEDIUM | 5.9 MEDIUM |
| Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. | |||||
| CVE-2019-20535 | 1 Google | 1 Android | 2020-03-27 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019). | |||||
| CVE-2019-20616 | 1 Google | 1 Android | 2020-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). | |||||
| CVE-2020-10790 | 1 It-novum | 1 Openitcockpit | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | |||||
| CVE-2020-10791 | 1 It-novum | 1 Openitcockpit | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | |||||
| CVE-2020-2163 | 1 Jenkins | 1 Jenkins | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | |||||
| CVE-2020-2162 | 1 Jenkins | 1 Jenkins | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | |||||
| CVE-2020-5277 | 1 Prestashop | 1 Faceted Search Module | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0 | |||||
| CVE-2019-20575 | 1 Google | 1 Android | 2020-03-27 | 4.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). | |||||
| CVE-2020-6808 | 1 Mozilla | 1 Firefox | 2020-03-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. | |||||
| CVE-2018-11073 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2020-03-27 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2018-11074 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2020-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2018-11075 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2020-03-27 | 2.6 LOW | 4.7 MEDIUM |
| RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application. | |||||
| CVE-2018-1254 | 1 Emc | 1 Rsa Authentication Manager | 2020-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | |||||
| CVE-2019-20539 | 1 Google | 1 Android | 2020-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019). | |||||
| CVE-2019-20540 | 1 Google | 1 Android | 2020-03-26 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019). | |||||
| CVE-2019-20543 | 1 Google | 1 Android | 2020-03-26 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019). | |||||
| CVE-2020-10472 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10473 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10474 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10475 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10476 | 1 Knowledgebase-script | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10477 | 1 Knowledgebase-script | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||
| CVE-2020-10480 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | |||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | |||||
| CVE-2020-10487 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | |||||
| CVE-2020-10488 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. | |||||
| CVE-2020-10489 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. | |||||
| CVE-2020-10490 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. | |||||
| CVE-2020-10491 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request. | |||||
| CVE-2020-10492 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request. | |||||
| CVE-2020-10493 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request. | |||||
| CVE-2020-10494 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. | |||||
| CVE-2020-10495 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. | |||||