Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6858 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. | |||||
| CVE-2018-6861 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | |||||
| CVE-2020-0059 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524 | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2020-0031 | 1 Google | 1 Android | 2020-03-11 | 4.7 MEDIUM | 5.0 MEDIUM |
| In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197 | |||||
| CVE-2020-0010 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A | |||||
| CVE-2020-0011 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A | |||||
| CVE-2020-0012 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844 | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2020-03-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | |||||
| CVE-2011-4538 | 1 Lexmark | 66 C540, C540 Firmware, C543 and 63 more | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | |||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2020-03-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | |||||
| CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
| CVE-2019-13001 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||||
| CVE-2019-12445 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2020-4084 | 1 Hcltech | 1 Connections | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-7343 | 1 Joobi | 1 Jnews | 2020-03-10 | 3.5 LOW | 4.8 MEDIUM |
| JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. | |||||
| CVE-2020-10191 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. | |||||
| CVE-2016-1159 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2020-03-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | |||||
| CVE-2019-12432 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. | |||||
| CVE-2019-12433 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. | |||||
| CVE-2020-10192 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2020-03-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2015-7968 | 1 Sap | 1 Netweaver Application Server | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | |||||
| CVE-2020-4162 | 1 Ibm | 1 Infosphere Information Server | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342. | |||||
| CVE-2020-10251 | 1 Imagemagick | 1 Imagemagick | 2020-03-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. | |||||
| CVE-2019-4608 | 1 Ibm | 1 Tivoli Workload Scheduler | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508. | |||||
| CVE-2015-3006 | 1 Juniper | 3 Junos, Qfx3500, Qfx3600 | 2020-03-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. | |||||
| CVE-2017-16833 | 1 Gemirro Project | 1 Gemirro | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. | |||||
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2147 | 1 Jenkins | 1 Mac | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-10236 | 1 Froxlor | 1 Froxlor | 2020-03-09 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php. | |||||
| CVE-2020-2142 | 1 Jenkins | 1 P4 | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | |||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | |||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2020-03-09 | 8.5 HIGH | 6.5 MEDIUM |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | |||||
| CVE-2020-2137 | 1 Jenkins | 1 Timestamper | 2020-03-09 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2020-9364 | 1 Creative-solutions | 1 Creative Contact Form | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email. | |||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2020-03-09 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | |||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2020-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2020-03-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | |||||
| CVE-2020-2155 | 1 Jenkins | 1 Openshift Deployer | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2156 | 1 Jenkins | 1 Deployhub | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2150 | 1 Jenkins | 1 Sonar Quality Gates | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2015-3163 | 1 Redhat | 1 Beaker | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | |||||
| CVE-2020-2157 | 1 Jenkins | 1 Skytap Cloud Ci | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||