Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2131 | 1 Jenkins | 1 Harvest Scm | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2132 | 1 Jenkins | 1 Parasoft Environment Manager | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2013-1410 | 1 Perforce | 1 P4web | 2020-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities | |||||
| CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2128 | 1 Jenkins | 1 Ecx Copy Data Management | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-19547 | 1 Symantec | 1 Endpoint Detection And Response | 2020-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2020-2125 | 1 Jenkins | 1 Debian Package Builder | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2126 | 1 Jenkins | 1 Digitalocean | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-0696 | 1 Microsoft | 3 Office, Office 365 Proplus, Outlook | 2020-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-0751 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-02-13 | 2.1 LOW | 6.0 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661. | |||||
| CVE-2018-5063 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2020-02-13 | 3.5 LOW | 4.6 MEDIUM |
| NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2020-0693 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0694. | |||||
| CVE-2020-0694 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0693. | |||||
| CVE-2020-0661 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-02-13 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | |||||
| CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2020-02-13 | 3.6 LOW | 6.1 MEDIUM |
| A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | |||||
| CVE-2019-19195 | 1 Microchip | 2 Atmsamb11 Blusdk Smart, Atsamb11 | 2020-02-13 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2019-17060 | 1 Nxp | 2 Kw41z, Mcuxpresso Software Development Kit | 2020-02-13 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | |||||
| CVE-2018-7159 | 1 Nodejs | 1 Node.js | 2020-02-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. | |||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| Dependency-Track before 3.5.1 allows XSS. | |||||
| CVE-2012-6449 | 1 Cpanel | 2 Cpanel, Whm | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | |||||
| CVE-2017-18642 | 1 Syska | 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware | 2020-02-12 | 3.3 LOW | 6.5 MEDIUM |
| Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. | |||||
| CVE-2019-1566 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2012-4519 | 1 Zenphoto | 1 Zenphoto | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. | |||||
| CVE-2009-4067 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2020-02-12 | 7.2 HIGH | 6.8 MEDIUM |
| Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | |||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | |||||
| CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2020-02-12 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | |||||
| CVE-2014-3827 | 1 Mybb | 1 Mybb | 2020-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. | |||||
| CVE-2013-1760 | 1 Thebuggenie | 1 The Bug Genie | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities | |||||
| CVE-2019-11482 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2020-02-12 | 1.9 LOW | 4.7 MEDIUM |
| Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | |||||
| CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | |||||
| CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | |||||
| CVE-2020-5317 | 1 Dell | 1 Emc Elastic Cloud Storage | 2020-02-12 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2013-3564 | 1 Videolan | 1 Vlc Media Player | 2020-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | |||||
| CVE-2013-5988 | 1 Semperplugins | 1 All In One Seo Pack | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. | |||||
| CVE-2019-15619 | 1 Nextcloud | 3 Deck, Nextcloud Server, Talk | 2020-02-12 | 3.5 LOW | 4.8 MEDIUM |
| Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | |||||
| CVE-2019-15614 | 1 Nextcloud | 1 Nextcloud | 2020-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | |||||
| CVE-2012-6341 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. | |||||
| CVE-2014-9470 | 1 Fork-cms | 1 Fork Cms | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | |||||
| CVE-2012-2517 | 1 Prestashop | 1 Prestashop | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | |||||
| CVE-2012-2452 | 1 Pragmamx | 1 Pragmamx | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. | |||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | |||||
| CVE-2014-3826 | 1 Mybb | 1 Mybb | 2020-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | |||||
| CVE-2020-6395 | 1 Google | 1 Chrome | 2020-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6411 | 1 Google | 1 Chrome | 2020-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2015-1394 | 1 10web | 1 Photo Gallery | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2207 | 1 Netcracker | 1 Resource Management System | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | |||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2020-02-11 | 2.7 LOW | 5.7 MEDIUM |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | |||||