Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8002 | 1 Virglrenderer Project | 1 Virglrenderer | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). | |||||
| CVE-2020-8003 | 1 Virglrenderer Project | 1 Virglrenderer | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. | |||||
| CVE-2013-1597 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. | |||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2020-01-27 | 3.5 LOW | 4.8 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | |||||
| CVE-2013-4175 | 1 Mysecureshell Project | 1 Mysecureshell | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| MySecureShell 1.31 has a Local Denial of Service Vulnerability | |||||
| CVE-2018-8654 | 1 Microsoft | 1 Dynamics 365 | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | |||||
| CVE-2013-4176 | 1 Mysecureshell Project | 1 Mysecureshell | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| mysecureshell 1.31: Local Information Disclosure Vulnerability | |||||
| CVE-2019-1454 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-01-27 | 3.6 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-15278 | 1 Cisco | 2 Finesse, Unified Contact Center Express | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | |||||
| CVE-2019-16003 | 1 Cisco | 1 Ucs Director | 2020-01-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. | |||||
| CVE-2019-3686 | 1 Suse | 1 Openqa | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security | |||||
| CVE-2012-4900 | 1 Corel | 1 Wordperfect Office X6 | 2020-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference | |||||
| CVE-2019-20003 | 1 Dicube | 1 Easescreen Crystal | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication. | |||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2020-01-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | |||||
| CVE-2020-3940 | 1 Vmware | 9 Workspace One Boxer, Workspace One Content, Workspace One Intelligent Hub and 6 more | 2020-01-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | |||||
| CVE-2019-11997 | 1 Hp | 1 Enhanced Internet Usage Manager | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support. | |||||
| CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Novell ZENworks Configuration Management before 11.2.4 allows XSS. | |||||
| CVE-2015-6748 | 1 Jsoup | 1 Jsoup | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | |||||
| CVE-2019-20093 | 1 Podofo Project | 1 Podofo | 2020-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | |||||
| CVE-2015-9275 | 1 Arc Project | 1 Arc | 2020-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| ARC 5.21q allows directory traversal via a full pathname in an archive file. | |||||
| CVE-2020-7937 | 1 Plone | 1 Plone | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | |||||
| CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | |||||
| CVE-2020-7239 | 1 Ibm | 1 Chatbot With Ibm Watson | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. | |||||
| CVE-2020-1788 | 1 Huawei | 2 Honor V30, Honor V30 Firmware | 2020-01-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. | |||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | |||||
| CVE-2019-16512 | 1 Connectwise | 1 Control | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. | |||||
| CVE-2020-7936 | 1 Plone | 1 Plone | 2020-01-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | |||||
| CVE-2019-3996 | 1 Elog Project | 1 Elog | 2020-01-24 | 7.5 HIGH | 6.5 MEDIUM |
| ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | |||||
| CVE-2020-7470 | 1 Sonoff | 4 Th10, Th10 Firmware, Th16 and 1 more | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password). | |||||
| CVE-2018-17981 | 1 Lifesize | 4 Express 220, Express 220 Firmware, Room 220i and 1 more | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. | |||||
| CVE-2011-3622 | 1 Phorum | 1 Phorum | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | |||||
| CVE-2016-1000237 | 1 Apostrophecms | 1 Sanitize-html | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| sanitize-html before 1.4.3 has XSS. | |||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | |||||
| CVE-2019-19480 | 2 Linux, Opensc Project | 2 Linux Kernel, Opensc | 2020-01-24 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |||||
| CVE-2019-19481 | 1 Opensc Project | 1 Opensc | 2020-01-24 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | |||||
| CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | |||||
| CVE-2020-1607 | 1 Juniper | 44 Ex2300, Ex2300-c, Ex3400 and 41 more | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2. | |||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2020-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | |||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2020-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | |||||
| CVE-2011-3595 | 1 Joomla | 1 Joomla\! | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | |||||
| CVE-2020-7915 | 1 Eaton | 2 5p 850, 5p 850 Firmware | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. | |||||
| CVE-2020-7057 | 1 Hikvision | 2 Ds-7204hghi-f1, Ds-7204hghi-f1 Firmware | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed. | |||||
| CVE-2019-20381 | 1 Testlink | 1 Testlink | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491. | |||||
| CVE-2015-2326 | 2 Opensuse, Pcre | 2 Opensuse, Pcre | 2020-01-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | |||||
| CVE-2015-0558 | 1 Adbglobal | 2 P.dga4001n, P.dga4001n Firmware | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. | |||||
| CVE-2020-6303 | 1 Sap | 1 Disclosure Management | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | |||||
| CVE-2019-10083 | 1 Apache | 1 Nifi | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to. | |||||
| CVE-2020-7234 | 1 Ruckuswireless | 2 R310, R310 Firmware | 2020-01-23 | 3.5 LOW | 4.8 MEDIUM |
| Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). | |||||
| CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2020-01-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | |||||
| CVE-2020-7236 | 1 Uhp | 2 Uhp-100, Uhp-100 Firmware | 2020-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). | |||||