Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15000 | 1 Yubico | 2 Yubikey 5 Nfc, Yubikey 5 Nfc Firmware | 2020-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required. | |||||
| CVE-2020-4173 | 2 Ibm, Linux | 3 Infosphere Guardium Activity Monitor, Security Guardium Insights, Linux Kernel | 2020-07-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. | |||||
| CVE-2020-4077 | 1 Electronjs | 1 Electron | 2020-07-13 | 6.5 MEDIUM | 9.9 CRITICAL |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
| CVE-2020-4076 | 1 Electronjs | 1 Electron | 2020-07-13 | 3.6 LOW | 9.0 CRITICAL |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
| CVE-2020-11742 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-07-13 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. | |||||
| CVE-2020-12409 | 1 Mozilla | 1 Firefox | 2020-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. | |||||
| CVE-2020-12412 | 1 Mozilla | 1 Firefox | 2020-07-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. | |||||
| CVE-2020-15096 | 1 Electronjs | 1 Electron | 2020-07-10 | 4.0 MEDIUM | 6.8 MEDIUM |
| In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. | |||||
| CVE-2020-6870 | 1 Zte | 2 Netnumen U31 R10, Netnumen U31 R10 Firmware | 2020-07-06 | 5.2 MEDIUM | 8.0 HIGH |
| The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 | |||||
| CVE-2020-15082 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 7.5 HIGH | 8.8 HIGH |
| In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6 | |||||
| CVE-2020-6437 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | |||||
| CVE-2016-5845 | 1 Sap | 1 Sapcar | 2020-06-25 | 2.1 LOW | 5.5 MEDIUM |
| SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | |||||
| CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | |||||
| CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | |||||
| CVE-2019-20871 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. | |||||
| CVE-2020-5363 | 1 Dell | 36 Latitude 5300, Latitude 5300 2-in-1, Latitude 5300 2-in-1 Firmware and 33 more | 2020-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. | |||||
| CVE-2005-3388 | 1 Php | 1 Php | 2020-06-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2020-7512 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-19 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | |||||
| CVE-2020-0187 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 | |||||
| CVE-2019-20831 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. | |||||
| CVE-2011-0910 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 6.4 MEDIUM | N/A |
| The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks. | |||||
| CVE-2019-14054 | 1 Qualcomm | 32 Kamorta, Kamorta Firmware, Msm8998 and 29 more | 2020-06-03 | 7.2 HIGH | 7.8 HIGH |
| Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 | |||||
| CVE-2020-11075 | 1 Anchore | 1 Engine | 2020-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. | |||||
| CVE-2020-4020 | 1 Atlassian | 1 Companion | 2020-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | |||||
| CVE-2020-12647 | 1 Unisys | 1 Algol Compiler | 2020-06-01 | 7.2 HIGH | 8.8 HIGH |
| Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | |||||
| CVE-2020-4490 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-05-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 | |||||
| CVE-2015-5285 | 1 Kallithea-scm | 1 Kallithea | 2020-05-28 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | |||||
| CVE-2020-1118 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2020-05-27 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | |||||
| CVE-2005-0087 | 2 Alsa-project, Redhat | 2 Alsa-lib, Enterprise Linux | 2020-05-22 | 4.6 MEDIUM | N/A |
| The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | |||||
| CVE-2020-11710 | 1 Konghq | 1 Docker-kong | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.” | |||||
| CVE-2007-2894 | 1 Bochs Project | 1 Bochs | 2020-05-19 | 2.1 LOW | N/A |
| The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. | |||||
| CVE-2004-2372 | 1 Bochs Project | 1 Bochs | 2020-05-19 | 7.2 HIGH | N/A |
| Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability. | |||||
| CVE-2020-1994 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-18 | 4.9 MEDIUM | 4.4 MEDIUM |
| A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2003 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-15 | 8.5 HIGH | 6.5 MEDIUM |
| An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. | |||||
| CVE-2020-5898 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2020-05-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. | |||||
| CVE-2020-9840 | 1 Apple | 1 Nioextras | 2020-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. | |||||
| CVE-2010-3130 | 1 Techsmith | 1 Snagit | 2020-05-13 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. | |||||
| CVE-2019-18869 | 1 Blaauwproducts | 1 Remote Kiln Control | 2020-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | |||||
| CVE-2020-3253 | 1 Cisco | 1 Firepower Threat Defense | 2020-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device. | |||||
| CVE-2006-2229 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2020-05-12 | 4.0 MEDIUM | N/A |
| OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. | |||||
| CVE-2005-3409 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2020-05-12 | 5.0 MEDIUM | N/A |
| OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler. | |||||
| CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2020-05-12 | 7.5 HIGH | N/A |
| Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. | |||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2020-05-12 | 9.0 HIGH | N/A |
| OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | |||||
| CVE-2011-2879 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-2185 | 1 Jenkins | 1 Amazon Ec2 | 2020-05-11 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | |||||
| CVE-2011-2878 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2011-2877 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | |||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2020-05-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | |||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2020-05-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | |||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2020-05-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||