Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8467 | 1 Trendmicro | 2 Apex One, Officescan | 2020-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. | |||||
| CVE-2020-0516 | 1 Intel | 1 Graphics Driver | 2020-03-20 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-20496 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). | |||||
| CVE-2020-10118 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). | |||||
| CVE-2020-10119 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | |||||
| CVE-2012-3789 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. | |||||
| CVE-2013-4627 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data. | |||||
| CVE-2012-4683 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. | |||||
| CVE-2012-4682 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. | |||||
| CVE-2010-5137 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2020-03-18 | 5.0 MEDIUM | N/A |
| wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. | |||||
| CVE-2012-2459 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network. | |||||
| CVE-2020-8571 | 1 Netapp | 1 Storagegrid | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | |||||
| CVE-2020-10074 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. | |||||
| CVE-2019-11343 | 1 Torpedoquery | 1 Torpedo Query | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. | |||||
| CVE-2015-3641 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. | |||||
| CVE-2020-10082 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | |||||
| CVE-2020-10535 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | |||||
| CVE-2020-0905 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2020-03-17 | 6.0 MEDIUM | 8.0 HIGH |
| An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | |||||
| CVE-2020-2592 | 1 Oracle | 1 Autovue | 2020-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-6196 | 1 Sap | 1 Businessobjects Mobile | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. | |||||
| CVE-2020-0083 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954 | |||||
| CVE-2019-10798 | 1 Rdf-graph-array Project | 1 Rdf-graph-array | 2020-03-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype. | |||||
| CVE-2012-6277 | 3 Hp, Ibm, Symantec | 7 Autonomy Keyview Idol, Domino, Notes and 4 more | 2020-03-04 | 9.3 HIGH | 7.8 HIGH |
| Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | |||||
| CVE-2020-5531 | 1 Mitsubishielectric | 10 Mi5122-vw, Mi5122-vw Firmware, Q24dhccpu-v and 7 more | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | |||||
| CVE-2018-5951 | 1 Mikrotik | 1 Routeros | 2020-03-04 | 7.1 HIGH | 7.5 HIGH |
| An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack. | |||||
| CVE-2017-6371 | 1 Synchro | 1 Bbs | 2020-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header. | |||||
| CVE-2017-11173 | 2 Debian, Rack-cors Project | 2 Debian Linux, Rack-cors | 2020-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. | |||||
| CVE-2020-3869 | 1 Apple | 2 Ipados, Iphone Os | 2020-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera. | |||||
| CVE-2019-17275 | 1 Netapp | 1 Oncommand Cloud Manager | 2020-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | |||||
| CVE-2012-0063 | 1 Tucaneando | 1 Tucan | 2020-02-26 | 6.8 MEDIUM | 8.1 HIGH |
| Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. | |||||
| CVE-2013-3725 | 1 Invisioncommunity | 1 Invision Power Board | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | |||||
| CVE-2019-19879 | 1 Hashicorp | 1 Sentinel | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2. | |||||
| CVE-2012-2747 | 1 Joomla | 1 Joomla\! | 2020-02-25 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." | |||||
| CVE-2013-2097 | 1 Zpanel Project | 1 Zpanel | 2020-02-24 | 9.3 HIGH | 7.8 HIGH |
| ZPanel through 10.1.0 has Remote Command Execution | |||||
| CVE-2020-4200 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2020-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914. | |||||
| CVE-2018-7928 | 1 Westerndigital | 1 My Cloud | 2020-02-24 | 3.6 LOW | 4.6 MEDIUM |
| There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. | |||||
| CVE-2014-0609 | 1 Novell | 1 Open Enterprise Server | 2020-02-24 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. | |||||
| CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2020-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | |||||
| CVE-2020-1858 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service. | |||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2020-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | |||||
| CVE-2020-5239 | 1 Mailu | 1 Mailu | 2020-02-18 | 6.5 MEDIUM | 8.8 HIGH |
| In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354 | |||||
| CVE-2017-5689 | 1 Intel | 1 Active Management Technology Firmware | 2020-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | |||||
| CVE-2017-15944 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | |||||
| CVE-2017-15942 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | |||||
| CVE-2017-15870 | 1 Paloaltonetworks | 1 Globalprotect | 2020-02-17 | 7.2 HIGH | 6.7 MEDIUM |
| Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | |||||
| CVE-2017-17841 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2020-6414 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6417 | 1 Google | 1 Chrome | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||||
| CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | |||||
| CVE-2020-8894 | 1 Misp | 1 Misp | 2020-02-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. | |||||