Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6894 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6895 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6896 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6897 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6898 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6899 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6900 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6901 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6902 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6903 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6904 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6905 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6906 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6907 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6908 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6909 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6910 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2020-6911 | 2021-01-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. | |||||
| CVE-2018-25001 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2021-01-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. | |||||
| CVE-2019-25001 | 1 Serde Cbor Project | 1 Serde Cbor | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | |||||
| CVE-2015-1188 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2021-01-05 | 7.5 HIGH | N/A |
| The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. | |||||
| CVE-2016-6374 | 1 Cisco | 1 Cloud Services Platform 2100 | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. | |||||
| CVE-2016-6418 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2021-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552. | |||||
| CVE-2016-6433 | 1 Cisco | 1 Firepower Management Center | 2021-01-05 | 9.0 HIGH | 8.8 HIGH |
| The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | |||||
| CVE-2016-3697 | 3 Docker, Linuxfoundation, Opensuse | 3 Docker, Runc, Opensuse | 2021-01-05 | 2.1 LOW | 7.8 HIGH |
| libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | |||||
| CVE-2020-35911 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | |||||
| CVE-2020-35912 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | |||||
| CVE-2020-28095 | 1 Tenda | 2 Ac1200, Ac1200 Firmware | 2021-01-05 | 7.8 HIGH | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | |||||
| CVE-2020-35913 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | |||||
| CVE-2020-4916 | 1 Ibm | 1 Cloud Pak System | 2021-01-05 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. | |||||
| CVE-2020-35914 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | |||||
| CVE-2019-20446 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||||
| CVE-2020-24360 | 1 Arista | 27 7280cr2ak-30, 7280cr2k-60, 7280cr3-32d4 and 24 more | 2021-01-05 | 6.1 MEDIUM | 7.4 HIGH |
| An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. | |||||
| CVE-2020-4910 | 1 Ibm | 1 Cloud Pak System | 2021-01-05 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274. | |||||
| CVE-2020-4909 | 1 Ibm | 1 Cloud Pak System | 2021-01-05 | 3.5 LOW | 4.8 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273. | |||||
| CVE-2020-4928 | 1 Ibm | 1 Cloud Pak System | 2021-01-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. | |||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2021-01-05 | 9.0 HIGH | 7.2 HIGH |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | |||||
| CVE-2018-16795 | 1 Open-emr | 1 Openemr | 2021-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | |||||
| CVE-2019-7725 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). | |||||
| CVE-2019-7726 | 1 Nukeviet | 1 Nukeviet | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | |||||
| CVE-2020-25797 | 1 Limesurvey | 1 Limesurvey | 2021-01-05 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. | |||||
| CVE-2020-25799 | 1 Limesurvey | 1 Limesurvey | 2021-01-05 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. | |||||
| CVE-2015-5183 | 1 Redhat | 3 Amq, Jboss A-mq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | |||||
| CVE-2015-5184 | 1 Redhat | 2 Amq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: CORS headers set to allow all in Red Hat AMQ. | |||||
| CVE-2013-7488 | 1 Convert\ | 1 \ | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | |||||
| CVE-2018-7557 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | |||||
| CVE-2020-13143 | 1 Linux | 1 Linux Kernel | 2021-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. | |||||
| CVE-2020-9383 | 1 Linux | 1 Linux Kernel | 2021-01-04 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | |||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | |||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | |||||