Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35778 | 1 Netgear | 4 Gs716t, Gs716t Firmware, Gs724t and 1 more | 2020-12-30 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | |||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2020-12-30 | 7.7 HIGH | 8.4 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | |||||
| CVE-2020-35788 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2020-12-30 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | |||||
| CVE-2018-15599 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2020-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. | |||||
| CVE-2019-12155 | 1 Qemu | 1 Qemu | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||||
| CVE-2020-16164 | 1 Ripe | 1 Rpki Validator 3 | 2020-12-30 | 5.8 MEDIUM | 7.4 HIGH |
| ** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability. | |||||
| CVE-2020-35786 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-12-30 | 2.7 LOW | 4.5 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | |||||
| CVE-2020-9223 | 1 Huawei | 8 Honor 20 Pro, Honor 20 Pro Firmware, Princeton-al10d and 5 more | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module. | |||||
| CVE-2020-29194 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | |||||
| CVE-2020-28281 | 1 Set-object-value Project | 1 Set-object-value | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28280 | 1 Predefine Project | 1 Predefine | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28279 | 1 Flattenizer Project | 1 Flattenizer | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-5806 | 1 Rockwellautomation | 1 Factorytalk Linx | 2020-12-30 | 2.1 LOW | 5.5 MEDIUM |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | |||||
| CVE-2020-5807 | 1 Rockwellautomation | 1 Factorytalk Diagnostics | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. | |||||
| CVE-2020-9093 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2020-12-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. | |||||
| CVE-2020-28278 | 1 Shvl Project | 1 Shvl | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28277 | 1 Dset Project | 1 Dset | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-5801 | 1 Rockwellautomation | 1 Factorytalk Linx | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | |||||
| CVE-2020-28912 | 2 Mariadb, Microsoft | 2 Mariadb, Windows | 2020-12-30 | 4.4 MEDIUM | 7.0 HIGH |
| With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. | |||||
| CVE-2020-28276 | 1 Deep-set Project | 1 Deep-set | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28094 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | |||||
| CVE-2020-26287 | 1 Hedgedoc | 1 Hedgedoc | 2020-12-30 | 4.3 MEDIUM | 8.7 HIGH |
| HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist. | |||||
| CVE-2020-35627 | 1 Woocommerce | 1 Gift Cards | 2020-12-30 | 7.5 HIGH | 8.8 HIGH |
| Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. | |||||
| CVE-2020-29470 | 1 Opencart | 1 Opencart | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29471 | 1 Opencart | 1 Opencart | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger. | |||||
| CVE-2020-29475 | 1 Nopcommerce | 1 Store | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-35766 | 1 Opendkim | 1 Opendkim | 2020-12-30 | 4.4 MEDIUM | 7.8 HIGH |
| The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. | |||||
| CVE-2020-17533 | 1 Apache | 1 Accumulo | 2020-12-30 | 5.5 MEDIUM | 8.1 HIGH |
| Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties. | |||||
| CVE-2020-25847 | 1 Qnap | 2 Qts, Quts Hero | 2020-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. | |||||
| CVE-2020-26286 | 1 Hedgedoc | 1 Hedgedoc | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that your uploaded file storage only contains files that are allowed, as uploaded files might still be served. As workaround it's possible to block the `/uploadimage` endpoint on your instance using your reverse proxy. And/or restrict MIME-types and file names served from your upload file storage. | |||||
| CVE-2020-28093 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2020-12-30 | 6.5 MEDIUM | 7.2 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | |||||
| CVE-2020-35702 | 1 Freedesktop | 1 Poppler | 2020-12-30 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects. | |||||
| CVE-2020-35710 | 1 Parallels | 1 Remote Application Server | 2020-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data. | |||||
| CVE-2020-35711 | 1 Arc-swap Project | 1 Arc-swap | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. | |||||
| CVE-2020-20412 | 2 Stepmania, Xiph.org | 2 Stepmania, Libvorbis | 2020-12-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. | |||||
| CVE-2020-26289 | 1 Date-and-time Project | 1 Date-and-time | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. | |||||
| CVE-2020-35284 | 1 Flamingoim Project | 1 Flamingoim | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | |||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | |||||
| CVE-2020-5681 | 1 Epson | 2 Epsonnet Setupmanager, Offirio Synergyware Printdirector | 2020-12-30 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2020-29203 | 1 Struct2json Project | 1 Struct2json | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. | |||||
| CVE-2020-35678 | 1 Crossbar | 1 Autobahn | 2020-12-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| Autobahn|Python before 20.12.3 allows redirect header injection. | |||||
| CVE-2020-7845 | 1 Jiransecurity | 1 Spamsniper | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet. | |||||
| CVE-2020-27837 | 1 Gnome | 1 Gnome Display Manager | 2020-12-30 | 4.4 MEDIUM | 6.4 MEDIUM |
| A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | |||||
| CVE-2020-26290 | 1 Linuxfoundation | 1 Dex | 2020-12-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references). | |||||
| CVE-2020-27524 | 1 Audi | 2 A7, Mmi Multiplayer | 2020-12-30 | 4.8 MEDIUM | 7.1 HIGH |
| On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | |||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2020-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | |||||
| CVE-2020-13473 | 1 Nchsoftware | 1 Express Accounts | 2020-12-30 | 2.1 LOW | 5.5 MEDIUM |
| NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. | |||||
| CVE-2020-29193 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2020-12-30 | 2.1 LOW | 6.8 MEDIUM |
| Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). | |||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | |||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2020-12-30 | 7.2 HIGH | 6.8 MEDIUM |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | |||||