Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7536 | 1 Schneider-electric | 20 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 17 more | 2020-12-14 | 7.8 HIGH | 7.5 HIGH |
| A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. | |||||
| CVE-2020-13791 | 1 Qemu | 1 Qemu | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. | |||||
| CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-27348 | 1 Canonical | 2 Snapcraft, Ubuntu Linux | 2020-12-14 | 4.4 MEDIUM | 6.8 MEDIUM |
| In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. | |||||
| CVE-2020-13754 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | |||||
| CVE-2020-13253 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | |||||
| CVE-2020-12829 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-12-14 | 2.1 LOW | 3.8 LOW |
| In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. | |||||
| CVE-2018-19665 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2020-12-14 | 2.7 LOW | 5.7 MEDIUM |
| The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | |||||
| CVE-2016-9923 | 1 Qemu | 1 Qemu | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | |||||
| CVE-2020-17441 | 2 Altran, Microchip | 2 Picotcp, Mplab Harmony | 2020-12-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c). | |||||
| CVE-2020-17442 | 1 Altran | 1 Picotcp | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c. | |||||
| CVE-2016-9912 | 1 Qemu | 1 Qemu | 2020-12-14 | 4.9 MEDIUM | 6.5 MEDIUM |
| Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. | |||||
| CVE-2016-9908 | 1 Qemu | 1 Qemu | 2020-12-14 | 2.1 LOW | 3.3 LOW |
| Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. | |||||
| CVE-2015-8619 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | |||||
| CVE-2020-27351 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2020-12-14 | 2.1 LOW | 2.8 LOW |
| Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1; | |||||
| CVE-2016-4002 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-12-14 | 6.8 MEDIUM | 9.8 CRITICAL |
| Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | |||||
| CVE-2020-13984 | 1 Contiki-os | 1 Contiki | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c. | |||||
| CVE-2016-9101 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-12-14 | 2.1 LOW | 6.0 MEDIUM |
| Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. | |||||
| CVE-2015-8345 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-12-14 | 2.1 LOW | 6.5 MEDIUM |
| The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | |||||
| CVE-2020-7549 | 1 Schneider-electric | 38 140cpu65150, 140cpu65150 Firmware, 140noc78000 and 35 more | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. | |||||
| CVE-2020-7792 | 1 Moutjs | 1 Mout | 2020-12-14 | 7.5 HIGH | 7.5 HIGH |
| This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution. | |||||
| CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | |||||
| CVE-2020-27822 | 1 Redhat | 1 Wildfly | 2020-12-14 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-5948 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-12-14 | 6.8 MEDIUM | 9.6 CRITICAL |
| On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. | |||||
| CVE-2020-29254 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2020-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. | |||||
| CVE-2020-29654 | 1 Westerndigital | 1 Dashboard | 2020-12-14 | 6.9 MEDIUM | 7.8 HIGH |
| Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | |||||
| CVE-2020-26271 | 1 Google | 1 Tensorflow | 2020-12-14 | 2.1 LOW | 3.3 LOW |
| In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-5949 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. | |||||
| CVE-2020-26265 | 1 Ethereum | 1 Go Ethereum | 2020-12-14 | 3.5 LOW | 5.3 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version. | |||||
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2020-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | |||||
| CVE-2020-26266 | 1 Google | 1 Tensorflow | 2020-12-14 | 4.6 MEDIUM | 5.3 MEDIUM |
| In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-26268 | 1 Google | 1 Tensorflow | 2020-12-14 | 3.6 LOW | 4.4 MEDIUM |
| In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-27508 | 1 Frappe | 1 Frappe | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | |||||
| CVE-2020-27713 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory. | |||||
| CVE-2020-26270 | 1 Google | 1 Tensorflow | 2020-12-14 | 2.1 LOW | 3.3 LOW |
| In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-9301 | 1 Linuxfoundation | 1 Spinnaker | 2020-12-14 | 6.5 MEDIUM | 8.8 HIGH |
| Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests. | |||||
| CVE-2020-29455 | 1 Smartystreets | 1 Liveaddressplugin.js | 2020-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country). | |||||
| CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
| CVE-2020-24444 | 1 Adobe | 1 Experience Manager Forms Add-on | 2020-12-14 | 5.0 MEDIUM | 5.8 MEDIUM |
| AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. | |||||
| CVE-2020-13357 | 1 Gitlab | 1 Gitlab | 2020-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | |||||
| CVE-2020-26411 | 1 Gitlab | 1 Gitlab | 2020-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused. | |||||
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2020-12-14 | 7.8 HIGH | 7.5 HIGH |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | |||||
| CVE-2020-19165 | 1 Phpshe | 1 Phpshe | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. | |||||
| CVE-2020-29667 | 1 Lanatmservice | 1 M3 Atm Monitoring System | 2020-12-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration. | |||||
| CVE-2020-35126 | 1 Typesettercms | 1 Typesetter | 2020-12-14 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy." | |||||
| CVE-2020-26413 | 1 Gitlab | 1 Gitlab | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. | |||||
| CVE-2020-26417 | 1 Gitlab | 1 Gitlab | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7. | |||||
| CVE-2020-29666 | 1 Lanatmservice | 1 M3 Atm Monitoring System | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value. | |||||
| CVE-2020-16600 | 1 Artifex | 1 Mupdf | 2020-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. | |||||
| CVE-2020-12595 | 1 Broadcom | 1 Symantec Messaging Gateway | 2020-12-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. | |||||