Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29258 | 1 Online Examination System Project | 1 Online Examination System | 2020-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. | |||||
| CVE-2020-9987 | 1 Apple | 1 Safari | 2020-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2020-9993 | 1 Apple | 4 Ipad Os, Iphone Os, Safari and 1 more | 2020-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2020-27929 | 1 Apple | 1 Iphone Os | 2020-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. | |||||
| CVE-2020-9954 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-12-09 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9950 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2020-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-26952 | 1 Mozilla | 1 Firefox | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26951 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26950 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | |||||
| CVE-2019-7214 | 1 Smartertools | 1 Smartermail | 2020-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. | |||||
| CVE-2020-9981 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-12-09 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2020-12-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | |||||
| CVE-2020-9922 | 1 Apple | 1 Mac Os X | 2020-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files. | |||||
| CVE-2019-15678 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-15679 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-15680 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-8287 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2020-21009 | 2020-12-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2000-1216 | 1 Ibm | 1 Aix | 2020-12-09 | 7.2 HIGH | N/A |
| Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine. | |||||
| CVE-2000-1191 | 1 Htdig Project | 1 Htdig | 2020-12-09 | 5.0 MEDIUM | N/A |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | |||||
| CVE-2000-0888 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-12-09 | 5.0 MEDIUM | N/A |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." | |||||
| CVE-2020-29595 | 1 Acdsee | 1 Photo Studio 2021 | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. | |||||
| CVE-2004-0455 | 2 Debian, Www-sql Project | 2 Debian Linux, Www-sql | 2020-12-09 | 7.2 HIGH | N/A |
| Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. | |||||
| CVE-2003-0358 | 3 Debian, Falconseye Project, Nethack | 3 Debian Linux, Falconseye, Nethack | 2020-12-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. | |||||
| CVE-2003-0242 | 1 Apple | 1 Mac Os X | 2020-12-09 | 7.5 HIGH | N/A |
| IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies. | |||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2020-12-09 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | |||||
| CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2020-12-09 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
| CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2020-12-09 | 6.4 MEDIUM | N/A |
| Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | |||||
| CVE-2020-29602 | 1 Irssi | 1 Docker Image | 2020-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29601 | 1 Docker | 1 Notary Docker Image | 2020-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | |||||
| CVE-2016-0230 | 1 Ibm | 1 Hardware Management Console | 2020-12-09 | 7.2 HIGH | 6.8 MEDIUM |
| IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors. | |||||
| CVE-2018-3868 | 1 Computer-insel | 1 Photoline | 2020-12-09 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2017-14451 | 1 Ethereum | 1 Ethereum | 2020-12-09 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability. | |||||
| CVE-2017-3164 | 1 Apache | 1 Solr | 2020-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. | |||||
| CVE-2019-0192 | 2 Apache, Netapp | 2 Solr, Storage Automation Store | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | |||||
| CVE-2007-1562 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-12-09 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2005-4900 | 1 Google | 1 Chrome | 2020-12-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. | |||||
| CVE-2019-9512 | 4 Apache, Apple, Canonical and 1 more | 5 Traffic Server, Mac Os X, Swiftnio and 2 more | 2020-12-09 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2019-9514 | 12 Apache, Apple, Canonical and 9 more | 29 Traffic Server, Mac Os X, Swiftnio and 26 more | 2020-12-09 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | |||||
| CVE-2020-12262 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2020-12-08 | 3.5 LOW | 5.4 MEDIUM |
| Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | |||||
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2020-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | |||||
| CVE-2020-8565 | 1 Kubernetes | 1 Kubernetes | 2020-12-08 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | |||||
| CVE-2019-6170 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2020-12-08 | 4.4 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | |||||
| CVE-2019-6172 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2020-12-08 | 4.4 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | |||||
| CVE-2020-27386 | 1 Flexdotnetcms Project | 1 Flexdotnetcms | 2020-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. | |||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2020-12-08 | 7.2 HIGH | 7.8 HIGH |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | |||||
| CVE-2004-1865 | 1 Bblog | 1 Bblog | 2020-12-08 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. | |||||
| CVE-2020-15169 | 3 Action View Project, Debian, Fedoraproject | 3 Action View, Debian Linux, Fedora | 2020-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | |||||
| CVE-2004-1628 | 1 Pizzashack | 1 Rssh | 2020-12-08 | 9.0 HIGH | N/A |
| Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2020-26231 | 1 Octobercms | 1 October | 2020-12-08 | 4.4 MEDIUM | 6.7 MEDIUM |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1. | |||||