Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29441 | 1 Outsystems | 1 Outsystems | 2020-12-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. | |||||
| CVE-2015-9551 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. | |||||
| CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | |||||
| CVE-2020-16849 | 1 Canon | 56 Ir2202n, Ir2202n Firmware, Ir2204f and 53 more | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. | |||||
| CVE-2020-9117 | 1 Huawei | 4 Nova 4, Nova 4 Firmware, Sydneym-al00 and 1 more | 2020-12-04 | 4.6 MEDIUM | 7.8 HIGH |
| HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. | |||||
| CVE-2020-26236 | 1 Scratchverifier | 1 Scratchverifier | 2020-12-04 | 5.1 MEDIUM | 7.5 HIGH |
| In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. | |||||
| CVE-2020-29239 | 1 Online Voting System Project | 1 Online Voting System | 2020-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2020-12-04 | 2.1 LOW | 4.4 MEDIUM |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | |||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | |||||
| CVE-2020-29283 | 1 Online Doctor Appointment Booking System Php And Mysql Project | 1 Online Doctor Appointment Booking System Php And Mysql | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. | |||||
| CVE-2020-29284 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. | |||||
| CVE-2020-29285 | 1 Point Of Sales In Php\/pdo Project | 1 Point Of Sales In Php\/pdo | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | |||||
| CVE-2020-25537 | 1 Ucms Project | 1 Ucms | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | |||||
| CVE-2020-28348 | 1 Hashicorp | 1 Nomad | 2020-12-04 | 6.3 MEDIUM | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | |||||
| CVE-2020-28914 | 1 Katacontainers | 1 Kata-containers | 2020-12-04 | 3.6 LOW | 7.1 HIGH |
| An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. | |||||
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2020-12-04 | 5.7 MEDIUM | 5.3 MEDIUM |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | |||||
| CVE-2020-7780 | 1 Softwaremill | 1 Akka-http-session | 2020-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. | |||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | |||||
| CVE-2020-23736 | 1 Dadajiasu | 1 Dada Accelerator | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | |||||
| CVE-2020-23726 | 1 Wisecleaner | 1 Wise Care 365 | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). | |||||
| CVE-2020-23727 | 1 Antiy | 1 Antiy Zhijia Terminal Defense System | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). | |||||
| CVE-2020-2321 | 1 Jenkins | 1 Shelve Project | 2020-12-04 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | |||||
| CVE-2020-29144 | 1 Ericsson | 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx | 2020-12-04 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. | |||||
| CVE-2020-29145 | 1 Ericsson | 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx | 2020-12-04 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. | |||||
| CVE-2020-28206 | 1 Bitrix24 | 1 Bitrix Framework | 2020-12-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. | |||||
| CVE-2017-9621 | 1 Epesi | 1 Epesi | 2020-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. | |||||
| CVE-2020-5638 | 1 Desknets | 1 Neo | 2020-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2020-29282 | 1 Bloodx Project | 1 Bloodx | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. | |||||
| CVE-2020-28938 | 1 Openclinic Project | 1 Openclinic | 2020-12-03 | 3.5 LOW | 5.4 MEDIUM |
| OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. | |||||
| CVE-2020-29127 | 1 Fujitsu | 2 Eternus Storage Dx200 S4, Eternus Storage Dx200 S4 Firmware | 2020-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. | |||||
| CVE-2020-29390 | 1 Zeroshell | 1 Zeroshell | 2020-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | |||||
| CVE-2020-7927 | 1 Mongodb | 1 Ops Manager | 2020-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2. | |||||
| CVE-2020-10772 | 2 Nlnetlabs, Redhat | 2 Unbound, Enterprise Linux | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | |||||
| CVE-2020-1778 | 1 Otrs | 1 Otrs | 2020-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. | |||||
| CVE-2020-29367 | 1 C-blosc2 Project | 1 C-blosc2 | 2020-12-03 | 9.3 HIGH | 7.8 HIGH |
| blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | |||||
| CVE-2020-7777 | 1 Jsen Project | 1 Jsen | 2020-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution. | |||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2020-12-03 | 7.5 HIGH | 7.3 HIGH |
| app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | |||||
| CVE-2020-26245 | 1 Systeminformation | 1 Systeminformation | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). | |||||
| CVE-2020-27207 | 1 Zetetic | 1 Sqlcipher | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. | |||||
| CVE-2020-29376 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2020-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. | |||||
| CVE-2020-29375 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2020-12-03 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | |||||
| CVE-2020-26235 | 2 Microsoft, Time Project | 2 Windows, Time | 2020-12-03 | 3.5 LOW | 5.3 MEDIUM |
| In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23. | |||||
| CVE-2020-29377 | 1 Vsolcn | 2 V1600d, V1600d Firmware | 2020-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. | |||||
| CVE-2019-19869 | 1 Br-automation | 1 Industrial Automation Aprol | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | |||||
| CVE-2020-25700 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2020-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2019-3684 | 1 Suse | 1 Manager | 2020-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | |||||
| CVE-2019-18899 | 2 Apt-cacher-ng Project, Opensuse | 2 Apt-cacher-ng, Leap | 2020-12-03 | 2.1 LOW | 5.5 MEDIUM |
| The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. | |||||
| CVE-2020-28942 | 1 Primekey | 1 Ejbca | 2020-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. | |||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2020-12-03 | 3.6 LOW | 6.1 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | |||||
| CVE-2020-28975 | 1 Scikit-learn | 1 Scikit-learn | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. | |||||