Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8346 | 1 Lenovo | 1 System Interface Foundation | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | |||||
| CVE-2020-25559 | 1 Gnuplot Project | 1 Gnuplot | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | |||||
| CVE-2020-0347 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | |||||
| CVE-2020-0348 | 1 Google | 1 Android | 2020-09-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | |||||
| CVE-2020-0350 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | |||||
| CVE-2020-0365 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | |||||
| CVE-2020-0319 | 1 Google | 1 Android | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765 | |||||
| CVE-2020-0401 | 1 Google | 1 Android | 2020-09-21 | 7.2 HIGH | 7.8 HIGH |
| In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253 | |||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | |||||
| CVE-2020-0281 | 1 Google | 1 Android | 2020-09-21 | 3.5 LOW | 4.5 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | |||||
| CVE-2020-0282 | 1 Google | 1 Android | 2020-09-21 | 3.5 LOW | 4.5 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 | |||||
| CVE-2020-0334 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 | |||||
| CVE-2020-0335 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 | |||||
| CVE-2020-7807 | 2 Lg, Microsoft | 5 Ipsfullhd, Lg Ultrawide, Lgpcsuite Setup and 2 more | 2020-09-21 | 1.9 LOW | 5.5 MEDIUM |
| A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | |||||
| CVE-2020-25279 | 1 Google | 1 Android | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). | |||||
| CVE-2020-25280 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | |||||
| CVE-2020-25278 | 1 Google | 1 Android | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020). | |||||
| CVE-2018-6345 | 1 Facebook | 1 Hhvm | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below). | |||||
| CVE-2018-6349 | 1 Whatsapp | 1 Whatsapp | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132. | |||||
| CVE-2019-12416 | 1 Apache | 1 Deltaspike | 2020-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | |||||
| CVE-2020-15769 | 1 Gradle | 1 Enterprise | 2020-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. | |||||
| CVE-2020-11054 | 1 Qutebrowser | 1 Qutebrowser | 2020-09-21 | 4.3 MEDIUM | 3.5 LOW |
| In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. | |||||
| CVE-2019-20917 | 1 Inspircd | 1 Inspircd | 2020-09-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | |||||
| CVE-2020-25269 | 1 Inspircd | 1 Inspircd | 2020-09-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | |||||
| CVE-2020-15890 | 2 Debian, Luajit | 2 Debian Linux, Luajit | 2020-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | |||||
| CVE-2020-0291 | 1 Google | 1 Android | 2020-09-18 | 2.1 LOW | 4.4 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016 | |||||
| CVE-2020-0273 | 1 Google | 1 Android | 2020-09-18 | 4.6 MEDIUM | 7.8 HIGH |
| In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800 | |||||
| CVE-2020-20406 | 1 Elementor | 1 Elementor Page Builder | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | |||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | |||||
| CVE-2020-24924 | 1 Elkarbackup | 1 Elkarbackup | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | |||||
| CVE-2020-24660 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. | |||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | |||||
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | |||||
| CVE-2007-3378 | 1 Php | 1 Php | 2020-09-18 | 6.8 MEDIUM | N/A |
| The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | |||||
| CVE-2017-11104 | 1 Knot-dns | 1 Knot Dns | 2020-09-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | |||||
| CVE-2017-11468 | 1 Docker | 1 Docker Registry | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | |||||
| CVE-2017-7615 | 1 Mantisbt | 1 Mantisbt | 2020-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | |||||
| CVE-2019-15715 | 1 Mantisbt | 1 Mantisbt | 2020-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | |||||
| CVE-2020-12109 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2020-09-18 | 9.0 HIGH | 8.8 HIGH |
| Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
| CVE-2020-13845 | 1 Sylabs | 1 Singularity | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. | |||||
| CVE-2020-13846 | 1 Sylabs | 1 Singularity | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | |||||
| CVE-2020-13847 | 1 Sylabs | 1 Singularity | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. | |||||
| CVE-2020-0292 | 1 Google | 1 Android | 2020-09-18 | 2.1 LOW | 4.4 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252 | |||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 4.3 MEDIUM | 7.5 HIGH |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | |||||
| CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | |||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 4.3 MEDIUM | 7.5 HIGH |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | |||||
| CVE-2020-6509 | 1 Google | 1 Chrome | 2020-09-18 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-8026 | 1 Opensuse | 2 Leap, Tumbleweed | 2020-09-18 | 7.2 HIGH | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. | |||||