Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1541 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1546 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1548 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1550 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1556 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1557 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1560 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1561 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2020-24786 | 1 Zohocorp | 11 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 8 more | 2020-09-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise. | |||||
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2020-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | |||||
| CVE-2019-1537 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1538 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1539 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1542 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1544 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1545 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1553 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1554 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1555 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1558 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1562 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2019-1564 | 2020-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during [2019]. Notes: none. | |||||
| CVE-2020-5419 | 1 Pivotal Software | 1 Rabbitmq | 2020-09-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. | |||||
| CVE-2020-17405 | 1 Senstar | 1 Symphony | 2020-09-10 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980. | |||||
| CVE-2020-23830 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-10 | 5.8 MEDIUM | 7.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | |||||
| CVE-2020-24029 | 1 Forlogic | 1 Qualiex | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | |||||
| CVE-2020-24030 | 1 Forlogic | 1 Qualiex | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. | |||||
| CVE-2020-13463 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2020-09-10 | 2.1 LOW | 4.6 MEDIUM |
| The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | |||||
| CVE-2020-8335 | 1 Lenovo | 16 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 13 more | 2020-09-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. | |||||
| CVE-2020-24162 | 1 Tencent | 1 Tencent | 2020-09-10 | 4.4 MEDIUM | 7.8 HIGH |
| The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | |||||
| CVE-2020-24876 | 1 Pancakeapp | 1 Pancake | 2020-09-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. | |||||
| CVE-2020-10720 | 1 Linux | 1 Linux Kernel | 2020-09-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||||
| CVE-2020-14373 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2020-09-10 | 2.1 LOW | 5.5 MEDIUM |
| A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. | |||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||||
| CVE-2020-25102 | 1 Advanced Reports Project | 1 Advanced Reports | 2020-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. | |||||
| CVE-2020-3620 | 1 Qualcomm | 126 Apq8009, Apq8009 Firmware, Apq8053 and 123 more | 2020-09-10 | 2.1 LOW | 5.5 MEDIUM |
| u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3624 | 1 Qualcomm | 122 Apq8009, Apq8009 Firmware, Apq8017 and 119 more | 2020-09-10 | 4.6 MEDIUM | 7.8 HIGH |
| u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2016-2381 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2020-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | |||||
| CVE-2018-13792 | 1 Abbyy | 1 Flexicapture | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter. | |||||
| CVE-2018-12191 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2020-09-10 | 7.2 HIGH | 7.6 HIGH |
| Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access. | |||||
| CVE-2019-5916 | 1 D-circle | 1 Power Egg | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors. | |||||
| CVE-2020-4516 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. | |||||
| CVE-2020-4698 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. | |||||
| CVE-2020-6312 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-09-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized. | |||||
| CVE-2020-6302 | 1 Sap | 1 Commerce | 2020-09-10 | 7.5 HIGH | 8.1 HIGH |
| SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application. | |||||
| CVE-2020-6288 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-09-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed. | |||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | |||||
| CVE-2020-6283 | 1 Sap | 1 Fiori Launchpad | 2020-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session. | |||||
| CVE-2017-18258 | 1 Xmlsoft | 1 Libxml2 | 2020-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. | |||||
| CVE-2017-8872 | 1 Xmlsoft | 1 Libxml2 | 2020-09-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | |||||