Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12646 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-09-09 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2020-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2020-23972 | 1 Gmapfp | 1 Gmapfp | 2020-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | |||||
| CVE-2020-3507 | 1 Cisco | 16 8000p Ip Camera, 8000p Ip Camera Firmware, 8020 Ip Camera and 13 more | 2020-09-09 | 8.3 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-3485 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-09-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. | |||||
| CVE-2020-3506 | 1 Cisco | 16 8000p Ip Camera, 8000p Ip Camera Firmware, 8020 Ip Camera and 13 more | 2020-09-09 | 8.3 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-3394 | 1 Cisco | 65 Nexus 3016, Nexus 3048, Nexus 3064 and 62 more | 2020-09-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. | |||||
| CVE-2020-11618 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2020-09-09 | 7.2 HIGH | 7.8 HIGH |
| THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | |||||
| CVE-2020-13466 | 1 St | 2 Stm32f103, Stm32f103 Firmware | 2020-09-09 | 7.2 HIGH | 6.8 MEDIUM |
| STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2020-11493 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-09 | 5.8 MEDIUM | 8.1 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | |||||
| CVE-2011-3970 | 3 Google, Suse, Xmlsoft | 5 Chrome, Linux Enterprise Desktop, Linux Enterprise Server and 2 more | 2020-09-09 | 4.3 MEDIUM | N/A |
| libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2020-09-09 | 4.6 MEDIUM | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2015-7295 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2020-09-09 | 5.0 MEDIUM | N/A |
| hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | |||||
| CVE-2015-7512 | 4 Debian, Oracle, Qemu and 1 more | 9 Debian Linux, Linux, Qemu and 6 more | 2020-09-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |||||
| CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2020-09-09 | 7.8 HIGH | 8.6 HIGH |
| The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |||||
| CVE-2015-8504 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-09 | 3.5 LOW | 6.5 MEDIUM |
| Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |||||
| CVE-2015-8558 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | |||||
| CVE-2016-6829 | 2 Barclamp-trove Project, Crowbar-openstack Project | 2 Barclamp-trove, Crowbar-openstack | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2020-09-09 | 6.8 MEDIUM | 7.7 HIGH |
| Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2017-2096 | 1 Smalruby | 1 Smalruby-editor | 2020-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-3539 | 1 Rope Project | 1 Rope | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. | |||||
| CVE-2015-2857 | 1 Accellion | 1 File Transfer Appliance | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | |||||
| CVE-2017-7480 | 1 Rootkit Hunter Project | 1 Rootkit Hunter | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. | |||||
| CVE-2017-9130 | 1 Freeware Advanced Audio Coder Project | 1 Freeware Advanced Audio Coder | 2020-09-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | |||||
| CVE-2018-0286 | 1 Cisco | 1 Ios Xr | 2020-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. | |||||
| CVE-2020-13471 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2020-09-09 | 7.2 HIGH | 6.8 MEDIUM |
| Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2018-1125 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2020-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. | |||||
| CVE-2018-1124 | 6 Canonical, Debian, Opensuse and 3 more | 9 Ubuntu Linux, Debian Linux, Leap and 6 more | 2020-09-09 | 4.6 MEDIUM | 7.8 HIGH |
| procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. | |||||
| CVE-2018-10475 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394. | |||||
| CVE-2018-10476 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395. | |||||
| CVE-2018-10478 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397. | |||||
| CVE-2018-10479 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399. | |||||
| CVE-2017-2611 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2020-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. | |||||
| CVE-2020-12248 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | |||||
| CVE-2018-1057 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | |||||
| CVE-2018-1165 | 2 Joyent, Oracle | 3 Smartos, Solaris, Zfs Storage Appliance | 2020-09-09 | 6.9 MEDIUM | 7.0 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983. | |||||
| CVE-2009-5063 | 1 Libpng | 1 Libpng | 2020-09-09 | 5.0 MEDIUM | N/A |
| Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. | |||||
| CVE-2012-3972 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2020-09-09 | 5.0 MEDIUM | N/A |
| The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. | |||||
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2020-09-09 | 9.3 HIGH | 7.8 HIGH |
| IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | |||||
| CVE-2020-4632 | 1 Ibm | 1 Infosphere Metadata Asset Manager | 2020-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. | |||||
| CVE-2020-14367 | 2 Fedoraproject, Tuxfamily | 2 Fedora, Chrony | 2020-09-09 | 3.6 LOW | 6.0 MEDIUM |
| A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | |||||
| CVE-2020-4702 | 1 Ibm | 1 Infosphere Information Server | 2020-09-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187. | |||||
| CVE-2020-12644 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-09-09 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. | |||||
| CVE-2009-3080 | 7 Canonical, Debian, Linux and 4 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2020-09-09 | 7.2 HIGH | N/A |
| Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | |||||
| CVE-2015-2528 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2020-09-08 | 7.2 HIGH | N/A |
| Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524. | |||||
| CVE-2020-13595 | 1 Espressif | 2 Esp-idf, Esp32 | 2020-09-08 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets. | |||||
| CVE-2020-13594 | 1 Espressif | 2 Esp-idf, Esp32 | 2020-09-08 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2020-13972 | 1 Enghouse | 1 Web Chat | 2020-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951. | |||||
| CVE-2020-17458 | 1 Fabbricadigitale | 1 Multiux | 2020-09-08 | 3.5 LOW | 5.4 MEDIUM |
| A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field. | |||||
| CVE-2020-4546 | 1 Ibm | 10 Doors Next, Engineering Requirements Management Doors Next, Engineering Test Management and 7 more | 2020-09-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314. | |||||