Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15601 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2020-09-03 | 5.1 MEDIUM | 8.1 HIGH |
| If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | |||||
| CVE-2020-24653 | 1 Expo | 1 Expo | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. | |||||
| CVE-2020-24656 | 1 Maltego | 1 Maltego | 2020-09-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Maltego before 4.2.12 allows XXE attacks. | |||||
| CVE-2020-15155 | 1 Basercms | 1 Basercms | 2020-09-03 | 2.1 LOW | 7.3 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. | |||||
| CVE-2020-15159 | 1 Basercms | 1 Basercms | 2020-09-03 | 4.6 MEDIUM | 7.6 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. | |||||
| CVE-2020-25086 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. | |||||
| CVE-2020-25087 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. | |||||
| CVE-2020-25089 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. | |||||
| CVE-2020-25090 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. | |||||
| CVE-2020-25088 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. | |||||
| CVE-2020-25091 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. | |||||
| CVE-2020-25092 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. | |||||
| CVE-2020-25093 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. | |||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2020-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2020-09-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. | |||||
| CVE-2019-18280 | 1 Online Grading System Project | 1 Online Grading System | 2020-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI. | |||||
| CVE-2019-18344 | 1 Online Grading System Project | 1 Online Grading System | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||||
| CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | |||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2020-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
| CVE-2020-25053 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). | |||||
| CVE-2020-25055 | 1 Google | 1 Android | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020). | |||||
| CVE-2020-25051 | 1 Google | 1 Android | 2020-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020). | |||||
| CVE-2020-25050 | 1 Google | 1 Android | 2020-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020). | |||||
| CVE-2020-25047 | 1 Google | 1 Android | 2020-09-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020). | |||||
| CVE-2020-25046 | 1 Google | 1 Android | 2020-09-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020). | |||||
| CVE-2020-25056 | 2 Google, Samsung | 2 Android, Galaxy S20 | 2020-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020). | |||||
| CVE-2020-17446 | 1 Magic | 1 Asyncpg | 2020-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. | |||||
| CVE-2020-23974 | 1 Create-project Manager Project | 1 Create-project Manager | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). | |||||
| CVE-2020-23973 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-16193 | 1 Osticket | 1 Osticket | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | |||||
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2020-09-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | |||||
| CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | |||||
| CVE-2020-23977 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-16167 | 1 Robotemi | 1 Launcher Os | 2020-09-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors. | |||||
| CVE-2020-16168 | 1 Robotemi | 2 Temi, Temi Firmware | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors. | |||||
| CVE-2020-16169 | 1 Robotemi | 1 Robox Os | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors. | |||||
| CVE-2020-16170 | 1 Robotemi | 1 Temi | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | |||||
| CVE-2017-8906 | 1 Multicorewareinc | 1 X265 High Efficiency Video Coding | 2020-09-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding. | |||||
| CVE-2016-4455 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2020-09-02 | 2.1 LOW | 3.3 LOW |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
| CVE-2020-3440 | 1 Cisco | 1 Webex Meetings | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. | |||||
| CVE-2020-3443 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. | |||||
| CVE-2020-5917 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2020-09-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | |||||
| CVE-2020-5919 | 1 F5 | 1 Big-ip Access Policy Manager | 2020-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. | |||||
| CVE-2020-3491 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. | |||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | |||||
| CVE-2020-14415 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2020-09-02 | 2.1 LOW | 3.3 LOW |
| oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | |||||
| CVE-2020-5920 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-09-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. | |||||
| CVE-2020-23576 | 1 Laborator | 1 Neon | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. | |||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | |||||