Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2020-09-02 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | |||||
| CVE-2020-5922 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-09-02 | 9.3 HIGH | 8.8 HIGH |
| In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. | |||||
| CVE-2020-5923 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2020-09-02 | 4.8 MEDIUM | 5.4 MEDIUM |
| In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. | |||||
| CVE-2020-5926 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. | |||||
| CVE-2020-12689 | 1 Openstack | 1 Keystone | 2020-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | |||||
| CVE-2020-12690 | 1 Openstack | 1 Keystone | 2020-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. | |||||
| CVE-2020-13757 | 1 Python-rsa Project | 1 Python-rsa | 2020-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | |||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | |||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | |||||
| CVE-2019-5320 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | |||||
| CVE-2018-0156 | 1 Cisco | 149 Catalyst 2960-plus 24lc-l, Catalyst 2960-plus 24lc-s, Catalyst 2960-plus 24pc-l and 146 more | 2020-09-02 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. | |||||
| CVE-2009-1072 | 8 Canonical, Debian, Linux and 5 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2020-09-02 | 4.9 MEDIUM | N/A |
| nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. | |||||
| CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2020-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | |||||
| CVE-2020-5928 | 1 F5 | 1 Big-ip Application Security Manager | 2020-09-02 | 3.3 LOW | 3.1 LOW |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. | |||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2020-09-02 | 10.0 HIGH | 9.8 CRITICAL |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | |||||
| CVE-2020-7705 | 1 Mintegral | 1 Mintegraladsdk | 2020-09-02 | 5.8 MEDIUM | 8.1 HIGH |
| This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | |||||
| CVE-2020-24240 | 1 Gnu | 1 Bison | 2020-09-02 | 7.1 HIGH | 5.5 MEDIUM |
| GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | |||||
| CVE-2020-7831 | 2 Inogard, Microsoft | 2 Ebiz4u, Windows | 2020-09-02 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | |||||
| CVE-2020-4165 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. | |||||
| CVE-2020-5927 | 1 F5 | 1 Big-ip Application Security Manager | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. | |||||
| CVE-2020-14500 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. | |||||
| CVE-2020-14508 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. | |||||
| CVE-2020-15881 | 1 Munki Facts Project | 1 Munki Facts | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. | |||||
| CVE-2020-15883 | 1 Managedinstalls Project | 1 Managedinstalls | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported). | |||||
| CVE-2019-12724 | 1 Teclib-edition | 1 News | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. | |||||
| CVE-2020-15886 | 1 Reportdata Project | 1 Reportdata | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | |||||
| CVE-2020-15887 | 1 Softwareupdate Project | 1 Softwareupdate | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | |||||
| CVE-2019-1003095 | 1 Jenkins | 1 Perfecto Mobile | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2020-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | |||||
| CVE-2020-24613 | 1 Wolfssl | 1 Wolfssl | 2020-09-01 | 4.9 MEDIUM | 6.8 MEDIUM |
| wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | |||||
| CVE-2020-3389 | 1 Cisco | 1 Hyperflex Hx-series Software | 2020-09-01 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. | |||||
| CVE-2020-3152 | 1 Cisco | 1 Connected Mobile Experiences | 2020-09-01 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | |||||
| CVE-2020-7377 | 1 Rapid7 | 1 Metasploit | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | |||||
| CVE-2020-24572 | 1 Raspap | 1 Raspap | 2020-09-01 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). | |||||
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2020-09-01 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | |||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | |||||
| CVE-2020-6637 | 1 Os4ed | 1 Opensis | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. | |||||
| CVE-2020-3151 | 1 Cisco | 1 Connected Mobile Experiences | 2020-09-01 | 3.6 LOW | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | |||||
| CVE-2020-10700 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2020-09-01 | 2.6 LOW | 5.3 MEDIUM |
| A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | |||||
| CVE-2020-15485 | 1 Niscomed | 2 Multipara Monitor M1000, Multipara Monitor M1000 Firmware | 2020-09-01 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. | |||||
| CVE-2020-24548 | 1 Ericom | 1 Access Server | 2020-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. | |||||
| CVE-2020-15156 | 1 Nodebb | 1 Blog Comments | 2020-09-01 | 4.3 MEDIUM | 8.1 HIGH |
| In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation. | |||||
| CVE-2020-12855 | 1 Seczetta | 1 Neprofile | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. | |||||
| CVE-2019-12718 | 1 Cisco | 216 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 213 more | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | |||||
| CVE-2019-12636 | 1 Cisco | 216 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 213 more | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device. | |||||
| CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2019-16091 | 1 Symonics | 1 Libmysofa | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. | |||||
| CVE-2019-16092 | 1 Symonics | 1 Libmysofa | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. | |||||