Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16093 | 1 Symonics | 1 Libmysofa | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | |||||
| CVE-2019-16094 | 1 Symonics | 1 Libmysofa | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | |||||
| CVE-2019-16095 | 1 Symonics | 1 Libmysofa | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. | |||||
| CVE-2020-9674 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9675 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9676 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-25057 | 1 Google | 1 Android | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020). | |||||
| CVE-2020-25058 | 1 Google | 1 Android | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020). | |||||
| CVE-2020-25059 | 1 Google | 1 Android | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020). | |||||
| CVE-2020-25061 | 1 Google | 1 Android | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). | |||||
| CVE-2019-1003077 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2020-25063 | 1 Google | 1 Android | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020). | |||||
| CVE-2020-25064 | 1 Google | 1 Android | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020). | |||||
| CVE-2020-25065 | 1 Google | 1 Android | 2020-09-01 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). | |||||
| CVE-2019-1003088 | 1 Jenkins | 1 Fabric Beta Publisher | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003089 | 1 Jenkins | 1 Upload To Pgyer | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003094 | 1 Jenkins | 1 Open Stf | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-13863 | 1 Mitel | 1 Micollab | 2020-09-01 | 5.5 MEDIUM | 8.1 HIGH |
| The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. | |||||
| CVE-2020-23658 | 1 Php-fusion | 1 Php-fusion | 2020-09-01 | 3.5 LOW | 5.4 MEDIUM |
| PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | |||||
| CVE-2020-11497 | 1 Woocommerce | 1 Nab Transact | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. | |||||
| CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||||
| CVE-2019-1003075 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003074 | 1 Jenkins | 1 Hyper.sh Commons | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003072 | 1 Jenkins | 1 Wildfly Deployer | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003073 | 1 Jenkins | 1 Vs Team Services Continuous Deployment | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003071 | 1 Jenkins | 1 Octopusdeploy | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003070 | 1 Jenkins | 1 Veracode-scanner | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-13617 | 1 Mitel | 22 6863, 6863 Firmware, 6865 and 19 more | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | |||||
| CVE-2019-1003069 | 1 Jenkins | 1 Aqua Security Scanner | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003068 | 1 Jenkins | 1 Vmware Vrealize Automation | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003067 | 1 Jenkins | 1 Trac Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003066 | 1 Jenkins | 1 Bugzilla | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | |||||
| CVE-2020-17404 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191. | |||||
| CVE-2020-17403 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003. | |||||
| CVE-2019-1003065 | 1 Jenkins | 1 Cloudshare Docker-machine | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003064 | 1 Jenkins | 1 Aws-device-farm | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003062 | 1 Jenkins | 1 Aws Cloudwatch Logs Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003063 | 1 Jenkins | 1 Amazon Sns Build Notifier | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003060 | 1 Jenkins | 1 Official Owasp Zap | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003061 | 1 Jenkins | 1 Jenkins-cloudformation-plugin | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003059 | 1 Jenkins | 1 Ftp Publisher | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003057 | 1 Jenkins | 1 Bitbucket Approve | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003055 | 1 Jenkins | 1 Ftp Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003056 | 1 Jenkins | 1 Websphere Deployer | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003054 | 1 Jenkins | 1 Jira Issue Updater | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003053 | 1 Jenkins | 1 Hockeyapp | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2018-15411 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2020-09-01 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | |||||
| CVE-2020-16287 | 1 Artifex | 1 Ghostscript | 2020-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
| CVE-2020-16288 | 1 Artifex | 1 Ghostscript | 2020-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||