Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15047 | 1 Redislabs | 1 Redis | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | |||||
| CVE-2019-3422 | 1 Zte | 2 Mf910s, Mf910s Firmware | 2020-08-28 | 1.9 LOW | 6.2 MEDIUM |
| The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. | |||||
| CVE-2020-14512 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | |||||
| CVE-2020-17385 | 1 Cellopoint | 1 Cellos | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | |||||
| CVE-2011-2716 | 2 Busybox, T-mobile | 2 Busybox, Tm-ac1900 | 2020-08-27 | 6.8 MEDIUM | N/A |
| The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | |||||
| CVE-2013-1813 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2020-08-27 | 7.2 HIGH | N/A |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | |||||
| CVE-2016-6301 | 1 Busybox | 1 Busybox | 2020-08-27 | 7.8 HIGH | 7.5 HIGH |
| The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. | |||||
| CVE-2020-17384 | 1 Cellopoint | 1 Cellos | 2020-08-27 | 9.0 HIGH | 7.2 HIGH |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. | |||||
| CVE-2020-9062 | 1 Dieboldnixdorf | 2 Probase, Procash 2100xe | 2020-08-27 | 2.1 LOW | 5.3 MEDIUM |
| Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | |||||
| CVE-2016-0915 | 1 Emc | 1 Authentication Manager Prime | 2020-08-27 | 5.5 MEDIUM | 8.1 HIGH |
| The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | |||||
| CVE-2016-4837 | 1 Ec-cube | 1 Discount Coupon | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2020-08-27 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | |||||
| CVE-2016-4309 | 1 Getsymphony | 1 Symphony | 2020-08-27 | 7.6 HIGH | 7.5 HIGH |
| Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||||
| CVE-2020-10123 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2020-08-27 | 2.1 LOW | 5.3 MEDIUM |
| The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. | |||||
| CVE-2020-9063 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2020-08-27 | 7.2 HIGH | 7.6 HIGH |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. | |||||
| CVE-2020-10125 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2020-08-27 | 4.6 MEDIUM | 7.6 HIGH |
| NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | |||||
| CVE-2019-13473 | 2 Auna, Telestar | 24 Connect 100, Connect 100 Firmware, Bobs Rock Radio and 21 more | 2020-08-27 | 10.0 HIGH | 9.8 CRITICAL |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. | |||||
| CVE-2020-4603 | 1 Ibm | 1 Security Guardium Insights | 2020-08-27 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. | |||||
| CVE-2020-4167 | 1 Ibm | 1 Security Guardium Insights | 2020-08-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. | |||||
| CVE-2020-4169 | 1 Ibm | 1 Security Guardium Insights | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. | |||||
| CVE-2020-10951 | 1 Westerndigital | 2 Ibi, My Cloud Home | 2020-08-27 | 4.3 MEDIUM | 4.7 MEDIUM |
| Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | |||||
| CVE-2020-4575 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2020-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. | |||||
| CVE-2014-2673 | 1 Linux | 1 Linux Kernel | 2020-08-27 | 4.7 MEDIUM | N/A |
| The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. | |||||
| CVE-2016-7951 | 2 Fedoraproject, X | 2 Fedora, Libxtst | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | |||||
| CVE-2014-2672 | 1 Linux | 1 Linux Kernel | 2020-08-27 | 7.1 HIGH | N/A |
| Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. | |||||
| CVE-2014-2309 | 3 Linux, Opensuse, Suse | 3 Linux Kernel, Opensuse, Linux Enterprise Server | 2020-08-27 | 6.1 MEDIUM | N/A |
| The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. | |||||
| CVE-2014-0102 | 1 Linux | 1 Linux Kernel | 2020-08-27 | 5.2 MEDIUM | N/A |
| The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | |||||
| CVE-2014-0100 | 1 Linux | 1 Linux Kernel | 2020-08-27 | 9.3 HIGH | N/A |
| Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. | |||||
| CVE-2009-1242 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-08-27 | 4.9 MEDIUM | N/A |
| The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. | |||||
| CVE-2019-13952 | 1 Gdnsd | 1 Gdnsd | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. | |||||
| CVE-2020-14518 | 1 Philips | 1 Dreammapper | 2020-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | |||||
| CVE-2020-24590 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2020-08-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | |||||
| CVE-2012-3983 | 3 Canonical, Mozilla, Suse | 6 Ubuntu Linux, Firefox, Seamonkey and 3 more | 2020-08-27 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-2959 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2020-08-27 | 7.2 HIGH | N/A |
| Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. | |||||
| CVE-2012-3989 | 3 Canonical, Mozilla, Suse | 6 Ubuntu Linux, Firefox, Seamonkey and 3 more | 2020-08-27 | 9.3 HIGH | N/A |
| Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. | |||||
| CVE-2020-24057 | 1 Verint | 2 S5120fd, S5120fd Firmware | 2020-08-27 | 9.0 HIGH | 8.8 HIGH |
| The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'. | |||||
| CVE-2013-6641 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2020-08-27 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. | |||||
| CVE-2020-24055 | 1 Verint | 4 4320, 4320 Firmware, 5620ptz and 1 more | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication. | |||||
| CVE-2020-7711 | 1 Goxmldsig Project | 1 Goxmldsig | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |||||
| CVE-2020-24054 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2020-08-27 | 10.0 HIGH | 9.8 CRITICAL |
| The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units. | |||||
| CVE-2020-16239 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2020-08-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2020-08-27 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2019-4688 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. | |||||
| CVE-2019-4691 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. | |||||
| CVE-2020-24032 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2020-08-27 | 10.0 HIGH | 9.8 CRITICAL |
| tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. | |||||
| CVE-2020-4587 | 1 Ibm | 2 Connect\, Sterling Connect\ | 2020-08-27 | 7.2 HIGH | 7.8 HIGH |
| IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. | |||||
| CVE-2019-4694 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. | |||||
| CVE-2019-4698 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. | |||||
| CVE-2019-4699 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | |||||
| CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | |||||