Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13888 | 1 Kordil Edms Project | 1 Kordil Edms | 2020-06-26 | 3.5 LOW | 5.4 MEDIUM |
| Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | |||||
| CVE-2017-18897 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | |||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | |||||
| CVE-2017-18898 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. | |||||
| CVE-2020-14972 | 1 Pisay Online E-learning System Project | 1 Pisay Online E-learning System | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. | |||||
| CVE-2020-13426 | 1 Bdtask | 1 Multi-scheduler | 2020-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | |||||
| CVE-2020-8102 | 1 Bitdefender | 1 Total Security 2020 | 2020-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | |||||
| CVE-2017-18871 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. | |||||
| CVE-2020-13265 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | |||||
| CVE-2016-11064 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | |||||
| CVE-2019-14062 | 1 Qualcomm | 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more | 2020-06-26 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | |||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | |||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | |||||
| CVE-2016-11072 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | |||||
| CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | |||||
| CVE-2019-14047 | 1 Qualcomm | 30 Apq8053, Apq8053 Firmware, Apq8096au and 27 more | 2020-06-26 | 7.2 HIGH | 7.8 HIGH |
| While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130 | |||||
| CVE-2017-18912 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | |||||
| CVE-2017-18901 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. | |||||
| CVE-2017-18900 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report. | |||||
| CVE-2017-18899 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | |||||
| CVE-2017-18896 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | |||||
| CVE-2017-18895 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. | |||||
| CVE-2017-18894 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | |||||
| CVE-2017-18892 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | |||||
| CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
| CVE-2020-14960 | 1 Php-fusion | 1 Php-fusion | 2020-06-26 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | |||||
| CVE-2020-10644 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
| CVE-2020-12004 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
| CVE-2019-19612 | 1 Halvotec | 1 Raquest | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0. | |||||
| CVE-2019-19613 | 1 Halvotec | 1 Raquest | 2020-06-25 | 4.3 MEDIUM | 5.2 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0 | |||||
| CVE-2019-14073 | 1 Qualcomm | 112 Apq8009, Apq8009 Firmware, Apq8017 and 109 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2019-14076 | 1 Qualcomm | 64 Apq8009, Apq8009 Firmware, Apq8098 and 61 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3642 | 1 Qualcomm | 26 Kamorta, Kamorta Firmware, Qcs605 and 23 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3662 | 1 Qualcomm | 66 Apq8009, Apq8009 Firmware, Apq8017 and 63 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-3663 | 1 Qualcomm | 88 Apq8009, Apq8009 Firmware, Apq8017 and 85 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3665 | 1 Qualcomm | 42 Apq8009, Apq8009 Firmware, Apq8053 and 39 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150 | |||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | |||||
| CVE-2017-18915 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | |||||
| CVE-2017-18916 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | |||||
| CVE-2017-18919 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | |||||
| CVE-2017-18914 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | |||||
| CVE-2019-19610 | 1 Halvotec | 1 Raquest | 2020-06-25 | 5.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0. | |||||
| CVE-2020-14962 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
| Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. | |||||
| CVE-2020-14959 | 1 Goldplugins | 1 Easy Testimonials | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
| Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. | |||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | |||||
| CVE-2017-18893 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. | |||||
| CVE-2017-18902 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. | |||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | |||||
| CVE-2016-0380 | 1 Ibm | 1 Sterling Connect\ | 2020-06-25 | 2.1 LOW | 3.3 LOW |
| IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | |||||