Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6646 | 1 F-secure | 3 Anti-virus, Psb Workstation Security, Safe Anywhere | 2020-05-11 | 2.1 LOW | N/A |
| F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. | |||||
| CVE-2017-14184 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2020-05-11 | 4.0 MEDIUM | 8.8 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | |||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | |||||
| CVE-2017-17809 | 1 Goldenfrog | 1 Vyprvpn | 2020-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | |||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | |||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2020-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | |||||
| CVE-2016-6393 | 1 Cisco | 2 Ios, Ios Xe | 2020-05-11 | 7.1 HIGH | 7.5 HIGH |
| The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. | |||||
| CVE-2010-5321 | 1 Linux | 1 Linux Kernel | 2020-05-11 | 4.9 MEDIUM | 4.3 MEDIUM |
| Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. | |||||
| CVE-2014-3314 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2020-05-11 | 5.0 MEDIUM | N/A |
| Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. | |||||
| CVE-2017-14592 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | |||||
| CVE-2018-15668 | 1 Bloop | 1 Airmail 3 | 2020-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address. | |||||
| CVE-2018-20234 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2011-2830 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3889 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3880 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors. | |||||
| CVE-2011-3876 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors. | |||||
| CVE-2011-2845 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-05-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2019-19167 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2020-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. | |||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2020-05-11 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | |||||
| CVE-2011-3873 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2880 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings. | |||||
| CVE-2011-2881 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2018-13385 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability. | |||||
| CVE-2018-13396 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
| CVE-2020-12683 | 1 Katyshop2 Project | 1 Katyshop2 | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Katyshop2 before 2.12 has multiple stored XSS issues. | |||||
| CVE-2020-11026 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2020-11027 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-05-11 | 5.5 MEDIUM | 8.1 HIGH |
| In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2020-11029 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2020-12650 | 2020-05-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended behavior. Notes: none. | |||||
| CVE-2011-3891 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3885 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | |||||
| CVE-2019-1761 | 1 Cisco | 2 Ios, Ios Xe | 2020-05-11 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. | |||||
| CVE-2011-3883 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters. | |||||
| CVE-2011-3882 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers. | |||||
| CVE-2011-2879 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | |||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
| CVE-2020-12448 | 1 Gitlab | 1 Gitlab | 2020-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2020-05-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2020-2185 | 1 Jenkins | 1 Amazon Ec2 | 2020-05-11 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | |||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | |||||
| CVE-2020-5331 | 1 Rsa | 1 Archer | 2020-05-11 | 2.1 LOW | 5.5 MEDIUM |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | |||||
| CVE-2020-5332 | 1 Rsa | 1 Archer | 2020-05-11 | 9.0 HIGH | 7.2 HIGH |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | |||||
| CVE-2020-5873 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2020-05-11 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request. | |||||
| CVE-2019-13285 | 1 Cososys | 1 Endpoint Protector | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | |||||
| CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | |||||
| CVE-2020-12052 | 1 Grafana | 1 Grafana | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | |||||