Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4428 | 1 Ibm | 1 Data Risk Manager | 2020-05-08 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. | |||||
| CVE-2020-4429 | 1 Ibm | 1 Data Risk Manager | 2020-05-08 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. | |||||
| CVE-2020-12703 | 1 Ulicms | 1 Ulicms | 2020-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has XSS during PackageController uninstall. | |||||
| CVE-2011-3953 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3955 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. | |||||
| CVE-2011-3957 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. | |||||
| CVE-2020-12704 | 1 Ulicms | 1 Ulicms | 2020-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has PageController stored XSS. | |||||
| CVE-2020-12705 | 1 Lepton-cms | 1 Leptoncms | 2020-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | |||||
| CVE-2020-12707 | 1 Lepton-cms | 1 Lepton Cms | 2020-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | |||||
| CVE-2011-3961 | 1 Google | 1 Chrome | 2020-05-08 | 9.3 HIGH | N/A |
| Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. | |||||
| CVE-2011-3963 | 1 Google | 1 Chrome | 2020-05-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3971 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-08 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. | |||||
| CVE-2011-3972 | 1 Google | 1 Chrome | 2020-05-08 | 5.0 MEDIUM | N/A |
| The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3894 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream. | |||||
| CVE-2011-3887 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-05-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||||
| CVE-2011-3893 | 1 Google | 1 Chrome | 2020-05-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3892 | 2 Debian, Google | 2 Debian Linux, Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. | |||||
| CVE-2011-3884 | 1 Google | 1 Chrome | 2020-05-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2018-20590 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2020-05-08 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | |||||
| CVE-2020-8486 | 1 Abb | 1 800xa Rnrp | 2020-05-07 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. | |||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2020-05-07 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2020-05-07 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-11030 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-05-07 | 3.5 LOW | 5.4 MEDIUM |
| In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2011-3879 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors. | |||||
| CVE-2020-11737 | 1 Zimbra | 1 Zimbra | 2020-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. | |||||
| CVE-2020-10686 | 1 Redhat | 1 Keycloak | 2020-05-07 | 6.5 MEDIUM | 4.7 MEDIUM |
| A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. | |||||
| CVE-2011-3914 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||||
| CVE-2011-3909 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-07 | 5.0 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2020-12104 | 1 Wp-advanced-search Project | 1 Wp-advanced-search | 2020-05-07 | 6.5 MEDIUM | 8.8 HIGH |
| The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | |||||
| CVE-2020-12246 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2020-05-07 | 9.0 HIGH | 8.8 HIGH |
| Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. | |||||
| CVE-2019-19517 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | |||||
| CVE-2016-5682 | 1 Smartbear | 1 Swagger-ui | 2020-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | |||||
| CVE-2017-7188 | 1 Zurmo | 1 Zurmo Crm | 2020-05-07 | 3.5 LOW | 5.4 MEDIUM |
| Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | |||||
| CVE-2020-7983 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2020-05-07 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | |||||
| CVE-2020-5881 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes. | |||||
| CVE-2020-8799 | 1 Webtechideas | 1 Wti Like Post | 2020-05-07 | 3.5 LOW | 4.8 MEDIUM |
| A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. | |||||
| CVE-2020-8033 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2020-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. | |||||
| CVE-2011-3906 | 1 Google | 1 Chrome | 2020-05-07 | 5.0 MEDIUM | N/A |
| The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3915 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts. | |||||
| CVE-2011-3905 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2020-05-07 | 5.0 MEDIUM | N/A |
| libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3919 | 5 Apple, Debian, Google and 2 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2020-05-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-5727 | 1 Simplisafe | 2 Ss3, Ss3 Firmware | 2020-05-07 | 2.1 LOW | 4.6 MEDIUM |
| Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. | |||||
| CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2020-05-07 | 7.2 HIGH | 6.8 MEDIUM |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | |||||
| CVE-2020-8829 | 1 Intelbras | 2 Cip 92200, Cip 92200 Firmware | 2020-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | |||||
| CVE-2011-3921 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames. | |||||
| CVE-2011-3922 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. | |||||
| CVE-2017-18867 | 1 Netgear | 10 D6100, D6100 Firmware, D7800 and 7 more | 2020-05-07 | 4.6 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. | |||||
| CVE-2011-3924 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. | |||||
| CVE-2011-3925 | 1 Google | 1 Chrome | 2020-05-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. | |||||
| CVE-2011-3926 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||