Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7982 | 1 Libimobiledevice | 1 Libplist | 2020-04-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. | |||||
| CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
| CVE-2020-6753 | 1 Auth0 | 1 Login By Auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | |||||
| CVE-2018-0612 | 1 5000 Trillion Yen Converter Project | 1 5000 Trillion Yen Converter | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5274 | 1 Sensiolabs | 1 Symfony | 2020-04-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 | |||||
| CVE-2020-11105 | 1 Usc | 1 Cereal | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. | |||||
| CVE-2020-5284 | 1 Zeit | 1 Next.js | 2020-04-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. | |||||
| CVE-2020-7610 | 1 Mongodb | 1 Bson | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type. | |||||
| CVE-2020-5289 | 1 Elide | 1 Elide | 2020-04-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater. | |||||
| CVE-2019-7240 | 1 Moo0 | 1 System Monitor | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-18782 | 1 Salesagility | 1 Suitecrm | 2020-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | |||||
| CVE-2020-6008 | 1 Lifterlms | 1 Lifterlms | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | |||||
| CVE-2019-14881 | 1 Moodle | 1 Moodle | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
| CVE-2015-7336 | 1 Lenovo | 1 System Update | 2020-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | |||||
| CVE-2020-7944 | 1 Puppet | 1 Continuous Delivery | 2020-04-01 | 4.0 MEDIUM | 7.7 HIGH |
| In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | |||||
| CVE-2020-9055 | 1 Versiant | 1 Lynx Customer Service Portal | 2020-04-01 | 3.5 LOW | 5.4 MEDIUM |
| Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure. | |||||
| CVE-2015-5684 | 1 Lenovo | 54 B50-10, B50-10 Firmware, Edge 15 and 51 more | 2020-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. | |||||
| CVE-2020-10245 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2020-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. | |||||
| CVE-2020-10956 | 1 Gitlab | 1 Gitlab | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | |||||
| CVE-2020-11106 | 1 Tecrail | 1 Responsive Filemanager | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized. | |||||
| CVE-2019-7244 | 1 Aida64 | 1 Aida64 | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-7245 | 1 Techpowerup | 1 Gpu-z | 2020-04-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2020-04-01 | 3.5 LOW | 5.4 MEDIUM |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | |||||
| CVE-2020-5861 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. | |||||
| CVE-2020-5392 | 1 Auth0 | 1 Wp-auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2020-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2020-5391 | 1 Auth0 | 1 Wp-auth0 | 2020-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2020-04-01 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2020-5723 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2020-04-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. | |||||
| CVE-2019-8741 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2020-04-01 | 7.8 HIGH | 7.5 HIGH |
| A denial of service issue was addressed with improved input validation. | |||||
| CVE-2012-3954 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-04-01 | 3.3 LOW | N/A |
| Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. | |||||
| CVE-2015-8605 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2020-04-01 | 5.7 MEDIUM | 6.5 MEDIUM |
| ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | |||||
| CVE-2012-3571 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-04-01 | 6.1 MEDIUM | N/A |
| ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. | |||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2020-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2020-10696 | 2 Buildah Project, Redhat | 3 Buildah, Enterprise Linux, Openshift Container Platform | 2020-04-01 | 9.3 HIGH | 8.8 HIGH |
| A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | |||||
| CVE-2019-19605 | 1 X-plane | 1 X-plane | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution. | |||||
| CVE-2019-19606 | 1 X-plane | 1 X-plane | 2020-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system. | |||||
| CVE-2011-4539 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-04-01 | 5.0 MEDIUM | N/A |
| dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. | |||||
| CVE-2011-2749 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-04-01 | 7.8 HIGH | N/A |
| The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. | |||||
| CVE-2011-0997 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-04-01 | 7.5 HIGH | N/A |
| dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | |||||
| CVE-2011-0413 | 1 Isc | 1 Dhcp | 2020-04-01 | 7.8 HIGH | N/A |
| The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. | |||||
| CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2020-04-01 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | |||||
| CVE-2005-4808 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2020-04-01 | 7.6 HIGH | N/A |
| Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | |||||
| CVE-2020-10817 | 1 Custom Searchable Data Entry System Project | 1 Custom Searchable Data Entry System | 2020-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. | |||||
| CVE-2020-10886 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. | |||||
| CVE-2020-10888 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. | |||||
| CVE-2017-1000232 | 1 Nlnetlabs | 1 Ldns | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | |||||
| CVE-2020-4208 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. | |||||
| CVE-2020-8923 | 1 Dart | 1 Dart Software Development Kit | 2020-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. | |||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2020-03-31 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||