Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10496 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. | |||||
| CVE-2020-10497 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. | |||||
| CVE-2020-10498 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. | |||||
| CVE-2020-10499 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request. | |||||
| CVE-2020-10500 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. | |||||
| CVE-2020-10501 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. | |||||
| CVE-2020-10502 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. | |||||
| CVE-2020-10503 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. | |||||
| CVE-2020-10504 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. | |||||
| CVE-2019-20542 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019). | |||||
| CVE-2019-15664 | 1 Killernetworking | 1 Killer Control Center | 2020-03-26 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2). | |||||
| CVE-2019-15665 | 1 Killernetworking | 1 Killer Control Center | 2020-03-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges. | |||||
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2020-03-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | |||||
| CVE-2019-15662 | 1 Killernetworking | 1 Killer Control Center | 2020-03-26 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges. | |||||
| CVE-2019-15661 | 1 Killernetworking | 1 Killer Control Center | 2020-03-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges. | |||||
| CVE-2019-20594 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019). | |||||
| CVE-2020-10457 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.0 MEDIUM | 2.7 LOW |
| Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). | |||||
| CVE-2020-10458 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 5.5 MEDIUM | 6.5 MEDIUM |
| Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. | |||||
| CVE-2020-10459 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.0 MEDIUM | 2.7 LOW |
| Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. | |||||
| CVE-2020-10461 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt. | |||||
| CVE-2020-10462 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10463 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10464 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10465 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10466 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10467 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10468 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10469 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10470 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-6982 | 1 Honeywell | 1 Win-pak | 2020-03-26 | 5.8 MEDIUM | 8.8 HIGH |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2019-20533 | 1 Google | 1 Android | 2020-03-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019). | |||||
| CVE-2019-20538 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) software. There is a heap overflow in the knox_kap driver. The Samsung ID is SVE-2019-14857 (November 2019). | |||||
| CVE-2020-10851 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020). | |||||
| CVE-2019-20600 | 2 Google, Samsung | 2 Android, Exynos 8890 | 2020-03-26 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). | |||||
| CVE-2019-20602 | 1 Google | 1 Android | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019). | |||||
| CVE-2019-20603 | 1 Google | 1 Android | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019). | |||||
| CVE-2019-17276 | 1 Netapp | 1 Oncommand System Manager | 2020-03-26 | 3.5 LOW | 5.4 MEDIUM |
| OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | |||||
| CVE-2019-18242 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. | |||||
| CVE-2020-6981 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | |||||
| CVE-2020-8859 | 1 Psi | 1 Electronic Logbook | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115. | |||||
| CVE-2019-20545 | 1 Google | 1 Android | 2020-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019). | |||||
| CVE-2020-10831 | 1 Google | 1 Android | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). | |||||
| CVE-2020-10842 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020). | |||||
| CVE-2020-6979 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | |||||
| CVE-2019-20544 | 1 Google | 1 Android | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019). | |||||
| CVE-2020-6991 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | |||||
| CVE-2020-6997 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | |||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2020-03-26 | 7.5 HIGH | N/A |
| AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | |||||
| CVE-2008-1538 | 1 Manageengine | 1 Eventlog Analyzer | 2020-03-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000. | |||||
| CVE-2014-6043 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2020-03-26 | 6.5 MEDIUM | N/A |
| ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000. | |||||