Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10121 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | |||||
| CVE-2020-10119 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | |||||
| CVE-2019-20510 | 2020-03-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13456. Reason: This candidate is a duplicate of CVE-2019-13456. Notes: All CVE users should reference CVE-2019-13456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2019-13201 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. | |||||
| CVE-2019-13197 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13196 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13206 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13204 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device. | |||||
| CVE-2019-13202 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-13203 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-20493 | 1 Cpanel | 1 Cpanel | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | |||||
| CVE-2019-13200 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2020-5543 | 1 Mitsubishielectric | 2 Iu1-1m20-d, Iu1-1m20-d Firmware | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | |||||
| CVE-2020-10562 | 1 Devome | 1 Grr | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | |||||
| CVE-2020-5240 | 1 Labdigital | 1 Wagtail-2fa | 2020-03-18 | 5.5 MEDIUM | 8.5 HIGH |
| In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. | |||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | |||||
| CVE-2020-10242 | 1 Joomla | 1 Joomla\! | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | |||||
| CVE-2019-10763 | 1 Pimcore | 1 Pimcore | 2020-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection. | |||||
| CVE-2019-10867 | 1 Pimcore | 1 Pimcore | 2020-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. | |||||
| CVE-2019-12569 | 1 Rakuten | 1 Viber | 2020-03-18 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2019-18845 | 1 Patriotmemory | 2 Viper Rgb, Viper Rgb Firmware | 2020-03-18 | 3.6 LOW | 7.1 HIGH |
| The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | |||||
| CVE-2019-8903 | 1 Totaljs | 1 Total.js | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| index.js in Total.js Platform before 3.2.3 allows path traversal. | |||||
| CVE-2020-10111 | 1 Citrix | 1 Gateway Firmware | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization. | |||||
| CVE-2020-10112 | 1 Citrix | 1 Gateway Firmware | 2020-03-18 | 5.8 MEDIUM | 5.4 MEDIUM |
| ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. | |||||
| CVE-2020-10241 | 1 Joomla | 1 Joomla\! | 2020-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | |||||
| CVE-2020-10557 | 1 Atutor | 1 Acontent | 2020-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. | |||||
| CVE-2020-10243 | 1 Joomla | 1 Joomla\! | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | |||||
| CVE-2019-14512 | 1 Limesurvey | 1 Limesurvey | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | |||||
| CVE-2019-11355 | 1 Polycom | 1 Hdx System Software | 2020-03-18 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. | |||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | |||||
| CVE-2019-19210 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | |||||
| CVE-2019-19211 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | |||||
| CVE-2019-13199 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||||
| CVE-2018-10125 | 1 Contao | 1 Contao | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Contao before 4.5.7 has XSS in the system log. | |||||
| CVE-2020-6586 | 1 Nagios | 1 Nagios | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered. | |||||
| CVE-2019-13165 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | |||||
| CVE-2019-5157 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. | |||||
| CVE-2019-5156 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. | |||||
| CVE-2019-13167 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2019-13168 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | |||||
| CVE-2019-13169 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2019-13171 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. | |||||
| CVE-2012-3789 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. | |||||
| CVE-2012-4682 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. | |||||
| CVE-2012-4683 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. | |||||
| CVE-2012-4684 | 1 Bitcoin | 4 Bitcoin-qt, Bitcoin Core, Bitcoind and 1 more | 2020-03-18 | 7.8 HIGH | N/A |
| The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert. | |||||
| CVE-2013-2272 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 5.0 MEDIUM | N/A |
| The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. | |||||
| CVE-2013-2273 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 5.0 MEDIUM | N/A |
| bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction. | |||||
| CVE-2013-2292 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 7.8 HIGH | N/A |
| bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | |||||
| CVE-2013-2293 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 5.0 MEDIUM | N/A |
| The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain. | |||||