Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6410 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. | |||||
| CVE-2020-6411 | 1 Google | 1 Chrome | 2020-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-18671 | 1 Keepkey | 2 Keepkey, Keepkey Firmware | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB. | |||||
| CVE-2015-1394 | 1 10web | 1 Photo Gallery | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2207 | 1 Netcracker | 1 Resource Management System | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | |||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2020-02-11 | 2.7 LOW | 5.7 MEDIUM |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | |||||
| CVE-2019-13322 | 1 Mi | 1 Mi Browser | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483. | |||||
| CVE-2020-8822 | 1 Digi | 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more | 2020-02-11 | 3.5 LOW | 4.8 MEDIUM |
| Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | |||||
| CVE-2012-2204 | 1 Ibm | 1 Infosphere Guardium | 2020-02-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| InfoSphere Guardium aix_ktap module: DoS | |||||
| CVE-2019-17268 | 1 Omniauth-weibo-oauth2 Project | 1 Omniauth-weibo-oauth2 | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. | |||||
| CVE-2012-2216 | 2020-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2020-8772 | 1 Revmakx | 1 Infinitewp Client | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. | |||||
| CVE-2020-8788 | 1 Synaptivemedical | 1 Clearcanvas | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | |||||
| CVE-2013-3591 | 1 Vtiger | 1 Vtiger Crm | 2020-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | |||||
| CVE-2013-5113 | 1 Logmein | 1 Lastpass | 2020-02-11 | 1.9 LOW | 6.8 MEDIUM |
| LastPass prior to 2.5.1 has an insecure PIN implementation. | |||||
| CVE-2020-6760 | 1 Schmid-telecom | 2 Zi 620 V400, Zi 620 V400 Firmware | 2020-02-11 | 10.0 HIGH | 9.8 CRITICAL |
| Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | |||||
| CVE-2020-5318 | 1 Dell | 1 Emc Isilon Onefs | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2020-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2013-6499 | 2020-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-1202 | 1 Cisco | 1 Ace Application Control Engine Module A2 | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco ACE A2(3.6) allows log retention DoS. | |||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | |||||
| CVE-2012-6297 | 1 Dd-wrt | 1 Dd-wrt | 2020-02-11 | 9.3 HIGH | 8.8 HIGH |
| Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2013-4335 | 1 Openpne | 1 Opopensocialplugin | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | |||||
| CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2012-6340 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-11 | 2.1 LOW | 4.6 MEDIUM |
| An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | |||||
| CVE-2014-7969 | 2020-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8739. Reason: This candidate is a duplicate of CVE-2014-8739. Notes: All CVE users should reference CVE-2014-8739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-2287 | 2020-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A typo caused the wrong ID to be used. Notes: none. | |||||
| CVE-2014-10399 | 1 Keplerproject | 1 Cgilua | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | |||||
| CVE-2012-6666 | 1 Vbseo | 1 Vbseo | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. | |||||
| CVE-2019-19670 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2014-10400 | 1 Keplerproject | 1 Cgilua | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | |||||
| CVE-2019-15611 | 1 Nextcloud | 1 Nextcloud | 2020-02-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. | |||||
| CVE-2013-1353 | 1 Orangehrm | 1 Orangehrm | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Orange HRM 2.7.1 allows XSS via the vacancy name. | |||||
| CVE-2019-19661 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||||
| CVE-2019-19667 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | |||||
| CVE-2019-19666 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. | |||||
| CVE-2020-1768 | 1 Otrs | 1 Otrs | 2020-02-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions. | |||||
| CVE-2019-19669 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | |||||
| CVE-2014-5288 | 1 Kemptechnologies | 1 Load Master | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. | |||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | |||||
| CVE-2013-4334 | 1 Tejimaya | 1 Opwebapiplugin | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | |||||
| CVE-2019-19668 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | |||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 5.5 MEDIUM | 8.1 HIGH |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | |||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | |||||
| CVE-2020-8771 | 1 Wptimecapsule | 1 Wp Time Capsule | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | |||||
| CVE-2014-8271 | 1 Tianocore | 1 Edk2 | 2020-02-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | |||||
| CVE-2019-19659 | 1 Maxum | 1 Rumpus | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html. | |||||
| CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
| CVE-2019-19660 | 1 Maxum | 1 Rumpus | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html. | |||||
