Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4117 | 1 Cpan | 1 Batch\ | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||||
| CVE-2014-8328 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | |||||
| CVE-2013-2631 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | |||||
| CVE-2020-6959 | 1 Honeywell | 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. | |||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | |||||
| CVE-2014-8141 | 2 Redhat, Unzip Project | 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus and 3 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2020-8493 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | |||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||||
| CVE-2018-11479 | 1 Windscribe | 1 Windscribe | 2020-02-05 | 7.2 HIGH | 7.8 HIGH |
| The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe. | |||||
| CVE-2013-2673 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | |||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ClickDesk version 4.3 and below has persistent cross site scripting | |||||
| CVE-2020-5215 | 1 Google | 1 Tensorflow | 2020-02-05 | 4.3 MEDIUM | 7.5 HIGH |
| In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0. | |||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | |||||
| CVE-2020-5228 | 1 Apereo | 1 Opencast | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows. | |||||
| CVE-2020-5229 | 1 Apereo | 1 Opencast | 2020-02-05 | 5.5 MEDIUM | 8.1 HIGH |
| Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint. | |||||
| CVE-2014-8139 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2013-2672 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | |||||
| CVE-2020-8505 | 1 Arox | 1 School Management Software Php\/mysql | 2020-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | |||||
| CVE-2014-8140 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2013-2674 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. | |||||
| CVE-2014-8322 | 1 Aircrack-ng | 1 Aircrack-ng | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | |||||
| CVE-2014-8321 | 1 Aircrack-ng | 1 Aircrack-ng | 2020-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | |||||
| CVE-2016-4676 | 1 Apple | 2 Mac Os X, Safari | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | |||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | |||||
| CVE-2020-8592 | 1 Eginnovations | 1 Eg Manager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | |||||
| CVE-2020-8504 | 1 Arox | 1 School Management Software Php\/mysql | 2020-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | |||||
| CVE-2011-4912 | 1 Joomla | 1 Joomla\! | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | |||||
| CVE-2020-3941 | 2 Microsoft, Vmware | 2 Windows, Tools | 2020-02-05 | 4.4 MEDIUM | 7.0 HIGH |
| The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. | |||||
| CVE-2020-8440 | 1 Simplejobscript | 1 Simplejobscript | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | |||||
| CVE-2017-3200 | 1 Graniteds | 1 Graniteds | 2020-02-05 | 6.8 MEDIUM | 8.1 HIGH |
| The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized. | |||||
| CVE-2013-5989 | 2020-02-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4969. Reason: This candidate is a duplicate of CVE-2011-4969. Notes: All CVE users should reference CVE-2011-4969 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-3893 | 2020-02-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| ABRT might allow attackers to obtain sensitive information from crash reports. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2020-5222 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2020-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||||
| CVE-2020-5206 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.4 MEDIUM | 10.0 CRITICAL |
| In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | |||||
| CVE-2020-5852 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2 | |||||
| CVE-2019-3864 | 1 Redhat | 1 Quay | 2020-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. | |||||
| CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | |||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | |||||
| CVE-2015-8851 | 1 Node-uuid Project | 1 Node-uuid | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | |||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | |||||
| CVE-2018-19441 | 1 Neatorobotics | 2 Botvac Connected, Botvac Connected Firmware | 2020-02-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot. | |||||
| CVE-2014-9481 | 1 Mediawiki | 1 Mediawiki | 2020-02-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | |||||
| CVE-2013-3322 | 1 Netapp | 1 Oncommand System Manager | 2020-02-05 | 9.0 HIGH | 7.2 HIGH |
| NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | |||||
