Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35677 | 1 Bigprof | 1 Online Invoicing System | 2021-07-21 | 3.5 LOW | 4.8 MEDIUM |
| BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection. | |||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | |||||
| CVE-2020-11719 | 1 Bilanc | 1 Bilanc | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key. | |||||
| CVE-2020-35584 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys. | |||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | |||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | |||||
| CVE-2020-27338 | 1 Treck | 1 Ipv6 | 2021-07-21 | 4.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access. | |||||
| CVE-2020-27337 | 1 Treck | 1 Ipv6 | 2021-07-21 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access. | |||||
| CVE-2020-27336 | 1 Treck | 1 Ipv6 | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access. | |||||
| CVE-2020-14270 | 1 Hcltech | 1 Domino | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. | |||||
| CVE-2020-35609 | 1 Microsoft | 1 Azure Sphere | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. | |||||
| CVE-2020-14231 | 1 Hcltechsw | 1 Hcl Client Application Access | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | |||||
| CVE-2020-24580 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2021-07-21 | 5.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | |||||
| CVE-2020-24578 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | |||||
| CVE-2020-25106 | 1 Supremocontrol | 1 Supremo | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. | |||||
| CVE-2020-28460 | 1 Multi-ini Project | 1 Multi-ini | 2021-07-21 | 7.5 HIGH | 5.6 MEDIUM |
| This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448. | |||||
| CVE-2020-28448 | 1 Multi-ini Project | 1 Multi-ini | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array. | |||||
| CVE-2020-35625 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment. | |||||
| CVE-2020-35623 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space. | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||
| CVE-2020-5808 | 1 Tenable | 1 Tenable.sc | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration. | |||||
| CVE-2020-4841 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045. | |||||
| CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2021-07-21 | 2.1 LOW | 6.5 MEDIUM |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2019-16959 | 1 Solarwinds | 1 Webhelpdesk | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | |||||
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | |||||
| CVE-2020-17520 | 1 Apache | 1 Pulsar Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. | |||||
| CVE-2020-27687 | 1 Thingsboard | 1 Thingsboard | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen. | |||||
| CVE-2020-20299 | 1 Weiphp | 1 Weiphp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | |||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2020-25494 | 1 Xinuos | 1 Openserver | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. | |||||
| CVE-2020-26177 | 1 Tangro | 1 Business Workflow | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side. | |||||
| CVE-2020-26175 | 1 Tangro | 1 Business Workflow | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users. | |||||
| CVE-2020-26173 | 1 Tangro | 1 Business Workflow | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required. | |||||
| CVE-2020-26171 | 1 Tangro | 1 Business Workflow | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them. | |||||
| CVE-2020-35480 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. | |||||
| CVE-2020-35477 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). | |||||
| CVE-2020-35475 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | |||||
| CVE-2020-11173 | 1 Qualcomm | 66 Agatti, Agatti Firmware, Apq8053 and 63 more | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-11172 | 1 Qualcomm | 12 Ipq4019, Ipq4019 Firmware, Ipq6018 and 9 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980 | |||||
| CVE-2020-11169 | 1 Qualcomm | 22 Apq8009, Apq8009 Firmware, Apq8053 and 19 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 | |||||
| CVE-2020-11157 | 1 Qualcomm | 34 Apq8053, Apq8053 Firmware, Apq8076 and 31 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632 | |||||
| CVE-2020-11156 | 1 Qualcomm | 16 Qca6390, Qca6390 Firmware, Qcn7605 and 13 more | 2021-07-21 | 4.8 MEDIUM | 8.1 HIGH |
| u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250 | |||||
| CVE-2020-11141 | 1 Qualcomm | 18 Apq8009, Apq8009 Firmware, Apq8053 and 15 more | 2021-07-21 | 4.8 MEDIUM | 8.1 HIGH |
| u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250 | |||||
| CVE-2020-7373 | 1 Vbulletin | 1 Vbulletin | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. | |||||
| CVE-2020-27998 | 1 Fast-report | 1 Fastreport | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. | |||||
| CVE-2020-27747 | 1 Clickstudios | 1 Passwordstate | 2021-07-21 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | |||||
| CVE-2020-4724 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2020-4723 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873. | |||||
| CVE-2020-4722 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870. | |||||
| CVE-2020-4721 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868. | |||||