All CVEs — 2020 (Page 118/122)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2020-01-15

High

CVE-2020-1602

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sendin…

CVSS: 7.1 CWE: CWE-416

Medium

CVE-2020-1600

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a speci…

CVSS: 6.5 CWE: CWE-400

High

CVE-2020-7058

data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.

CVSS: 8.8 CWE: CWE-20

Medium

CVE-2020-5502

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.

CVSS: 4.3 CWE: CWE-352

2020-01-14

Medium

CVE-2020-0656

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamic…

CVSS: 5.4 CWE: CWE-79

High

CVE-2020-0652

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2020-0647

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

CVSS: 5.4 CWE: CWE-346

Critical

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

CVSS: 9.8 CWE: CWE-91

High

CVE-2020-0644

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2…

CVSS: 7.8 CWE: CWE-330

High

CVE-2020-0642

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-416

High

CVE-2020-0640

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

CVSS: 7.5 CWE: CWE-787

High

CVE-2020-0638

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim sys…

CVSS: 7.8 CWE: CWE-59

High

CVE-2020-0635

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is un…

CVSS: 7.8 CWE: CWE-269

High

CVE-2020-0634

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Priv…

CVSS: 7.8 CWE: CWE-416

Medium

CVE-2020-0621

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.

CVSS: 4.4 CWE: CWE-613

Medium

CVE-2020-0617

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial o…

CVSS: 6.0 CWE: CWE-20

Medium

CVE-2020-0616

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

CVSS: 5.5 CWE: CWE-59

Medium

CVE-2020-0615

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Infor…

CVSS: 5.5 CWE: CWE-125

High

CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary…

CVSS: 8.8 CWE: CWE-20

High

CVE-2020-0605

CVSS: 8.8 CWE: CWE-20

High

CVE-2020-0603

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary…

CVSS: 8.8 CWE: CWE-787

High

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code…

CVSS: 8.1 CWE: CWE-295

Medium

CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists…

CVSS: 5.3 CWE: CWE-307

Critical

CVE-2011-2715

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2011-2714

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

CVSS: 6.1 CWE: CWE-79

High

CVE-2020-7054

MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.

CVSS: 8.8 CWE: CWE-787

High

CVE-2020-7053

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i…

CVSS: 7.8 CWE: CWE-416

Medium

CVE-2018-1002104

Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.

CVSS: 5.3 CWE: CWE-215

High

CVE-2016-6592

A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause th…

CVSS: 7.8 CWE: CWE-427

Medium

CVE-2011-3202

A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2011-3183

A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.

CVSS: 6.1 CWE: CWE-79

High

CVE-2011-2934

A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.

CVSS: 8.8 CWE: CWE-352

High

CVE-2011-2933

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extension…

CVSS: 7.2 CWE: CWE-434

Medium

CVE-2011-2706

A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.

CVSS: 6.1 CWE: CWE-79

High

CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a p…

CVSS: 7.0 CWE: CWE-250

Critical

CVE-2011-3203

A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.

CVSS: 9.8 CWE: CWE-20

Medium

CVE-2020-6173

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

CVSS: 5.3 CWE: CWE-400

High

CVE-2020-5509

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

CVSS: 7.2 CWE: CWE-434

Critical

CVE-2020-5505

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

CVSS: 9.8 CWE: CWE-78

Low

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed passwo…

CVSS: 3.7 CWE: CWE-300

Medium

CVE-2019-13722

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-787

High

CVE-2019-13537

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

CVSS: 7.5 CWE: CWE-121

Medium

CVE-2020-6307

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensiti…

CVSS: 4.3 CWE: CWE-863

Low

CVE-2020-6306

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

CVSS: 2.7 CWE: CWE-862

Medium

CVE-2020-6305

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS: 6.1 CWE: CWE-79

High

CVE-2020-6304

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2020-6303

SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2020-5193

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

CVSS: 6.1 CWE: CWE-79

High

CVE-2015-3151

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) N…

CVSS: 7.8 CWE: CWE-22

High

CVE-2015-3150

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteEleme…

CVSS: 7.1 CWE: CWE-20

Medium

CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other uns…

CVSS: 6.5 CWE: CWE-59

High

CVE-2015-1869

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

CVSS: 7.8 CWE: CWE-59

Medium

CVE-2020-5853

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this c…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2019-12398

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain…

CVSS: 4.8 CWE: CWE-79

High

CVE-2019-10995

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

CVSS: 8.8 CWE: CWE-798

Medium

CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group cont…

CVSS: 5.5 CWE: CWE-125

High

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other uns…

CVSS: 7.8 CWE: CWE-125

Medium

CVE-2015-0558

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.

CVSS: 5.3 CWE: CWE-311

High

CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

CVSS: 7.8 CWE: CWE-74

High

CVE-2014-2271

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails,…

CVSS: 8.1 CWE: CWE-20

Critical

CVE-2015-8367

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

CVSS: 9.8 CWE: CWE-665

Critical

CVE-2015-8366

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

CVSS: 9.8 CWE: CWE-129

High

CVE-2014-5238

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified imp…

CVSS: 7.8 CWE: CWE-611

High

CVE-2014-4610

Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows re…

CVSS: 8.8 CWE: CWE-190

High

CVE-2014-4609

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

CVSS: 8.8 CWE: CWE-190

High

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to…

CVSS: 7.5 CWE: CWE-319

High

CVE-2013-7185

PotPlayer 1.5.40688: .avi File Memory Corruption

CVSS: 7.8 CWE: CWE-119

High

CVE-2013-2773

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

CVSS: 7.8 CWE: CWE-426

High

CVE-2020-5196

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…

CVSS: 8.1 CWE: CWE-276

Medium

CVE-2020-5194

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification o…

CVSS: 5.4 CWE: CWE-639

Medium

CVE-2014-9211

ClickDesk version 4.3 and below has persistent cross site scripting

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially…

CVSS: 9.1 CWE: CWE-611

2020-01-13

Medium

CVE-2020-6955

An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2020-6954

An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_f…

CVSS: 6.5 CWE: CWE-200

Medium

CVE-2019-20143

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

CVSS: 5.3 CWE: CWE-306

Medium

CVE-2020-5197

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2019-20146

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.

CVSS: 5.3 CWE: CWE-400

High

CVE-2012-4761

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileg…

CVSS: 7.8 CWE: CWE-269

High

CVE-2012-4760

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

CVSS: 7.8 CWE: CWE-269

Critical

CVE-2012-4750

A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial…

CVSS: 9.8 CWE: CWE-119

High

CVE-2020-6949

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure t…

CVSS: 8.8 CWE: CWE-269

Critical

CVE-2020-6948

A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, an…

CVSS: 9.8 CWE: CWE-78

High

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature in…

CVSS: 7.5 CWE: CWE-347

High

CVE-2019-19728

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

CVSS: 7.5 CWE: CWE-269

Medium

CVE-2019-19727

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

CVSS: 5.5 CWE: CWE-732

Medium

CVE-2012-4767

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend secur…

CVSS: 6.1 CWE: CWE-269

Medium

CVE-2020-5195

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address,…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

CVSS: 6.1 CWE: CWE-79

High

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/p…

CVSS: 7.5 CWE: CWE-79

Medium

CVE-2019-19891

An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept s…

CVSS: 5.9 CWE: CWE-327

Medium

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' prof…

CVSS: 5.3 CWE: CWE-639

High

CVE-2019-18894

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the proc…

CVSS: 7.8 CWE: CWE-78

Medium

CVE-2019-18893

XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-19547

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scrip…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2014-9382

Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation

CVSS: 6.5 CWE: CWE-352

Critical

CVE-2013-6225

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

CVSS: 9.8 CWE: CWE-22

Medium

CVE-2011-2670

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

CVSS: 6.1 CWE: CWE-79

High

CVE-2014-6039

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.

CVSS: 7.5 CWE: CWE-522

High

CVE-2014-6038

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.

CVSS: 7.5 CWE: CWE-200

Critical

CVE-2014-5381

Grand MA 300 allows a brute-force attack on the PIN.

CVSS: 9.8 CWE: CWE-522

High

CVE-2014-5380

Grand MA 300 allows retrieval of the access PIN from sniffed data.

CVSS: 7.5 CWE: CWE-319

High

CVE-2020-6860

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.

CVSS: 8.8 CWE: CWE-787

High

CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

CVSS: 7.5 CWE: CWE-787

Medium

CVE-2020-6848

Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.

CVSS: 6.1 CWE: CWE-79

2020-01-11

Medium

CVE-2020-6847

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2019-20377

TopList before 2019-09-03 allows XSS via a title.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

CVSS: 9.8 CWE: CWE-416

Critical

CVE-2020-6839

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2019-20379

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-20378

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concat…

CVSS: 9.8 CWE: CWE-94

2020-01-10

High

CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416

High

CVE-2019-19475

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission sec…

CVSS: 8.8 CWE: CWE-276

High

CVE-2019-13767

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416

Critical

CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.

CVSS: 9.8 CWE: CWE-193

High

CVE-2012-4603

Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a spec…

CVSS: 7.8 CWE: CWE-20