Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3388 | 1 Php | 1 Php | 2020-06-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2020-7512 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-19 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | |||||
| CVE-2020-0187 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 | |||||
| CVE-2019-20831 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. | |||||
| CVE-2011-0910 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 6.4 MEDIUM | N/A |
| The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks. | |||||
| CVE-2019-14054 | 1 Qualcomm | 32 Kamorta, Kamorta Firmware, Msm8998 and 29 more | 2020-06-03 | 7.2 HIGH | 7.8 HIGH |
| Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 | |||||
| CVE-2020-11075 | 1 Anchore | 1 Engine | 2020-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. | |||||
| CVE-2020-4020 | 1 Atlassian | 1 Companion | 2020-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | |||||
| CVE-2020-12647 | 1 Unisys | 1 Algol Compiler | 2020-06-01 | 7.2 HIGH | 8.8 HIGH |
| Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | |||||
| CVE-2020-4490 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-05-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 | |||||
| CVE-2015-5285 | 1 Kallithea-scm | 1 Kallithea | 2020-05-28 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | |||||
| CVE-2020-1118 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2020-05-27 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | |||||
| CVE-2005-0087 | 2 Alsa-project, Redhat | 2 Alsa-lib, Enterprise Linux | 2020-05-22 | 4.6 MEDIUM | N/A |
| The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | |||||
| CVE-2020-11710 | 1 Konghq | 1 Docker-kong | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.” | |||||
| CVE-2007-2894 | 1 Bochs Project | 1 Bochs | 2020-05-19 | 2.1 LOW | N/A |
| The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. | |||||
| CVE-2004-2372 | 1 Bochs Project | 1 Bochs | 2020-05-19 | 7.2 HIGH | N/A |
| Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability. | |||||
| CVE-2020-1994 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-18 | 4.9 MEDIUM | 4.4 MEDIUM |
| A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2003 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-15 | 8.5 HIGH | 6.5 MEDIUM |
| An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. | |||||
| CVE-2020-5898 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2020-05-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. | |||||
| CVE-2020-9840 | 1 Apple | 1 Nioextras | 2020-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. | |||||