Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21094 | 1 Netgear | 22 Wac120, Wac120 Firmware, Wac505 and 19 more | 2020-05-04 | 7.5 HIGH | 7.3 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | |||||
| CVE-2019-19741 | 1 Ea | 1 Origin | 2020-05-04 | 7.2 HIGH | 7.8 HIGH |
| Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. | |||||
| CVE-2019-17549 | 1 Eset | 1 Cyber Security | 2020-05-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. | |||||
| CVE-2020-12468 | 1 Intelliants | 1 Subrion | 2020-05-01 | 6.8 MEDIUM | 7.8 HIGH |
| Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. | |||||
| CVE-2020-11690 | 1 Jetbrains | 1 Intellij Idea | 2020-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | |||||
| CVE-2020-11880 | 1 Kde | 1 Kmail | 2020-04-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. | |||||
| CVE-2020-12073 | 1 Cyberchimps | 1 Gutenberg \& Elementor Templates Importer For Responsive | 2020-04-28 | 6.5 MEDIUM | 8.8 HIGH |
| The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. | |||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | |||||
| CVE-2011-3049 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2020-04-16 | 5.0 MEDIUM | N/A |
| Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. | |||||
| CVE-2012-3016 | 1 Siemens | 6 Simatic S7-400 Cpu 412-2 Pn, Simatic S7-400 Cpu 414-3 Pn\/dp, Simatic S7-400 Cpu 414f-3 Pn\/dp and 3 more | 2020-04-13 | 7.8 HIGH | N/A |
| Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | |||||
| CVE-2019-3945 | 1 Parrot | 2 Anafi, Anafi Firmware | 2020-04-07 | 5.0 MEDIUM | 7.5 HIGH |
| Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length. | |||||
| CVE-2020-3887 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2020-04-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. | |||||
| CVE-2020-9784 | 1 Apple | 1 Safari | 2020-04-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. | |||||
| CVE-2020-7948 | 1 Auth0 | 1 Login By Auth0 | 2020-04-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference. | |||||
| CVE-2019-18782 | 1 Salesagility | 1 Suitecrm | 2020-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | |||||
| CVE-2005-4808 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2020-04-01 | 7.6 HIGH | N/A |
| Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. | |||||
| CVE-2020-6813 | 1 Mozilla | 1 Firefox | 2020-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. | |||||
| CVE-2020-6978 | 1 Honeywell | 1 Win-pak | 2020-03-27 | 6.4 MEDIUM | 7.2 HIGH |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | |||||
| CVE-2012-2280 | 2 Emc, Rsa | 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance | 2020-03-27 | 5.0 MEDIUM | N/A |
| EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." | |||||
| CVE-2007-2417 | 2 Progress, Rsa | 4 Openedge, Progress, Ace Server and 1 more | 2020-03-27 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. | |||||