-
2020-04-02 22:15:14
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.National Vulnerability Database
-
2020-04-02 22:15:14
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.National Vulnerability Database
-
2020-04-02 22:15:14
install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function.National Vulnerability Database
-
2020-04-02 22:15:13
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.National Vulnerability Database
-
2020-04-02 22:15:13
op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.National Vulnerability Database
-
2020-04-02 22:15:13
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.National Vulnerability Database
-
2020-04-02 22:15:13
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.National Vulnerability Database
-
2020-04-02 21:15:13
There is a buffer overflow vulnerability in some Huawei products. National Vulnerability Database
-
2020-04-02 20:15:15
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. National Vulnerability Database
-
2020-04-02 20:15:15
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . National Vulnerability Database
-
2020-04-02 20:15:15
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.National Vulnerability Database
-
2020-04-02 20:15:15
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.National Vulnerability Database
-
2020-04-02 20:15:15
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.National Vulnerability Database
-
2020-04-02 20:15:15
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.National Vulnerability Database
-
2020-04-02 20:15:14
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.National Vulnerability Database
-
2020-04-02 20:15:14
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.National Vulnerability Database
-
2020-04-02 20:15:14
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.National Vulnerability Database
-
2020-04-02 20:15:14
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.National Vulnerability Database
-
2020-04-02 20:15:14
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.National Vulnerability Database
-
2020-04-02 20:15:14
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.National Vulnerability Database
-
2020-04-02 20:15:14
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. National Vulnerability Database
-
2020-04-02 20:15:13
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, National Vulnerability Database
-
2020-04-02 20:15:13
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.National Vulnerability Database
-
2020-04-02 17:15:13
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. National Vulnerability Database
-
2020-04-02 16:15:14
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, National Vulnerability Database
-
2020-04-02 16:15:14
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, National Vulnerability Database
-
2020-04-02 16:15:14
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.National Vulnerability Database
-
2020-04-02 15:15:18
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.National Vulnerability Database
-
2020-04-02 15:15:17
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. National Vulnerability Database
-
2020-04-02 15:15:17
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)National Vulnerability Database
-
2020-04-02 15:15:17
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.National Vulnerability Database
-
2020-04-02 15:15:17
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. National Vulnerability Database
-
2020-04-02 15:15:17
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, National Vulnerability Database
-
2020-04-02 15:15:17
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. National Vulnerability Database
-
2020-04-02 15:15:17
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, National Vulnerability Database
-
2020-04-02 15:15:17
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. National Vulnerability Database
-
2020-04-02 14:15:15
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.National Vulnerability Database
-
2020-04-02 14:15:14
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.National Vulnerability Database
-
2020-04-02 12:15:15
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, National Vulnerability Database
-
2020-04-02 00:15:13
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.National Vulnerability Database
-
2020-04-01 23:15:13
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, National Vulnerability Database
-
2020-04-01 23:15:13
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. National Vulnerability Database
-
2020-04-01 23:15:13
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� National Vulnerability Database
-
2020-04-01 22:15:18
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.National Vulnerability Database
-
2020-04-01 22:15:17
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.National Vulnerability Database
-
2020-04-01 22:15:17
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, National Vulnerability Database
-
2020-04-01 22:15:17
When LDAP authentication is enabled in Apache Druid 0.17.0, National Vulnerability Database
-
2020-04-01 22:15:15
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, National Vulnerability Database
-
2020-04-01 22:15:15
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, National Vulnerability Database
-
2020-04-01 21:15:15
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. National Vulnerability Database
-
2020-04-01 21:15:14
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, National Vulnerability Database
-
2020-04-01 21:15:14
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. National Vulnerability Database
-
2020-04-01 21:15:14
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, National Vulnerability Database
-
2020-04-01 21:15:14
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory’ National Vulnerability Database
-
2020-04-01 21:15:14
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. National Vulnerability Database
-
2020-04-01 21:15:14
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, National Vulnerability Database
-
2020-04-01 21:15:13
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, National Vulnerability Database
-
2020-04-01 21:15:13
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. National Vulnerability Database
-
2020-04-01 21:15:13
The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.National Vulnerability Database
-
2020-04-01 21:15:13
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, National Vulnerability Database
-
2020-04-01 20:15:15
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, National Vulnerability Database
-
2020-04-01 20:15:15
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.National Vulnerability Database
-
2020-04-01 19:15:14
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).National Vulnerability Database
-
2020-04-01 19:15:14
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.National Vulnerability Database
-
2020-04-01 19:15:14
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.National Vulnerability Database
-
2020-04-01 19:15:14
Sonatype Nexus Repository before 3.21.2 allows XSS.National Vulnerability Database
-
2020-04-01 19:15:14
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.National Vulnerability Database
-
2020-04-01 19:15:14
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.National Vulnerability Database
-
2020-04-01 19:15:14
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.National Vulnerability Database
-
2020-04-01 19:15:14
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.National Vulnerability Database
-
2020-04-01 19:15:14
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.National Vulnerability Database
-
2020-04-01 18:15:18
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:18
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. National Vulnerability Database
-
2020-04-01 18:15:18
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.National Vulnerability Database
-
2020-04-01 18:15:18
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.National Vulnerability Database
-
2020-04-01 18:15:17
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.National Vulnerability Database
-
2020-04-01 18:15:17
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.National Vulnerability Database
-
2020-04-01 18:15:17
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.National Vulnerability Database
-
2020-04-01 18:15:17
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:17
The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.National Vulnerability Database
-
2020-04-01 18:15:17
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. National Vulnerability Database
-
2020-04-01 18:15:17
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. National Vulnerability Database
-
2020-04-01 18:15:17
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.National Vulnerability Database
-
2020-04-01 18:15:17
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.National Vulnerability Database
-
2020-04-01 18:15:17
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:17
Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.National Vulnerability Database
-
2020-04-01 18:15:17
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.National Vulnerability Database
-
2020-04-01 18:15:17
The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. National Vulnerability Database
-
2020-04-01 18:15:17
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:17
An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.National Vulnerability Database
-
2020-04-01 18:15:17
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.National Vulnerability Database
-
2020-04-01 18:15:17
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.National Vulnerability Database
-
2020-04-01 18:15:17
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.National Vulnerability Database
-
2020-04-01 18:15:16
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.National Vulnerability Database
-
2020-04-01 18:15:16
The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.National Vulnerability Database
-
2020-04-01 18:15:16
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.National Vulnerability Database
-
2020-04-01 18:15:16
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement.National Vulnerability Database
-
2020-04-01 18:15:16
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges.National Vulnerability Database
-
2020-04-01 18:15:16
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.National Vulnerability Database
-
2020-04-01 18:15:16
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:16
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:15
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, National Vulnerability Database
-
2020-04-01 18:15:15
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. National Vulnerability Database
-
2020-04-01 18:15:15
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.National Vulnerability Database
-
2020-04-01 18:15:15
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.National Vulnerability Database
-
2020-04-01 18:15:15
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.National Vulnerability Database
-
2020-04-01 18:15:15
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.National Vulnerability Database
-
2020-04-01 18:15:14
An issue was discovered in Avast Antivirus before 20. National Vulnerability Database
-
2020-04-01 18:15:14
An issue was discovered in Avast Antivirus before 20. National Vulnerability Database
-
2020-04-01 17:15:16
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.National Vulnerability Database
-
2020-04-01 17:15:15
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.National Vulnerability Database
-
2020-04-01 17:15:15
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, National Vulnerability Database
-
2020-04-01 17:15:15
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.National Vulnerability Database
-
2020-04-01 17:15:15
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).National Vulnerability Database
-
2020-04-01 17:15:14
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.National Vulnerability Database
-
2020-04-01 16:15:27
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).National Vulnerability Database
-
2020-04-01 16:15:27
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.National Vulnerability Database
-
2020-04-01 16:15:27
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.National Vulnerability Database
-
2020-04-01 15:15:35
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.National Vulnerability Database
-
2020-04-01 13:15:15
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.National Vulnerability Database
-
2020-04-01 13:15:15
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.National Vulnerability Database
-
2020-04-01 13:15:15
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.National Vulnerability Database
-
2020-04-01 13:15:15
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, National Vulnerability Database
-
2020-04-01 13:15:15
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.National Vulnerability Database
-
2020-04-01 12:15:15
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, National Vulnerability Database
-
2020-04-01 04:15:14
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. National Vulnerability Database
-
2020-04-01 04:15:13
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, National Vulnerability Database
-
2020-04-01 04:15:13
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. National Vulnerability Database
-
2020-03-31 22:15:14
A path traversal flaw was found in Buildah in versions before 1.14.5. National Vulnerability Database
-
2020-03-31 22:15:14
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. National Vulnerability Database
-
2020-03-31 19:15:14
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, National Vulnerability Database
-
2020-03-31 19:15:14
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. National Vulnerability Database
-
2020-03-31 18:15:26
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.National Vulnerability Database
-
2020-03-31 18:15:26
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. National Vulnerability Database
-
2020-03-31 17:15:26
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. National Vulnerability Database
-
2020-03-31 17:15:26
** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: National Vulnerability Database
-
2020-03-31 17:15:25
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. National Vulnerability Database
-
2020-03-31 16:15:13
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. National Vulnerability Database
-
2020-03-31 15:15:22
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code executionNational Vulnerability Database
-
2020-03-31 15:15:21
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, National Vulnerability Database
-
2020-03-31 15:15:21
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, National Vulnerability Database
-
2020-03-31 15:15:20
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. National Vulnerability Database
-
2020-03-31 15:15:20
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. National Vulnerability Database
-
2020-03-31 15:15:20
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: National Vulnerability Database
-
2020-03-31 15:15:19
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: National Vulnerability Database
-
2020-03-31 15:15:19
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.National Vulnerability Database
-
2020-03-31 15:15:18
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. National Vulnerability Database
-
2020-03-31 15:15:17
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.National Vulnerability Database
-
2020-03-31 15:15:17
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, National Vulnerability Database
-
2020-03-31 15:15:16
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.National Vulnerability Database
-
2020-03-31 14:15:14
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.National Vulnerability Database
-
2020-03-31 13:15:13
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. National Vulnerability Database
-
2020-03-31 13:15:13
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. National Vulnerability Database
-
2020-03-31 05:15:13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).National Vulnerability Database
-
2020-03-31 05:15:13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).National Vulnerability Database
-
2020-03-31 05:15:13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).National Vulnerability Database
-
2020-03-30 22:15:15
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, National Vulnerability Database
-
2020-03-30 22:15:15
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.National Vulnerability Database
-
2020-03-30 22:15:15
An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. National Vulnerability Database
-
2020-03-30 22:15:15
Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. National Vulnerability Database
-
2020-03-30 22:15:15
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.National Vulnerability Database
-
2020-03-30 22:15:15
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. National Vulnerability Database
-
2020-03-30 22:15:15
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. National Vulnerability Database
-
2020-03-30 22:15:15
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, National Vulnerability Database
-
2020-03-30 22:15:14
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. National Vulnerability Database
-
2020-03-30 22:15:14
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. National Vulnerability Database
-
2020-03-30 22:15:14
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, National Vulnerability Database
-
2020-03-30 22:15:13
X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.National Vulnerability Database
-
2020-03-30 22:15:13
X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. National Vulnerability Database
-
2020-03-30 22:15:13
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.National Vulnerability Database
-
2020-03-30 22:15:13
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.National Vulnerability Database
-
2020-03-30 21:15:12
An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. National Vulnerability Database
-
2020-03-30 20:15:20
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. National Vulnerability Database
-
2020-03-30 20:15:20
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.National Vulnerability Database
-
2020-03-30 20:15:20
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, National Vulnerability Database
-
2020-03-30 20:15:19
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.National Vulnerability Database
-
2020-03-30 20:15:19
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, National Vulnerability Database
-
2020-03-30 20:15:19
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, National Vulnerability Database
-
2020-03-30 20:15:19
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. National Vulnerability Database
-
2020-03-30 20:15:13
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.National Vulnerability Database
-
2020-03-30 20:15:13
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.National Vulnerability Database
-
2020-03-30 19:15:17
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, National Vulnerability Database
-
2020-03-30 19:15:17
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, National Vulnerability Database
-
2020-03-30 19:15:15
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, National Vulnerability Database
-
2020-03-30 19:15:15
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" National Vulnerability Database
-
2020-03-30 18:15:12
Zoho ManageEngine Desktop Central allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.National Vulnerability Database
-
2020-03-30 17:15:14
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.National Vulnerability Database
-
2020-03-30 13:15:12
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. National Vulnerability Database
-
2020-03-30 05:15:27
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, National Vulnerability Database
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-08 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
-
2020-03-07 00:00:00
Sophos latest virus and spyware detection
