National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2019-19837 — Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
    Published: January 23, 2020; 08:15:12 AM -05:00

    V3.1: 5.3 MEDIUM
        V2: 7.8 HIGH

  • CVE-2011-3612 — Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
    Published: January 22, 2020; 01:15:11 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-16513 — An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
    Published: January 23, 2020; 01:15:13 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-7937 — An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
    Published: January 23, 2020; 04:15:13 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-7938 — plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
    Published: January 23, 2020; 04:15:13 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2020-7939 — SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
    Published: January 23, 2020; 04:15:13 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2020-7104 — The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
    Published: January 17, 2020; 06:15:13 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-7239 — The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.
    Published: January 21, 2020; 12:15:11 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-7940 — Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
    Published: January 23, 2020; 04:15:13 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-7941 — A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
    Published: January 23, 2020; 04:15:13 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-7244 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication c... read CVE-2020-7244
    Published: January 20, 2020; 05:15:11 PM -05:00

    V3.1: 7.2 HIGH
        V2: 9.0 HIGH

  • CVE-2020-7243 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved w... read CVE-2020-7243
    Published: January 20, 2020; 05:15:11 PM -05:00

    V3.1: 7.2 HIGH
        V2: 9.0 HIGH

  • CVE-2020-7242 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, auth... read CVE-2020-7242
    Published: January 20, 2020; 05:15:11 PM -05:00

    V3.1: 7.2 HIGH
        V2: 9.0 HIGH

  • CVE-2019-10958 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to... read CVE-2019-10958
    Published: January 17, 2020; 01:15:12 PM -05:00

    V3.1: 7.2 HIGH
        V2: 9.0 HIGH

  • CVE-2019-10957 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could lat... read CVE-2019-10957
    Published: January 17, 2020; 01:15:12 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-10956 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.
    Published: January 17, 2020; 01:15:12 PM -05:00

    V3.1: 7.2 HIGH
        V2: 9.0 HIGH

  • CVE-2020-1788 — Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could... read CVE-2020-1788
    Published: January 21, 2020; 06:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-7228 — The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
    Published: January 22, 2020; 10:15:11 AM -05:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-16512 — An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
    Published: January 23, 2020; 01:15:13 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-5398 — In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response... read CVE-2020-5398
    Published: January 16, 2020; 07:15:12 PM -05:00

    V3.1: 7.5 HIGH
        V2: 7.6 HIGH