Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2020-3163 —
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected softw... read CVE-2020-3163
Published: February 19, 2020; 03:15:15 PM -05:00
-
CVE-2020-4161 —
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.
Published: February 19, 2020; 11:15:11 AM -05:00
-
CVE-2020-4135 —
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
Published: February 19, 2020; 11:15:11 AM -05:00
-
CVE-2020-4204 —
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with r... read CVE-2020-4204
Published: February 19, 2020; 11:15:11 AM -05:00
-
CVE-2019-4457 —
IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.
Published: February 19, 2020; 11:15:11 AM -05:00
-
CVE-2020-6975 —
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.
Published: February 12, 2020; 06:15:11 PM -05:00
-
CVE-2020-3159 —
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The v... read CVE-2020-3159
Published: February 19, 2020; 03:15:15 PM -05:00
-
CVE-2019-10791 —
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
Published: February 18, 2020; 12:15:14 PM -05:00
-
CVE-2019-6194 —
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
Published: February 14, 2020; 12:15:13 PM -05:00
-
CVE-2019-4752 —
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view,... read CVE-2019-4752
Published: February 20, 2020; 12:15:13 PM -05:00
-
CVE-2019-19865 —
Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.
Published: February 21, 2020; 11:15:11 AM -05:00
-
CVE-2020-9272 —
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
Published: February 20, 2020; 11:15:11 AM -05:00
-
CVE-2015-0749 —
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parame... read CVE-2015-0749
Published: February 18, 2020; 10:15:10 PM -05:00
-
CVE-2020-5524 —
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privilege... read CVE-2020-5524
Published: February 21, 2020; 05:15:11 AM -05:00
-
CVE-2015-7507 —
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
Published: February 18, 2020; 02:15:12 PM -05:00
-
CVE-2020-6973 —
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.
Published: February 12, 2020; 07:15:11 PM -05:00
-
CVE-2019-4583 —
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
Published: February 20, 2020; 12:15:12 PM -05:00
-
CVE-2020-8960 —
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
Published: February 20, 2020; 06:15:20 PM -05:00
-
CVE-2020-9013 —
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
Published: February 16, 2020; 04:15:10 PM -05:00
-
CVE-2020-5525 —
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with... read CVE-2020-5525
Published: February 21, 2020; 05:15:11 AM -05:00