National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 6,319 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-10940

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

Published: March 27, 2020; 05:15:11 PM -04:00
(not available)
CVE-2020-6095

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Published: March 27, 2020; 04:15:11 PM -04:00
(not available)
CVE-2020-10939

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

Published: March 27, 2020; 04:15:11 PM -04:00
(not available)
CVE-2020-10956

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-10955

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-10954

GitLab through 12.9 is affected by a potential DoS in repository archive download.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-10953

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-10817

The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

Published: March 27, 2020; 03:15:11 PM -04:00
(not available)
CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-8551

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5862

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5861

On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5860

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5859

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5858

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-5857

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

Published: March 27, 2020; 11:15:12 AM -04:00
(not available)
CVE-2015-8536

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.

Published: March 27, 2020; 11:15:11 AM -04:00
(not available)
CVE-2015-8535

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

Published: March 27, 2020; 11:15:11 AM -04:00
(not available)