National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,653 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2020-3200

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Published: June 03, 2020; 02:15:17 PM -04:00
(not available)
CVE-2020-3199

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: June 03, 2020; 02:15:17 PM -04:00
(not available)
CVE-2020-3198

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

Published: June 03, 2020; 02:15:16 PM -04:00
(not available)
CVE-2020-4035

In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don't validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won't synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it's not possible to nest an insert/update query inside a delete query in SQLite, and it's not possible to pass a semicolon-separated second query. There's also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It's theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fix

Published: June 03, 2020; 01:15:26 PM -04:00
(not available)
CVE-2020-3322

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-3321

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-3319

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13787

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13786

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13785

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13783

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.

Published: June 03, 2020; 01:15:25 PM -04:00
(not available)
CVE-2020-13782

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.

Published: June 03, 2020; 01:15:24 PM -04:00
(not available)
CVE-2020-13597

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.

Published: June 03, 2020; 01:15:24 PM -04:00
(not available)
CVE-2020-12846

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.

Published: June 03, 2020; 01:15:24 PM -04:00
(not available)
CVE-2019-20809

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.

Published: June 03, 2020; 01:15:24 PM -04:00
(not available)
CVE-2020-4307

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.

Published: June 03, 2020; 11:15:12 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2020-4190

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.

Published: June 03, 2020; 11:15:12 AM -04:00
V3.1: 6.7 MEDIUM
    V2: 4.6 MEDIUM
CVE-2020-4187

IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805.

Published: June 03, 2020; 11:15:12 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-4182

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738.

Published: June 03, 2020; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM