National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,398 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989

Published: May 29, 2020; 09:15:09 AM -04:00
(not available)
CVE-2020-4352

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.

Published: May 29, 2020; 09:15:09 AM -04:00
(not available)
CVE-2020-4306

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.

Published: May 29, 2020; 09:15:09 AM -04:00
(not available)
CVE-2020-5573

Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.

Published: May 29, 2020; 05:15:09 AM -04:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2020-5572

Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.

Published: May 29, 2020; 05:15:09 AM -04:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

Published: May 28, 2020; 08:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-13173

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.

Published: May 28, 2020; 06:15:10 PM -04:00
(not available)
CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.

Published: May 28, 2020; 05:15:11 PM -04:00
(not available)
CVE-2019-6342

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Published: May 28, 2020; 05:15:11 PM -04:00
(not available)
CVE-2020-5357

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Published: May 28, 2020; 04:15:12 PM -04:00
(not available)
CVE-2020-13660

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.

Published: May 28, 2020; 03:15:11 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2020-13245

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

Published: May 28, 2020; 03:15:10 PM -04:00
(not available)
CVE-2020-11079

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.

Published: May 28, 2020; 03:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-8330

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.

Published: May 28, 2020; 12:15:11 PM -04:00
(not available)
CVE-2020-8329

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.

Published: May 28, 2020; 12:15:11 PM -04:00
(not available)
CVE-2020-4248

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.

Published: May 28, 2020; 12:15:11 PM -04:00
V3.1: 2.7 LOW
    V2: 4.0 MEDIUM
CVE-2020-4419

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071.

Published: May 28, 2020; 11:15:12 AM -04:00
(not available)
CVE-2020-4249

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485.

Published: May 28, 2020; 11:15:12 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-4246

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481.

Published: May 28, 2020; 11:15:12 AM -04:00
V3.1: 7.1 HIGH
    V2: 5.5 MEDIUM
CVE-2020-4245

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.

Published: May 28, 2020; 11:15:12 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM