National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 6,354 matching records.
Displaying matches 6301 through 6320.
Vuln ID Summary CVSS Severity
CVE-2013-7054

D-Link DIR-100 4.03B07: cli.cgi XSS

Published: February 04, 2020; 09:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-7053

D-Link DIR-100 4.03B07: cli.cgi CSRF

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2013-7052

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2013-7051

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2013-1422

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2012-5686

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-5618

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2011-4912

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

Published: February 04, 2020; 09:15:11 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Published: February 04, 2020; 08:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2011-3629

Joomla! core 1.7.1 allows information disclosure due to weak encryption

Published: February 04, 2020; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-3939

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.

Published: February 04, 2020; 12:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-3938

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.

Published: February 04, 2020; 12:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-3937

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.

Published: February 04, 2020; 12:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-5236

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.

Published: February 03, 2020; 10:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 6.8 MEDIUM
CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.

Published: February 03, 2020; 10:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Published: February 03, 2020; 06:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-8592

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).

Published: February 03, 2020; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-8591

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.

Published: February 03, 2020; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-9502

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Published: February 03, 2020; 04:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 8.3 HIGH
CVE-2019-9501

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Published: February 03, 2020; 04:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 8.3 HIGH