Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-1788 |
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. Published: January 21, 2020; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20388 |
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. Published: January 21, 2020; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-20387 |
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. Published: January 21, 2020; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-19414 |
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. Published: January 21, 2020; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-19413 |
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. Published: January 21, 2020; 6:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2020-7594 |
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. Published: January 21, 2020; 5:15:16 PM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2019-19886 |
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. Published: January 21, 2020; 5:15:15 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-7040 |
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) Published: January 21, 2020; 4:15:16 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2019-18426 |
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Published: January 21, 2020; 4:15:16 PM -0500 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-6638 |
Grin through 2.1.1 has Insufficient Validation. Published: January 21, 2020; 3:15:14 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-17584 |
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. Published: January 21, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 8.5 HIGH |
CVE-2020-6849 |
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. Published: January 21, 2020; 2:15:14 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-1840 |
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) Published: January 21, 2020; 2:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0: 3.6 LOW |
CVE-2019-19592 |
Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting Published: January 21, 2020; 2:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19411 |
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. Published: January 21, 2020; 2:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2019-17357 |
Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. Published: January 21, 2020; 2:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-11018 |
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Published: January 21, 2020; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-2680 |
The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. Published: January 21, 2020; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-5202 |
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can. Published: January 21, 2020; 1:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-19344 |
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. Published: January 21, 2020; 1:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |