National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,385 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-5402

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.

Published: February 27, 2020; 03:15:11 PM -05:00
(not available)
CVE-2020-5401

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

Published: February 27, 2020; 03:15:11 PM -05:00
(not available)
CVE-2020-5400

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

Published: February 27, 2020; 03:15:11 PM -05:00
(not available)
CVE-2020-7043

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

Published: February 27, 2020; 01:15:11 PM -05:00
(not available)
CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

Published: February 27, 2020; 01:15:11 PM -05:00
(not available)
CVE-2020-7041

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

Published: February 27, 2020; 01:15:11 PM -05:00
(not available)
CVE-2017-16900

Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.

Published: February 27, 2020; 01:15:11 PM -05:00
(not available)
CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

Published: February 27, 2020; 01:15:11 PM -05:00
(not available)
CVE-2020-6864

ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.

Published: February 27, 2020; 12:15:11 PM -05:00
(not available)
CVE-2020-6863

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.

Published: February 27, 2020; 12:15:11 PM -05:00
(not available)
CVE-2019-5326

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

Published: February 27, 2020; 12:15:11 PM -05:00
(not available)
CVE-2019-5323

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

Published: February 27, 2020; 12:15:11 PM -05:00
(not available)
CVE-2019-4669

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

Published: February 27, 2020; 11:15:10 AM -05:00
(not available)
CVE-2017-6371

Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.

Published: February 27, 2020; 12:15:11 AM -05:00
(not available)
CVE-2017-6363

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"

Published: February 27, 2020; 12:15:11 AM -05:00
V3.1: 8.1 HIGH
    V2: 5.8 MEDIUM
CVE-2020-3924

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

Published: February 26, 2020; 11:15:10 PM -05:00
(not available)
CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.

Published: February 26, 2020; 11:15:10 PM -05:00
(not available)
CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.

Published: February 26, 2020; 08:15:10 PM -05:00
(not available)
CVE-2019-18238

Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

Published: February 26, 2020; 05:15:11 PM -05:00
(not available)
CVE-2019-17275

OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.

Published: February 26, 2020; 01:15:11 PM -05:00
(not available)