Search Results (Refine Search)

Search Parameters:
There are 139,763 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.

Published: August 03, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-16272

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.

Published: August 03, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-16271

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.

Published: August 03, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-16131

Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.

Published: August 03, 2020; 1:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-14319

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.

Published: August 03, 2020; 1:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-13820

Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.

Published: August 03, 2020; 1:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-12739

A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.

Published: August 03, 2020; 1:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.

Published: August 03, 2020; 12:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9549

A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.

Published: August 03, 2020; 12:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-19455

Wowza Streaming Engine through 2019-11-28 has Insecure Permissions.

Published: August 03, 2020; 10:15:15 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-19453

Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2).

Published: August 03, 2020; 10:15:15 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-4560

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published: August 03, 2020; 9:15:12 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-4554

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4553

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4552

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4551

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4550

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4549

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-4534

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-4377

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.

Published: August 03, 2020; 9:15:11 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM