Search Results (Refine Search)

Search Parameters:
There are 138,560 matching records.
Displaying matches 1,201 through 1,220.
Vuln ID Summary CVSS Severity
CVE-2020-14159

By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-13652

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-13651

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.

Published: June 15, 2020; 3:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14156

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-14149

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14148

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14147

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Published: June 15, 2020; 2:15:14 PM -0400
V3.1: 7.7 HIGH
V2.0: 4.0 MEDIUM
CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 4.8 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-14153

In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds array read for certain table pointers.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-14152

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-14034

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-14033

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-20838

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Published: June 15, 2020; 1:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2018-21246

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

Published: June 15, 2020; 1:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-21245

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

Published: June 15, 2020; 1:15:09 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-9076

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.

Published: June 15, 2020; 12:15:23 PM -0400
V3.1: 6.8 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-3961

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Published: June 15, 2020; 12:15:22 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM