Search Results (Refine Search)

Search Parameters:
There are 138,631 matching records.
Displaying matches 1,261 through 1,280.
Vuln ID Summary CVSS Severity
CVE-2020-5358

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Published: June 15, 2020; 5:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.

Published: June 15, 2020; 5:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-5755

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-5754

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-5742

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-12019

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-12005

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-12003

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-12001

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-11999

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-11969

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2020-14159

By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-13652

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-13651

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.

Published: June 15, 2020; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.

Published: June 15, 2020; 3:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14156

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-14149

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14148

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

Published: June 15, 2020; 2:15:15 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14147

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Published: June 15, 2020; 2:15:14 PM -0400
V3.1: 7.7 HIGH
V2.0: 4.0 MEDIUM
CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Published: June 15, 2020; 1:15:10 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM