National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,372 matching records.
Displaying matches 1321 through 1340.
Vuln ID Summary CVSS Severity
CVE-2014-4859

Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

Published: January 31, 2020; 11:15:10 AM -05:00
V3.1: 6.8 MEDIUM
    V2: 7.2 HIGH
CVE-2013-5116

Evernote prior to 5.5.1 has insecure password change

Published: January 31, 2020; 10:15:10 AM -05:00
V3.1: 7.1 HIGH
    V2: 6.6 MEDIUM
CVE-2013-5114

LastPass prior to 2.5.1 allows secure wipe bypass.

Published: January 31, 2020; 10:15:10 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 6.6 MEDIUM
CVE-2013-5113

LastPass prior to 2.5.1 has an insecure PIN implementation.

Published: January 31, 2020; 10:15:10 AM -05:00
V3.1: 6.8 MEDIUM
    V2: 1.9 LOW
CVE-2020-8440

controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.

Published: January 31, 2020; 09:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-19550

Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.

Published: January 31, 2020; 09:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-5112

Evernote before 5.5.1 has insecure PIN storage

Published: January 31, 2020; 09:15:11 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2013-3322

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

Published: January 31, 2020; 09:15:10 AM -05:00
V3.1: 7.2 HIGH
    V2: 9.0 HIGH
CVE-2020-7956

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

Published: January 31, 2020; 08:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Published: January 31, 2020; 08:15:10 AM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-7914

In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.

Published: January 31, 2020; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-7219

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Published: January 31, 2020; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-7218

HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.

Published: January 31, 2020; 08:15:10 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-5526

The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: January 30, 2020; 11:15:11 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-18913

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Published: January 30, 2020; 11:15:10 PM -05:00
V3.1: 6.8 MEDIUM
    V2: 7.2 HIGH
CVE-2020-5232

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.

Published: January 30, 2020; 07:15:09 PM -05:00
V3.1: 8.7 HIGH
    V2: 4.9 MEDIUM
CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).

Published: January 30, 2020; 06:15:10 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-10782

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.

Published: January 30, 2020; 06:15:10 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-8496

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.

Published: January 30, 2020; 05:15:10 PM -05:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2020-8495

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.

Published: January 30, 2020; 05:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 6.0 MEDIUM