Search Results (Refine Search)

Search Parameters:
There are 139,799 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2020-15060

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.

Published: August 07, 2020; 6:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15059

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Published: August 07, 2020; 6:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15058

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

Published: August 07, 2020; 6:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15057

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.

Published: August 07, 2020; 6:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15056

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.

Published: August 07, 2020; 6:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15055

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Published: August 07, 2020; 6:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15054

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

Published: August 07, 2020; 6:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2019-7005

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

Published: August 07, 2020; 6:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-5412

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

Published: August 07, 2020; 5:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15480

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

Published: August 07, 2020; 5:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15479

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

Published: August 07, 2020; 5:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-17352

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Published: August 07, 2020; 4:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-16169

Temi Robox OS 117.21 through 119.24 allows Authentication Bypass via an Alternate Path or Channel.

Published: August 07, 2020; 4:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-16167

Temi Launcher OS 11969 through 13146 has Missing Authentication for a Critical Function.

Published: August 07, 2020; 4:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15907

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.

Published: August 07, 2020; 4:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.

Published: August 07, 2020; 4:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15138

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

Published: August 07, 2020; 1:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Published: August 07, 2020; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7810

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

Published: August 07, 2020; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Published: August 07, 2020; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)