National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,085 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2020-7209

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

Published: February 12, 2020; 07:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.

Published: February 12, 2020; 07:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.

Published: February 12, 2020; 07:15:11 PM -05:00
(not available)
CVE-2020-5241

matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.

Published: February 12, 2020; 07:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-5322

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Published: February 12, 2020; 07:15:11 PM -05:00
(not available)
CVE-2019-18915

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

Published: February 12, 2020; 07:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

Published: February 12, 2020; 07:15:10 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.

Published: February 12, 2020; 06:15:11 PM -05:00
(not available)
CVE-2020-1977

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Published: February 12, 2020; 06:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-1976

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

Published: February 12, 2020; 06:15:11 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2020-1975

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.

Published: February 12, 2020; 06:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-8955

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).

Published: February 12, 2020; 05:15:13 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-6022

A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.

Published: February 12, 2020; 05:15:12 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-5106

A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.

Published: February 12, 2020; 05:15:12 PM -05:00
(not available)
CVE-2013-4602

A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.

Published: February 12, 2020; 05:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2011-4908

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.

Published: February 12, 2020; 05:15:12 PM -05:00
(not available)
CVE-2020-5399

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

Published: February 12, 2020; 04:15:14 PM -05:00
(not available)
CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

Published: February 12, 2020; 04:15:13 PM -05:00
(not available)
CVE-2020-8950

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.

Published: February 12, 2020; 03:15:15 PM -05:00
(not available)
CVE-2020-6193

SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.

Published: February 12, 2020; 03:15:14 PM -05:00
(not available)