Search Results (Refine Search)

Search Parameters:
There are 138,560 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2020-5972

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Published: June 30, 2020; 7:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-5971

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Published: June 30, 2020; 7:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-5970

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Published: June 30, 2020; 7:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-5969

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Published: June 30, 2020; 7:15:12 PM -0400
V3.1: 6.3 MEDIUM
V2.0: 3.3 LOW
CVE-2020-5968

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Published: June 30, 2020; 7:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.

Published: June 30, 2020; 5:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-9414

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Published: June 30, 2020; 4:15:13 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-9413

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Published: June 30, 2020; 4:15:13 PM -0400
V3.1: 9.6 CRITICAL
V2.0: 9.3 HIGH
CVE-2020-7049

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.

Published: June 30, 2020; 3:15:11 PM -0400
V3.1: 7.3 HIGH
V2.0: 8.5 HIGH
CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Published: June 30, 2020; 3:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14059

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

Published: June 30, 2020; 3:15:11 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-14058

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Published: June 30, 2020; 3:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-15307

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.

Published: June 30, 2020; 2:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15049

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

Published: June 30, 2020; 2:15:12 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-14482

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Published: June 30, 2020; 2:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-15087

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

Published: June 30, 2020; 1:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-15085

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

Published: June 30, 2020; 1:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-13095

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

Published: June 30, 2020; 1:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.

Published: June 30, 2020; 12:15:16 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15084

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.

Published: June 30, 2020; 12:15:15 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 4.3 MEDIUM