Search Results (Refine Search)

Search Parameters:
There are 145,378 matching records.
Displaying matches 381 through 400.
Vuln ID Summary CVSS Severity
CVE-2019-14562

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-14553

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20805

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20804

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.

Published: November 23, 2020; 11:15:12 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-7926

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.

Published: November 23, 2020; 10:15:11 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-7925

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.

Published: November 23, 2020; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

Published: November 23, 2020; 9:15:12 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-27985

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

Published: November 23, 2020; 9:15:12 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-28975

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

Published: November 21, 2020; 4:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14258

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.

Published: November 21, 2020; 1:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14234

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.

Published: November 21, 2020; 1:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14230

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.

Published: November 21, 2020; 1:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25189

The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

Published: November 21, 2020; 12:15:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-5797

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.

Published: November 21, 2020; 1:15:12 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2020-25725

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

Published: November 21, 2020; 1:15:12 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-25185

The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

Published: November 21, 2020; 1:15:11 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-4005

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

Published: November 20, 2020; 3:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-4004

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Published: November 20, 2020; 3:15:13 PM -0500
V3.1: 8.2 HIGH
V2.0: 4.6 MEDIUM