National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,354 matching records.
Displaying matches 721 through 740.
Vuln ID Summary CVSS Severity
CVE-2020-11049

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.

Published: May 07, 2020; 04:15:12 PM -04:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-11048

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

Published: May 07, 2020; 04:15:12 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-11047

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.

Published: May 07, 2020; 04:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-11046

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.

Published: May 07, 2020; 03:15:11 PM -04:00
V3.1: 2.2 LOW
    V2: 3.5 LOW
CVE-2020-11045

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.

Published: May 07, 2020; 03:15:11 PM -04:00
V3.1: 3.3 LOW
    V2: 4.9 MEDIUM
CVE-2020-11044

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

Published: May 07, 2020; 03:15:11 PM -04:00
V3.1: 2.2 LOW
    V2: 3.5 LOW
CVE-2020-11042

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.

Published: May 07, 2020; 03:15:11 PM -04:00
V3.1: 5.9 MEDIUM
    V2: 4.9 MEDIUM
CVE-2020-7805

An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-7803

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-10974

An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and WL-WN575A3 - RPT75A3.V4300.180801 devices, affecting a backup feature. A crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10973

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10972

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. A page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd).

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10971

An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices. A crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2019-19164

dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

Published: May 07, 2020; 02:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-7646

curlrequest through 1.0.1 allows execution of arbitrary commands.It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-5751

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-5748

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-5747

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.

Published: May 07, 2020; 01:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW