National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,203 matching records.
Displaying matches 761 through 780.
Vuln ID Summary CVSS Severity
CVE-2020-6582

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-6581

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 6.8 MEDIUM
CVE-2020-5849

Unraid 6.8.0 allows authentication bypass.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-5847

Unraid through 6.8.0 allows Remote Code Execution.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2020-3948

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-3947

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 7.2 HIGH
CVE-2019-5543

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-19946

The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19821

A post-authentication privilege escalation in the web application of Combodo iTop before 2.7 allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.

Published: March 16, 2020; 02:15:12 PM -04:00
V3.1: 8.1 HIGH
    V2: 5.5 MEDIUM
CVE-2020-6990

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-6988

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-6984

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-6980

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2020-6586

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-6585

Nagios Log Server 2.1.3 has CSRF.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6584

Nagios Log Server 2.1.3 has Incorrect Access Control.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 4.7 MEDIUM
    V2: 1.9 LOW
CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Published: March 16, 2020; 12:15:14 PM -04:00
V3.1: 7.8 HIGH
    V2: 4.4 MEDIUM