National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,200 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

Published: March 26, 2020; 01:15:23 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

Published: March 26, 2020; 01:15:23 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

Published: March 26, 2020; 01:15:23 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-10824

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

Published: March 26, 2020; 01:15:23 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-10823

A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).

Published: March 26, 2020; 01:15:23 PM -04:00
(not available)
CVE-2020-9521

An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

Published: March 26, 2020; 11:15:25 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-9066

Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.

Published: March 26, 2020; 11:15:25 AM -04:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-9065

Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.

Published: March 26, 2020; 11:15:25 AM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-7944

In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.

Published: March 26, 2020; 11:15:25 AM -04:00
(not available)
CVE-2020-1800

HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.

Published: March 26, 2020; 11:15:24 AM -04:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5105

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.

Published: March 26, 2020; 11:15:24 AM -04:00
(not available)
CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

Published: March 26, 2020; 10:15:13 AM -04:00
V3.1: 7.5 HIGH
    V2: 6.0 MEDIUM
CVE-2020-7260

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 7.8 HIGH
    V2: 4.4 MEDIUM
CVE-2020-6999

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-5340

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2020-5339

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2020-5129

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-1764

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Published: March 26, 2020; 09:15:13 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

Published: March 26, 2020; 09:15:13 AM -04:00
(not available)
CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

Published: March 26, 2020; 09:15:12 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM