Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2020-6816 —
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
Published: March 24, 2020; 06:15:12 PM -04:00
-
CVE-2020-6802 —
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
Published: March 24, 2020; 06:15:12 PM -04:00
-
CVE-2020-3450 —
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is... read CVE-2020-3450
Published: July 16, 2020; 02:15:19 PM -04:00
-
CVE-2020-14494 —
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no mor... read CVE-2020-14494
Published: July 20, 2020; 11:15:12 AM -04:00
-
CVE-2020-8214 —
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.
Published: July 20, 2020; 12:15:12 PM -04:00
-
CVE-2020-7206 —
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
Published: July 17, 2020; 06:15:11 PM -04:00
-
CVE-2020-7818 —
DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
Published: July 17, 2020; 06:15:11 PM -04:00
-
CVE-2020-5769 —
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in... read CVE-2020-5769
Published: July 17, 2020; 06:15:11 PM -04:00
-
CVE-2019-20839 —
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Published: June 17, 2020; 12:15:11 PM -04:00
-
CVE-2019-20840 —
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
Published: June 17, 2020; 12:15:11 PM -04:00
-
CVE-2018-21247 —
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
Published: June 17, 2020; 12:15:11 PM -04:00
-
CVE-2020-14397 —
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
Published: June 17, 2020; 12:15:11 PM -04:00
-
CVE-2020-9650 —
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Published: July 16, 2020; 08:15:11 PM -04:00
-
CVE-2020-5756 —
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Published: July 17, 2020; 05:15:13 PM -04:00
-
CVE-2020-9670 —
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.
Published: July 16, 2020; 08:15:11 PM -04:00
-
CVE-2020-9671 —
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
Published: July 16, 2020; 08:15:11 PM -04:00
-
CVE-2020-3146 —
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker t... read CVE-2020-3146
Published: July 16, 2020; 02:15:16 PM -04:00
-
CVE-2020-15110 —
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
Published: July 17, 2020; 05:15:12 PM -04:00
-
CVE-2020-9682 —
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.
Published: July 16, 2020; 08:15:12 PM -04:00
-
CVE-2020-4464 —
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.
Published: July 17, 2020; 10:15:11 AM -04:00