New vulnerabilities from the NVD: CVE-2020-14268 | | A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client. Published at: December 14, 2020 at 06:15PM View on website December 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14244 | | A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. Published at: December 14, 2020 at 06:15PM View on website December 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15733 | | An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. Published at: December 14, 2020 at 07:15PM View on website December 14, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16104 | | SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. Published at: December 14, 2020 at 10:15PM View on website December 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16103 | | Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. Published at: December 14, 2020 at 10:15PM View on website December 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16102 | | Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.XXX(MRX); 8.20 versions prior to 8.20.XXX(MRX); 8.10 versions prior to 8.10.XXX(MRX); 8.00 versions prior to 8.00.XXX(MRX); version 7.90 and prior versions. Published at: December 14, 2020 at 10:15PM View on website December 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0470 | | In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0469 | | In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0468 | | In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0467 | | In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-168500792 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0466 | | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0465 | | In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0464 | | In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0463 | | In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0460 | | In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-163413737 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0459 | | In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0458 | | In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0457 | | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0455 | | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0444 | | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0440 | | In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162627132 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0099 | | In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510 Published at: December 15, 2020 at 12:15AM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19289 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19288 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19287 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19286 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19285 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19284 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19283 | | A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place. Published at: December 14, 2020 at 11:15PM View on website December 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0456 | | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843 Published at: December 15, 2020 at 01:15AM View on website December 15, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0019 | | In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798 Published at: December 15, 2020 at 01:15AM View on website December 15, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0016 | | In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 Published at: December 15, 2020 at 01:15AM View on website December 15, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0368 | | In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 Published at: December 15, 2020 at 06:15PM View on website December 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0280 | | In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424 Published at: December 15, 2020 at 06:15PM View on website December 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0244 | | In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no clear exfiltration path, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145262423 Published at: December 15, 2020 at 06:15PM View on website December 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16243 | | SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. Published at: December 16, 2020 at 01:15AM View on website December 16, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14483 | | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. Published at: December 16, 2020 at 06:15PM View on website December 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14482 | | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. Published at: December 16, 2020 at 06:15PM View on website December 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14480 | | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. Published at: December 16, 2020 at 06:15PM View on website December 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14477 | | AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted. Published at: December 16, 2020 at 06:15PM View on website December 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14481 | | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. Published at: December 16, 2020 at 07:15PM View on website December 16, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14479 | | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. Published at: December 16, 2020 at 07:15PM View on website December 16, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14478 | | AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. Published at: December 16, 2020 at 07:15PM View on website December 16, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14476 | | AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. Published at: December 16, 2020 at 07:15PM View on website December 16, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16957 | | |
New vulnerabilities from the NVD: CVE-2019-16955 | | |
Няма коментари:
Публикуване на коментар