NVD: all CVE

Subscribe to NVD: all CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 14 perc 35 másodperc
2020. július 1.

CVE-2019-4705

IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.
2020. július 1.

CVE-2019-4706

IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.
2020. július 1.

CVE-2020-12604

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
2020. július 1.

CVE-2020-12605

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
2020. július 1.

CVE-2017-1712

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
2020. július 1.

CVE-2020-12603

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
2020. július 1.

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
2020. július 1.

CVE-2020-7689

Data is truncated wrong when its length is greater than 255 bytes.
2020. július 1.

CVE-2017-1659

"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
2020. július 1.

CVE-2020-15478

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
2020. július 1.

CVE-2020-6261

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
2020. július 1.

CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
2020. július 1.

CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
2020. július 1.

CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
2020. július 1.

CVE-2020-15474

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
2020. július 1.

CVE-2020-15475

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
2020. július 1.

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
2020. július 1.

CVE-2020-15470

ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
2020. július 1.

CVE-2020-15468

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.
2020. július 1.

CVE-2020-14169

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability