National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 10 min ago

CVE-2020-11018

Fri, 05/29/2020 - 13:15
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
Categories: Security News

CVE-2020-13634

Fri, 05/29/2020 - 13:15
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558
Categories: Security News

CVE-2020-12675

Fri, 05/29/2020 - 12:15
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.
Categories: Security News

CVE-2020-11017

Fri, 05/29/2020 - 12:15
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.
Categories: Security News

CVE-2020-4306 (planning_analytics_local)

Fri, 05/29/2020 - 09:15
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.
Categories: Security News

CVE-2020-4352 (mq_for_hpe_nonstop)

Fri, 05/29/2020 - 09:15
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
Categories: Security News

CVE-2020-4490 (business_automation_workflow, business_process_manager)

Fri, 05/29/2020 - 09:15
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989
Categories: Security News

CVE-2020-5572 (mailwise)

Fri, 05/29/2020 - 05:15
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
Categories: Security News

CVE-2020-5573 (kintone)

Fri, 05/29/2020 - 05:15
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
Categories: Security News

CVE-2020-13693 (bbpress)

Thu, 05/28/2020 - 20:15
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
Categories: Security News

CVE-2020-13173 (pcoip_graphics_agent, pcoip_standard_agent)

Thu, 05/28/2020 - 18:15
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.
Categories: Security News

CVE-2019-6342

Thu, 05/28/2020 - 17:15
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Categories: Security News

CVE-2020-11082 (kaminari)

Thu, 05/28/2020 - 17:15
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
Categories: Security News

CVE-2020-5357

Thu, 05/28/2020 - 16:15
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
Categories: Security News

CVE-2020-13660 (cms_made_simple)

Thu, 05/28/2020 - 15:15
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
Categories: Security News

CVE-2020-11079 (node-dns-sync)

Thu, 05/28/2020 - 15:15
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
Categories: Security News

CVE-2020-13245

Thu, 05/28/2020 - 15:15
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
Categories: Security News

CVE-2020-4248 (security_identity_governance_and_intelligence)

Thu, 05/28/2020 - 12:15
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
Categories: Security News

CVE-2020-8329

Thu, 05/28/2020 - 12:15
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.
Categories: Security News

CVE-2020-8330

Thu, 05/28/2020 - 12:15
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.
Categories: Security News

Pages