National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 day 29 min ago

CVE-2020-13381

Wed, 07/01/2020 - 11:15
openSIS through 7.4 allows SQL Injection.
Categories: Security News

CVE-2020-13382

Wed, 07/01/2020 - 11:15
openSIS through 7.4 has Incorrect Access Control.
Categories: Security News

CVE-2020-13383

Wed, 07/01/2020 - 11:15
openSIS through 7.4 allows Directory Traversal.
Categories: Security News

CVE-2019-4676

Wed, 07/01/2020 - 11:15
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
Categories: Security News

CVE-2019-4704

Wed, 07/01/2020 - 11:15
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.
Categories: Security News

CVE-2019-4705

Wed, 07/01/2020 - 11:15
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.
Categories: Security News

CVE-2019-4706

Wed, 07/01/2020 - 11:15
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.
Categories: Security News

CVE-2020-12604

Wed, 07/01/2020 - 11:15
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
Categories: Security News

CVE-2020-12605

Wed, 07/01/2020 - 11:15
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
Categories: Security News

CVE-2017-1712

Wed, 07/01/2020 - 10:15
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
Categories: Security News

CVE-2020-12603

Wed, 07/01/2020 - 10:15
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
Categories: Security News

CVE-2020-5900

Wed, 07/01/2020 - 10:15
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
Categories: Security News

CVE-2020-7689

Wed, 07/01/2020 - 10:15
Data is truncated wrong when its length is greater than 255 bytes.
Categories: Security News

CVE-2017-1659

Wed, 07/01/2020 - 10:15
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
Categories: Security News

CVE-2020-15478

Wed, 07/01/2020 - 09:15
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Categories: Security News

CVE-2020-6261

Wed, 07/01/2020 - 09:15
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
Categories: Security News

CVE-2020-15471

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
Categories: Security News

CVE-2020-15472

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
Categories: Security News

CVE-2020-15473

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
Categories: Security News

CVE-2020-15474

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
Categories: Security News

Pages