News aggregator

CVE-2015-6970

National Vulnerability Database - Tue, 02/18/2020 - 09:15
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
Categories: Security News

CVE-2015-7506

National Vulnerability Database - Tue, 02/18/2020 - 09:15
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.
Categories: Security News

CVE-2013-5594

National Vulnerability Database - Tue, 02/18/2020 - 08:15
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
Categories: Security News

CVE-2015-1425

National Vulnerability Database - Tue, 02/18/2020 - 08:15
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
Categories: Security News

CVE-2020-5530

National Vulnerability Database - Tue, 02/18/2020 - 01:15
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Categories: Security News

CVE-2020-1842

National Vulnerability Database - Mon, 02/17/2020 - 23:15
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.
Categories: Security News

CVE-2020-8010

National Vulnerability Database - Mon, 02/17/2020 - 23:15
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Categories: Security News

CVE-2020-8011

National Vulnerability Database - Mon, 02/17/2020 - 23:15
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
Categories: Security News

CVE-2020-8012

National Vulnerability Database - Mon, 02/17/2020 - 23:15
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
Categories: Security News

CVE-2020-1791

National Vulnerability Database - Mon, 02/17/2020 - 22:15
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.
Categories: Security News

CVE-2020-1812

National Vulnerability Database - Mon, 02/17/2020 - 22:15
HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.
Categories: Security News

CVE-2020-1843

National Vulnerability Database - Mon, 02/17/2020 - 22:15
Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.
Categories: Security News

CVE-2020-1855

National Vulnerability Database - Mon, 02/17/2020 - 22:15
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.
Categories: Security News

CVE-2020-1789

National Vulnerability Database - Mon, 02/17/2020 - 22:15
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.
Categories: Security News

CVE-2020-1790

National Vulnerability Database - Mon, 02/17/2020 - 22:15
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands.
Categories: Security News

CVE-2020-1814

National Vulnerability Database - Mon, 02/17/2020 - 21:15
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.
Categories: Security News

CVE-2020-1872

National Vulnerability Database - Mon, 02/17/2020 - 21:15
Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed.
Categories: Security News

CVE-2020-1811

National Vulnerability Database - Mon, 02/17/2020 - 19:15
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.
Categories: Security News

CVE-2020-1815

National Vulnerability Database - Mon, 02/17/2020 - 19:15
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust.
Categories: Security News

CVE-2020-1816

National Vulnerability Database - Mon, 02/17/2020 - 19:15
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal.
Categories: Security News

Pages