Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2015-5684 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-5684
Partager : LinkedIn / Twitter / Facebook

CVE-2015-7333 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-7333
Partager : LinkedIn / Twitter / Facebook

CVE-2015-7334 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-7334
Partager : LinkedIn / Twitter / Facebook

CVE-2015-7335 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-7335
Partager : LinkedIn / Twitter / Facebook

CVE-2015-7336 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-7336
Partager : LinkedIn / Twitter / Facebook

CVE-2015-8534 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-8534
Partager : LinkedIn / Twitter / Facebook

CVE-2015-8535 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-8535
Partager : LinkedIn / Twitter / Facebook

CVE-2015-8536 - MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2015-8536
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10508 - Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10508
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10509 - Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10509
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10510 - Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10510
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10607 - In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10607
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10817 - The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10817
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10939 - Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10939
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10940 - Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10940
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10952 - GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10952
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10953 - In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10953
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10954 - GitLab through 12.9 is affected by a potential DoS in repository archive download.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10954
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10955 - GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10955
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10956 - GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10956
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10990 - An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10990
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10991 - Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10991
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10992 - Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10992
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10993 - Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10993
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1769 - In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1769
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1770 - Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1770
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1771 - Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1771
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1772 - It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1772
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1773 - It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1773
Partager : LinkedIn / Twitter / Facebook

CVE-2020-3920 - UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-3920
Partager : LinkedIn / Twitter / Facebook

CVE-2020-3921 - UltraLog Express device management software stores user's information in cleartext. Any user can obtain accounts information through a specific page.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-3921
Partager : LinkedIn / Twitter / Facebook

CVE-2020-3936 - UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-3936
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5857 - On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5857
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5858 - On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5858
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5859 - On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5859
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5860 - On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5860
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5861 - On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5861
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5862 - On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5862
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5863 - In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5863
Partager : LinkedIn / Twitter / Facebook

CVE-2020-6095 - An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-6095
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7918 - An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7918
Partager : LinkedIn / Twitter / Facebook

CVE-2020-8551 - The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-8551
Partager : LinkedIn / Twitter / Facebook

CVE-2020-8552 - The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-8552
Partager : LinkedIn / Twitter / Facebook

CVE-2019-15795 - python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-15795
Partager : LinkedIn / Twitter / Facebook

CVE-2019-15796 - Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-15796
Partager : LinkedIn / Twitter / Facebook

CVE-2019-5105 - An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-5105
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10245 - CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10245
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10823 - A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10823
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10824 - A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10824
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10825 - A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10825
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10826 - /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10826
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10827 - A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10827
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10828 - A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10828
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10968 - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10968
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10969 - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10969
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1764 - A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1764
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1800 - HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1800
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4276 - IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-4276
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5129 - A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5129
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5339 - RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5339
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5340 - RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5340
Partager : LinkedIn / Twitter / Facebook

CVE-2020-6999 - In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-6999
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7260 - DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7260
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7944 - In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7944
Partager : LinkedIn / Twitter / Facebook

CVE-2020-8910 - A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-8910
Partager : LinkedIn / Twitter / Facebook

CVE-2020-8923 - An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-8923
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9065 - Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9065
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9066 - Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9066
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9521 - An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
26/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9521
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18626 - Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-18626
Partager : LinkedIn / Twitter / Facebook

CVE-2019-19127 - An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-19127
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20633 - GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20633
Partager : LinkedIn / Twitter / Facebook

CVE-2019-7240 - An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-7240
Partager : LinkedIn / Twitter / Facebook

CVE-2019-7244 - An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-7244
Partager : LinkedIn / Twitter / Facebook

CVE-2019-7245 - An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-7245
Partager : LinkedIn / Twitter / Facebook

CVE-2019-7630 - An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-7630
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10649 - DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10649
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10788 - openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10788
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1957 - Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1957
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2160 - Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2160
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2161 - Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2161
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2166 - Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2166
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2167 - Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2167
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2168 - Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2168
Partager : LinkedIn / Twitter / Facebook

CVE-2020-2171 - Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-2171
Partager : LinkedIn / Twitter / Facebook

CVE-2020-3766 - Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-3766
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5280 - http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5280
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5281 - In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5281
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5282 - In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5282
Partager : LinkedIn / Twitter / Facebook

CVE-2020-5552 - Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-5552
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9375 - TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
25/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9375
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20577 - An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20577
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20579 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20579
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20580 - An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20580
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20588 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20588
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20589 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20589
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10684 - A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10684
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10847 - An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10847
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1747 - A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1747
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4253 - IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.
24/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-4253
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2020-1950 - A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
28/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1950
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1951 - A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
28/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1951
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20531 - An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20531
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20532 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20532
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20534 - An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20534
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20535 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20535
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20536 - An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20536
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20537 - An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20537
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20539 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20539
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20541 - An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20541
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20556 - An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20556
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20557 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20557
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20558 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20558
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20559 - An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20559
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20560 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The BIOSUB Trustlet has an out of bounds write. The Samsung ID is SVE-2019-15261 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20560
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20561 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20561
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20562 - An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20562
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20563 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20563
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20564 - An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20564
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20565 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20565
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20566 - An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20566
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20568 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20568
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20569 - An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20569
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20570 - An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20570
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20571 - An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20571
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20572 - An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20572
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20573 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20573
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20574 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20574
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20575 - An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20575
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20578 - An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20578
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20581 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20581
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20582 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20582
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20583 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20583
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20584 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20584
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20585 - An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20585
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20586 - An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20586
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20587 - An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20587
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20612 - An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20612
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20614 - An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20614
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20615 - An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20615
Partager : LinkedIn / Twitter / Facebook

CVE-2019-20616 - An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-20616
Partager : LinkedIn / Twitter / Facebook

CVE-2019-6558 - In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-6558
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10789 - openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10789
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10790 - openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10790
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10791 - app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10791
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10845 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10845
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10848 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10848
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10852 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10852
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10854 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020).
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10854
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10931 - Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
27/03/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10931
Partager : LinkedIn / Twitter / Facebook