Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | |||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | |||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | |||||
| CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | |||||
| CVE-2020-1741 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.0 MEDIUM | 5.9 MEDIUM |
| A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality. | |||||
| CVE-2020-15131 | 1 Simpleledger | 1 Slp-validate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2. | |||||
| CVE-2020-15130 | 1 Simpleledger | 1 Slpjs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4. | |||||
| CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | |||||
| CVE-2020-11072 | 1 Simpleledger | 1 Slp-validate | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. | |||||
| CVE-2020-11071 | 1 Simpleledger | 1 Slpjs | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. | |||||
| CVE-2020-10027 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
| CVE-2020-10024 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
| CVE-2019-20925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. | |||||
| CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | |||||
| CVE-2015-6964 | 1 Multibit | 1 Multibit Hd | 2024-11-21 | N/A | 5.3 MEDIUM |
| MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC). | |||||
| CVE-2015-10129 | 1 Samwilson | 1 Planet-freo | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716. | |||||
| CVE-2014-125057 | 1 Robitailletheknot Project | 1 Robitailletheknot | 2024-11-21 | 2.1 LOW | 3.1 LOW |
| A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599. | |||||
| CVE-2024-39534 | 2024-10-15 | N/A | 5.4 MEDIUM | ||
| An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. | |||||