Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 113968 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2020-15062 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15818 In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15820 In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-8575 Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15824 In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15056 TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15819 JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15059 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. HIGH Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15830 JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15063 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. HIGH Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15829 In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15065 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15057 TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-11993 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability for unpatched servers. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-17447 MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15823 JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16225 Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16248 ** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-17451 flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15064 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16116 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2019-19704 In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-11985 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15060 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15115 etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users\' passwords with little computational effort. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15114 In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16219 Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15061 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15055 TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. HIGH Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15821 In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16227 Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15828 In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16223 Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15825 In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users\' privileges. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-11984 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE HIGH Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15817 In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15831 JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15054 TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15827 In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-17452 flatCore before 1.5.7 allows upload and execution of a .php file by an admin. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15058 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. LOW Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-16221 Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. MEDIUM Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15826 In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. -- Aug 9, 2020 -- (Wind River Linux LTS 18)
CVE-2020-5412 Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. -- Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the \'Cache-Digest\' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via H2Push off will mitigate this vulnerability for unpatched servers. -- Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2019-7005 A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2. -- Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2020-14344 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. MEDIUM Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15479 An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver\'s IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. -- Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15480 An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. -- Aug 8, 2020 -- (Wind River Linux LTS 18)
CVE-2020-15907 In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. -- Aug 7, 2020 -- (Wind River Linux LTS 18)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online