CWE:
 

Topic
Date
Author
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...


CVEMAP Search Results

CVE
Details
Description
2020-06-03
Waiting for details
CVE-2020-5299

Updating...
 

 
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).

 
2020-05-29
Medium
CVE-2020-1870

Updating...
 

 
CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service.

 
2020-05-13
Medium
CVE-2020-7455

Vendor: Freebsd
Software: Freebsd
 

 
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).

 
Medium
CVE-2019-15879

Vendor: Freebsd
Software: Freebsd
 

 
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

 
Medium
CVE-2020-12697

Vendor: DKD
Software: Direct mail
 

 
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.

 
2020-05-09
Low
CVE-2020-12768

Vendor: Linux
Software: Linux kernel
 

 
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e.

 
2020-05-05
Low
CVE-2020-12656

Vendor: Linux
Software: Linux kernel
 

 
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.

 
2020-05-04
Low
CVE-2020-11462

Vendor: Openvpn
Software: Openvpn
 

 
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable.

 
2020-04-30
Medium
CVE-2020-5883

Vendor: F5
Software: Big-ip acces...
 

 
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.

 
2020-04-24
Low
CVE-2020-4267

Vendor: IBM
Software: MQ
 

 
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top