Логотип exploitDog
source:"msrc"
Консоль
Логотип exploitDog

exploitDog

source:"msrc"

Количество 18 763

Количество 18 763

msrc логотип

CVE-2020-7211

больше 5 лет назад

tftp.c in libslirp 4.1.0 as used in QEMU 4.2.0 does not prevent ..\ directory traversal on Windows.

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2020-7071

4 месяца назад

FILTER_VALIDATE_URL accepts URLs with invalid userinfo

CVSS3: 5.3
EPSS: Низкий
msrc логотип

CVE-2020-7039

больше 5 лет назад

CVSS3: 5.6
EPSS: Низкий
msrc логотип

CVE-2020-7021

около 4 лет назад

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

CVSS3: 4.9
EPSS: Низкий
msrc логотип

CVE-2020-7020

около 4 лет назад

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

CVSS3: 3.1
EPSS: Низкий
msrc логотип

CVE-2020-7019

около 4 лет назад

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

CVSS3: 6.5
EPSS: Низкий
msrc логотип

CVE-2020-7014

около 4 лет назад

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.

CVSS3: 8.8
EPSS: Низкий
msrc логотип

CVE-2020-7009

около 4 лет назад

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CVSS3: 8.8
EPSS: Низкий
msrc логотип

CVE-2020-6750

около 4 лет назад

CVSS3: 5.9
EPSS: Низкий
msrc логотип

CVE-2020-6096

больше 5 лет назад

CVSS3: 8.1
EPSS: Низкий
msrc логотип

CVE-2020-5291

больше 5 лет назад

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-5247

больше 5 лет назад

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2020-5208

больше 5 лет назад

remote code execution vulnerability in ipmitool

CVSS3: 8.8
EPSS: Низкий
msrc логотип

CVE-2020-4041

4 месяца назад

The filename of uploaded files vulnerable to stored XSS in Bolt CMS

CVSS3: 7.4
EPSS: Низкий
msrc логотип

CVE-2020-4040

4 месяца назад

CSRF issue on preview pages in Bolt CMS

CVSS3: 8.6
EPSS: Низкий
msrc логотип

CVE-2020-36478

5 месяцев назад

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

EPSS: Низкий
msrc логотип

CVE-2020-36477

5 месяцев назад

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).

EPSS: Низкий
msrc логотип

CVE-2020-36476

5 месяцев назад

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

EPSS: Низкий
msrc логотип

CVE-2020-36475

5 месяцев назад

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

EPSS: Низкий
msrc логотип

CVE-2020-36426

5 месяцев назад

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
msrc логотип
CVE-2020-7211

tftp.c in libslirp 4.1.0 as used in QEMU 4.2.0 does not prevent ..\ directory traversal on Windows.

CVSS3: 7.5
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-7071

FILTER_VALIDATE_URL accepts URLs with invalid userinfo

CVSS3: 5.3
4%
Низкий
4 месяца назад
msrc логотип
CVSS3: 5.6
1%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

CVSS3: 4.9
0%
Низкий
около 4 лет назад
msrc логотип
CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

CVSS3: 3.1
0%
Низкий
около 4 лет назад
msrc логотип
CVE-2020-7019

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.

CVSS3: 6.5
0%
Низкий
около 4 лет назад
msrc логотип
CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.

CVSS3: 8.8
0%
Низкий
около 4 лет назад
msrc логотип
CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CVSS3: 8.8
2%
Низкий
около 4 лет назад
msrc логотип
CVSS3: 5.9
1%
Низкий
около 4 лет назад
msrc логотип
CVSS3: 8.1
5%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 7.8
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 7.5
3%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-5208

remote code execution vulnerability in ipmitool

CVSS3: 8.8
1%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-4041

The filename of uploaded files vulnerable to stored XSS in Bolt CMS

CVSS3: 7.4
0%
Низкий
4 месяца назад
msrc логотип
CVE-2020-4040

CSRF issue on preview pages in Bolt CMS

CVSS3: 8.6
0%
Низкий
4 месяца назад
msrc логотип
CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

1%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-36477

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).

0%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

1%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

1%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

1%
Низкий
5 месяцев назад

Уязвимостей на страницу