CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

Huawei FusionCompute Command Injection Vulnerability

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. A command injection vulnerability exists in Huawei FusionCompute version 8.0.0, which stems from the device not adequately...

CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

Cross site scripting

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

CVE-2020-3462

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could...

CVE-2020-15621

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

Code injection

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

CVE-2019-18619

The CVE-2019-18619 entry concerns the synaTee component of Synaptics Fingerprint (WBF) drivers that use Intel SGX. All versions prior to 2019-11-15 are affected. The root cause is incorrect parameter validation that allows a local attacker to execute arbitrary code inside the SGX enclave by passi...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

CVE-2020-9259

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

CVE-2020-9255

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178C00E178R1P4 have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application,...

Authentication flaw

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

CVE-2020-7826

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the...

CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

Huawei Honor V30 Inappropriate Authentication Vulnerability

Huawei Honor V30 is a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor V30 10.1.0.212 C00E210R5P1, which stems from the program's failure to properly validate parameters. An attacker can exploit the vulnerability with the help of ...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-52407)

Huawei IPS Module and others are products of Huawei, China.Huawei IPS Module is an Intrusion Prevention System IPS module.NGFW Module is a Next-Generation Firewall NGFW module.Secospace USG6600 is a Next-Generation Firewall product. A buffer overflow vulnerability exists in multiple Huawei...

Huawei Honor 10 Denial of Service Vulnerability

Huawei Honor 10 is a smartphone product from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor 10 10.0.0.178 C00E178R1P4, which stems from the program failing to properly validate parameters. An attacker can exploit the vulnerability to cause a...

IBM WebSphere Application Server and Liberty Information Disclosure Vulnerability

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of IBM Corporation in the U.S. IBM WebSphere Application Server is an application server product. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM...

Mitel Networks MiVoice Connect UCB Component Code Execution Vulnerability

Mitel Networks MiVoice Connect is Mitel Networks Canada's software for centralized management of Mitel Networks' call handling and collaboration tools. A remote code execution vulnerability exists in the UCB component of Mitel Networks MiVoice Connect prior to version 19.1 SP1, which stems from...