Show filters

Showing topic results for "":

(11-20 of 181181)

Sort by:
Attacker Value
Unknown

CVE-2018-20803

Disclosure Date: November 23, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.
0
Attacker Value
Unknown

CVE-2020-7777

Disclosure Date: November 23, 2020 (last updated November 23, 2020)
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.
0
Attacker Value
Unknown

CVE-2020-1778

Disclosure Date: November 23, 2020 (last updated November 23, 2020)
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
0
Attacker Value
Unknown

CVE-2020-28975

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array.
0
Attacker Value
Unknown

CVE-2020-14258

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
0
Attacker Value
Unknown

CVE-2020-14230

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.
0
Attacker Value
Unknown

CVE-2020-14234

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.
0
Attacker Value
Unknown

CVE-2020-25189

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
0
Attacker Value
Unknown

CVE-2020-25185

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
0
Attacker Value
Unknown

CVE-2020-25725

Disclosure Date: November 21, 2020 (last updated November 22, 2020)
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
0