BERJAYA

NVD Release of CVMAP

CVSS Version 3.1 Official Support!

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2020-19890 — DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.
Published: August 24, 2020; 11:15:13 AM -04:00

V3.1: 4.9 MEDIUM
V2: 4.0 MEDIUM
CVE-2020-19891 — DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can explo... read CVE-2020-19891
Published: August 24, 2020; 11:15:14 AM -04:00

V3.1: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2020-19878 — DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
Published: August 24, 2020; 11:15:13 AM -04:00

V3.1: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2020-19877 — DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
Published: August 24, 2020; 10:15:12 AM -04:00

V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2020-1567 — A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.
Published: August 17, 2020; 03:15:20 PM -04:00

V3.1: 7.5 HIGH
V2: 7.6 HIGH
CVE-2020-15531 — Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or O... read CVE-2020-15531
Published: August 19, 2020; 09:17:12 PM -04:00

V3.1: 8.8 HIGH
V2: 5.8 MEDIUM
CVE-2020-15532 — Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Obser... read CVE-2020-15532
Published: August 19, 2020; 09:17:12 PM -04:00

V3.1: 6.5 MEDIUM
V2: 3.3 LOW
CVE-2020-15634 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists w... read CVE-2020-15634
Published: August 19, 2020; 09:17:13 PM -04:00

V3.1: 6.3 MEDIUM
V2: 5.8 MEDIUM
CVE-2020-15635 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The spec... read CVE-2020-15635
Published: August 19, 2020; 09:17:13 PM -04:00

V3.1: 8.8 HIGH
V2: 8.3 HIGH
CVE-2020-15636 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit thi... read CVE-2020-15636
Published: August 19, 2020; 09:17:13 PM -04:00

V3.1: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2020-15637 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open... read CVE-2020-15637
Published: August 19, 2020; 09:17:13 PM -04:00

V3.1: 3.3 LOW
V2: 4.3 MEDIUM
CVE-2020-15638 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... read CVE-2020-15638
Published: August 19, 2020; 09:17:13 PM -04:00

V3.1: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2020-4548 — IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM... read CVE-2020-4548
Published: August 20, 2020; 12:15:11 PM -04:00

V3.1: 2.7 LOW
V2: 4.0 MEDIUM
CVE-2020-4687 — IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.
Published: August 20, 2020; 12:15:11 PM -04:00

V3.1: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-20152 — An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow compo... read CVE-2019-20152
Published: August 20, 2020; 09:15:11 AM -04:00

V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-20151 — An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Appr... read CVE-2019-20151
Published: August 20, 2020; 09:15:11 AM -04:00

V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2020-13826 — A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.
Published: August 19, 2020; 09:17:11 PM -04:00

V3.1: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2020-13825 — A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.
Published: August 19, 2020; 09:17:11 PM -04:00

V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2020-1566 — An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1486.
Published: August 17, 2020; 03:15:20 PM -04:00

V3.1: 7.8 HIGH
V2: 7.2 HIGH
CVE-2020-1565 — An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows E... read CVE-2020-1565
Published: August 17, 2020; 03:15:20 PM -04:00

V3.1: 7.8 HIGH
V2: 4.6 MEDIUM

Jul	AUG	Sep
	25
2019	2020	2021

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database