CVE Catalog

Browse the latest Common Vulnerabilities and Exposures (CVEs) with CVSS scores, affected products, and next-gen risk scores.

Jun 9, 2020

Apple iOS, iPadOS, and watchOS Mail Memory Corruption Vulnerability

A memory corruption vulnerability has been identified in the Mail application on Apple iOS, iPadOS, and watchOS. This vulnerability allows heap corruption when processing maliciously crafted mail messages. It affects multiple versions of iOS and iPadOS, as well as watchOS 6.2.5 and 5.3.7.

6.6
Jun 9, 2020

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability in Mail Processing

A vulnerability allowing out-of-bounds write operations has been identified in the Mail application across multiple Apple operating systems, including iOS 13.5, iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. This vulnerability arises from insufficient bounds checking, which can be exploited by processing maliciously crafted mail messages. The exploitation of this vulnerability may lead to unexpected modifications in memory, application crashes, or heap corruption.

6.6
Jun 8, 2020

Angular.js Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Angular.js versions prior to 1.8.0. The issue arises from a regex-based HTML input replacement that can inadvertently convert sanitized code into an unsanitized form. This vulnerability can be exploited by wrapping '<option>' elements within '<select>' elements, which alters the way the code is parsed and potentially reintroduces harmful scripts.

4.0
Jun 7, 2020

Facade Ignition Laravel Global Variable Handling Vulnerability

A vulnerability exists in the Ignition component for Laravel, specifically in versions prior to 2.0.5 and in the 1.x series versions 1.16.15 and earlier. The issue arises from improper handling of global variables, including globals, _get, _post, _cookie, and _env. This mismanagement can lead to unintended consequences, although the specific impacts are not detailed.

6.0
Jun 5, 2020

Apple Multiple Products Code Execution Vulnerability

A memory consumption vulnerability allowing arbitrary code execution with kernel privileges has been identified in multiple Apple products, including iOS, iPadOS, macOS, watchOS, and tvOS. This issue arises from inadequate memory management, leading to excessive memory usage. The vulnerability has been addressed in iOS 13.5.1, iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6.

5.9
May 22, 2020

Apache Kylin OS Command Injection Vulnerability

A command injection vulnerability has been identified in Apache Kylin versions 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, and 3.0.1. This vulnerability arises from certain RESTful APIs that concatenate user input with operating system commands, executing them on the server without proper validation. As a result, users may be able to execute arbitrary OS commands remotely.

5.8
Apr 29, 2020

jQuery Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in jQuery. This issue affects versions greater than or equal to 1.0.3 and prior to 3.5.0. The vulnerability arises when HTML containing <option> elements from untrusted sources is passed to jQuery's DOM manipulation methods, such as .html() or .append(). Even if the HTML is sanitized, it may still execute untrusted code. This vulnerability is particularly concerning because it can be exploited through common jQuery methods that manipulate the DOM.

5.9
Apr 23, 2020

Ceph Object Gateway Header-Splitting Vulnerability Leading to Cross-Site Scripting

A cross-site scripting (XSS) vulnerability has been identified in the Ceph Object Gateway (RADOS Gateway) within the Amazon S3 interface. This issue arises from the improper handling of untrusted input, allowing anonymous users to send requests that could be exploited to inject malicious scripts into objects. The vulnerability affects all versions of Ceph Object Gateway up to the latest release.

3.5
Apr 17, 2020

Divante Vue Storefront API and Storefront API Stack Trace Disclosure Vulnerability

A vulnerability exists in Divante vue-storefront-api versions through 1.11.1 and in storefront-api versions through 1.0-rc.1. When unexpected HTTP requests are received, the applications respond with an exception that reveals the error stack trace, including absolute file paths and Node.js module names. This issue was merged into the develop branch of both repositories.

4.7
Apr 15, 2020

Istio and Envoy Wildcard Certificate Misrouting Vulnerability

A vulnerability exists in Istio versions through 1.5.1 and Envoy versions through 1.14.1, related to improper handling of HTTP/2 connection reuse when wildcard certificates are involved. This issue can lead to misrouted requests and unintended data exposure between applications hosted on different subdomains but the same IP address. The problem arises when a connection established for a wildcard domain is reused for a specific subdomain, causing requests to be sent to the wrong application.

6.2
Apr 13, 2020

Snap Creek Duplicator WordPress Plugin Directory Traversal Vulnerability Allowing Arbitrary File Read

A directory traversal vulnerability has been identified in the Snap Creek Duplicator WordPress plugin, affecting versions prior to 1.3.28, as well as Duplicator Pro versions prior to 3.8.7.1. The vulnerability allows unauthenticated users to traverse directories using '../' sequences in the 'file' parameter of the 'duplicator_download' or 'duplicator_init' actions, leading to arbitrary file read with the privileges of the web server.

7.8
Apr 9, 2020

Auth0.js Information Disclosure Vulnerability in Error Object

A vulnerability exists in the Auth0.js library (NPM package auth0-js) in versions greater than 8.0.0 and prior to 9.12.3. When an authentication error occurs, the error object returned by the library includes the original user request, which may contain plaintext passwords. If this error object is exposed or logged without modification, there is a risk of password exposure.

4.0
Apr 8, 2020

Varnish Cache PROXY v2 Protocol Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Varnish Cache versions prior to 6.0.6 LTS, 6.1.x, 6.2.x prior to 6.2.3, and 6.3.x prior to 6.3.2. The issue arises when Varnish communicates with a TLS termination proxy using PROXY version 2, leading to an assertion failure that causes the Varnish daemon to restart. This restart empties the cache, resulting in performance degradation and increased load on backend servers.

5.3
Apr 8, 2020

Varnish Cache Workspace Information Leak Vulnerability

A vulnerability in Varnish Cache versions prior to 6.0.5 LTS, 6.1.x, 6.2.x prior to 6.2.2, and 6.3.x prior to 6.3.1, allows for an information leak from the connection workspace. The issue arises because a pointer is not cleared between handling client requests on the same connection, which can inadvertently disclose data structures and temporary VCL-related headers from previous requests. The vulnerability is triggered when Varnish switches to synthetic response handling due to an internal error, such as reaching the maximum number of allowed VCL restarts or receiving invalid HTTP headers from a backend response.

4.9
Apr 1, 2020

Auth0 WordPress Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing insecure direct object references has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. This issue could allow users to access or manipulate objects they should not have permission to.

3.7
Apr 1, 2020

Auth0 WordPress Plugin CSV Injection Vulnerability

A CSV injection vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. The issue arises because the plugin's data fields, which source information from various origins, lack proper input validation and sanitization before user data is exported. This oversight can be exploited by uploading a crafted Excel document that injects malicious CSV data.

3.6
Apr 1, 2020

Auth0 WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions prior to 4.0.0. This vulnerability allows for the injection of malicious scripts that are executed on multiple pages within the WordPress site.

4.0
Apr 1, 2020

Auth0 WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability resides within the settings page of the plugin, allowing attackers to inject malicious scripts that are executed when the page is viewed.

3.6
Apr 1, 2020

Auth0 WordPress Plugin Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability arises in the domain field, where the plugin lacks proper CSRF controls, allowing unauthorized actions to be performed on behalf of the user.

4.0
Mar 30, 2020

Next.js Directory Traversal Vulnerability Allowing Access to Sensitive Files

A directory traversal vulnerability has been identified in Next.js versions prior to 9.3.2. This vulnerability allows attackers to craft requests that access files within the .next (dist) directory. The issue does not affect files outside of this directory. Typically, the dist directory contains build assets, unless the application intentionally places other files there. The vulnerability arises when the application is deployed using 'next start', leaving it open to exploitation.

4.6
Mar 27, 2020

F5 BIG-IP HTTP/3 QUIC Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP version 15.1.0.1. When the HTTP/3 QUIC profile is enabled, specially formatted HTTP/3 messages can cause the Traffic Management Microkernel (TMM) to crash and produce a core file. This disruption may lead to a temporary failure in processing traffic, causing TMM to restart. In high availability configurations, this issue can trigger a failover to the standby host.

2.4
Mar 25, 2020

FrozenNode Laravel-Administrator Unrestricted File Upload Vulnerability Allowing Remote Code Execution

A vulnerability in FrozenNode Laravel-Administrator versions through 5.0.12 allows unrestricted file uploads, leading to remote code execution. The issue arises in the image upload feature of the admin tips module, where PHP code can be embedded within a GIF image file with a .php extension. Although the application attempts to block such uploads, this restriction can be easily bypassed by manipulating the file upload request.

4.0
Mar 25, 2020

openITCOCKPIT Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in openITCOCKPIT versions prior to 3.7.3. The issue arises from unnecessary files, including Lodash files, being accessible in the web root directory. These files can be exploited to inject malicious scripts, leading to XSS attacks.

3.0
Mar 23, 2020

CodeIgniter Privilege Escalation Vulnerability via Email ID Modification

A vulnerability in CodeIgniter through version 4.0.0 allows remote attackers to gain unauthorized privileges by altering the Email ID sent to the 'Select Role of the User' page. This issue is reportedly linked to a custom module or plugin rather than the CodeIgniter framework itself, as the framework does not provide built-in authentication or user management features.

5.0
Mar 20, 2020

Liferay Portal Deserialization Vulnerability Leading to Remote Code Execution

A deserialization vulnerability allowing remote code execution has been identified in Liferay Portal versions prior to 7.2.1 CE GA2. This vulnerability arises from the insecure handling of data in the JSON web services interface, allowing attackers to execute arbitrary code on the server.

6.0
Mar 13, 2020

Xerox Printers Stack-Based Buffer Overflow Vulnerability in Google Cloud Print Implementation Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in the Google Cloud Print implementation of certain Xerox printers, including the Phaser 3320 model with firmware version V53.006.16.000. This vulnerability allows an unauthenticated attacker to execute arbitrary code on the affected device. The issue arises from improper validation of the register parameters, which enables a buffer overflow when the action value is copied into a local variable using the memcpy() function.

5.0
Mar 10, 2020

SAP Commerce SmartEdit Extension AngularJS Template Injection Vulnerability

A client-side AngularJS template injection vulnerability, which is a variant of Cross-Site Scripting (XSS), has been identified in the SAP Commerce SmartEdit Extension. This issue affects versions 6.6, 6.7, 1808, and 1811. The vulnerability arises from the exploitation of the templating capabilities of the Angular framework.

3.3
Mar 4, 2020

Envoy TLS Inspector Bypass Vulnerability

A vulnerability in Envoy's TLS inspector feature, present in versions prior to 1.13.0, allows for bypassing TLS client recognition by using only TLS 1.3. This occurs because the TLS extensions, such as Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN), were not inspected. As a result, connections could be incorrectly matched to a different filter chain, potentially bypassing certain security restrictions.

5.3
Mar 4, 2020

CNCF Envoy Incorrect Access Control Vulnerability in Secret Discovery Service Validation Context

A vulnerability exists in CNCF Envoy versions prior to 1.13.0, related to improper access control when using the Secret Discovery Service (SDS) with a combined validation context. This issue arises because the same secret, such as a trusted Certificate Authority (CA), can be applied across multiple resources. When this occurs, resources configured after the initial secret reception may not apply the 'static' validation context rules, leading to a bypass of important security checks. The flaw allows for unauthorized access to services or impersonation of services, potentially escalating privileges.

4.5
Mar 4, 2020

CNCF Envoy Response Flooding Vulnerability for HTTP/1.1

A denial-of-service vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. This issue arises in the HTTP/1 codec component, where Envoy can consume excessive memory when handling pipelined requests. The vulnerability is exploited by sending a TCP buffer filled with multiple HTTP requests. If the client reads the responses slowly, Envoy generates internal 400 error responses, which accumulate in the memory, leading to resource exhaustion. This issue bypasses Envoy's overload management, exacerbating the memory consumption problem.

6.1
Mar 4, 2020

CNCF Envoy Excessive Memory Consumption Vulnerability in HTTP/1.1 Chunked Responses

A memory consumption vulnerability has been identified in CNCF Envoy versions prior to 1.13.0. When proxying HTTP/1.1 requests or responses that contain many small chunks (approximately 1 byte each), Envoy can use excessive amounts of memory. This occurs because Envoy allocates a separate buffer for each chunk, rounding up to the nearest 4KB, and fails to release empty chunks after the data has been committed. As a result, handling requests or responses with numerous small chunks can lead to a significant increase in memory usage, potentially two to three times more than the configured buffer limits. This issue has been acknowledged by the Envoy project and is being addressed in the official Envoy GitHub repository.

6.1
Feb 27, 2020

Apple Multiple Products Memory Corruption Vulnerability Allowing Arbitrary Code Execution with Kernel Privileges

A memory corruption vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability could allow an application to execute arbitrary code with kernel privileges. The issue arises from improper memory handling, which has been addressed in the latest updates for each operating system.

6.0
Feb 24, 2020

Apache Tomcat AJP Request Injection and Potential Remote Code Execution Vulnerability

A vulnerability has been identified in Apache Tomcat that allows for AJP request injection and potential remote code execution. This issue affects Apache Tomcat versions 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50, and 7.0.0 to 7.0.99. The vulnerability arises because Tomcat AJP connectors, which are enabled by default and listen on all IP addresses, are treated with higher trust than HTTP connections. If an AJP port is accessible to untrusted users, an attacker can exploit this to bypass security checks, authentication, and execute arbitrary files as JSPs, potentially leading to remote code execution.

7.4
Feb 13, 2020

Amazon AWS JavaScript S3 Explorer Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Amazon AWS JavaScript S3 Explorer (aws-js-s3-explorer) version 2 alpha prior to August 2, 2019. The issue arises in explorer.js, where user input is not properly sanitized, allowing for the injection of malicious scripts under certain conditions.

2.0
Feb 12, 2020

Varnish HTTP Cache ACL Bypass Vulnerability

An Access Control List (ACL) bypass vulnerability exists in Varnish HTTP Cache versions prior to 3.0.4. This vulnerability allows unauthorized users to bypass defined access controls, potentially leading to unauthorized actions or information disclosure.

6.3
Feb 6, 2020

F5 BIG-IP TMM Denial-of-Service Vulnerability in AWS Virtual Editions

A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) instances running versions 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2. When these instances process specially crafted traffic with the default 'xnet' driver, they may experience a Traffic Management Microkernel (TMM) restart. This issue does not affect BIG-IP VEs in other virtual environments or hardware appliances.

2.3
Feb 5, 2020

Auth0 wp-auth0 Plugin Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Auth0 wp-auth0 plugin for WordPress, specifically in versions 3.11.x prior to 3.11.3. The issue arises from a wle parameter related to the wp-login.php file, allowing for the injection of malicious scripts.

4.0
Feb 3, 2020

Auth0 Lock Cross-Site Scripting Vulnerability in Additional Sign-Up Fields

A cross-site scripting (XSS) vulnerability exists in Auth0 Lock versions prior to 11.21.0. The issue arises when the 'additionalSignUpFields' feature is used with an untrusted placeholder, allowing for the injection of malicious scripts.

2.7
Jan 24, 2020

Angular Expressions Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Angular Expressions versions prior to 1.0.1. The issue arises when user-controlled input is passed to the `expressions.compile()` function. In a browser environment, this could allow an attacker to execute arbitrary scripts. On the server side, any JavaScript expression could be executed, leading to remote code execution.

2.3
Jan 17, 2020

SolarWinds Orion Platform Stored Client-Side Template Injection Vulnerability Allowing Privilege Escalation

A stored client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression, escaping the Angular sandbox to achieve stored cross-site scripting. The consequence of this vulnerability could lead to privilege escalation.

2.8
Jan 17, 2020

SolarWinds Orion Platform Reflected Client-Side Template Injection Vulnerability

A reflected client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression that escapes the Angular sandbox, potentially leading to stored cross-site scripting (XSS) attacks.

3.2
Jan 9, 2020

EllisLab CodeIgniter XSS Filter Bypass Vulnerability

A vulnerability in EllisLab CodeIgniter version 2.1.2 allows remote attackers to bypass the xss_clean() filter, potentially leading to cross-site scripting (XSS) attacks.

4.1
Jan 8, 2020

Imperva SecureSphere Web Application Firewall SQL Injection Filter Bypass Vulnerability

A SQL injection filter bypass vulnerability has been identified in Imperva SecureSphere Web Application Firewall (WAF) versions prior to August 12, 2010. This vulnerability allows attackers to evade SQL injection protections by exploiting a typo in the WAF's SQL injection detection rules. The bypass is achieved by appending a crafted string that manipulates the WAF's filtering mechanism, enabling potentially malicious SQL injection payloads to be processed without detection.

5.6
Jan 2, 2020

Angular Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in all Angular versions prior to 1.5.0-beta.0. This issue arises because the framework does not properly sanitize 'xlink:href' attributes, allowing malicious scripts to be injected and executed in the context of the user.

3.9
Dec 30, 2019

Apache Solr Remote Code Execution Vulnerability via Velocity Templates

A remote code execution vulnerability has been identified in Apache Solr versions 5.0.0 through 8.3.1. The issue arises in the VelocityResponseWriter component, where an attacker can exploit custom Velocity templates. While parameter-provided templates are disabled by default, they can be enabled by configuring 'params.resource.loader.enabled' to true, allowing the execution of malicious templates. This vulnerability is particularly concerning as it has been reported to cause crashes in the Solr process, leading to service disruptions.

5.0
Dec 27, 2019

Citrix ADC and Gateway Directory Traversal Remote Code Execution Vulnerability

A directory traversal vulnerability allowing remote code execution has been identified in Citrix Application Delivery Controller (ADC) and Gateway versions 10.5, 11.1, 12.0, 12.1, and 13.0. This vulnerability allows an unauthenticated attacker to access and execute arbitrary code on the affected system by exploiting the directory traversal flaw.

7.5
Dec 24, 2019

mongo-express Remote Code Execution Vulnerability

A remote code execution vulnerability exists in mongo-express versions prior to 0.54.0. The issue arises in endpoints that utilize the 'toBSON' method, allowing for the execution of commands through a misuse of the 'vm' dependency in an unsafe environment.

6.5
Dec 18, 2019

Apple Multiple Products Use-After-Free Vulnerability Allowing Arbitrary Code Execution

A use-after-free vulnerability has been identified in multiple Apple products, including iOS, macOS, tvOS, and watchOS. This vulnerability allows a malicious application to execute arbitrary code with system privileges. The issue arises from improper memory management, leading to memory corruption.

6.3
Dec 18, 2019

Apple macOS Privilege Escalation Vulnerability

A use-after-free vulnerability has been identified in Apple macOS, specifically in versions prior to 10.14.4. This vulnerability allows a malicious application to gain elevated privileges. The issue arises from improper memory management, which creates opportunities for exploitation.

6.4
Oct 28, 2019

PHP-FPM Buffer Underflow Vulnerability Allowing Remote Code Execution

A buffer underflow vulnerability has been identified in the PHP FastCGI Process Manager (FPM) component, specifically in PHP versions 7.1.x prior to 7.1.33, 7.2.x prior to 7.2.24, and 7.3.x prior to 7.3.11. In certain FPM configurations, the vulnerability allows for writing past allocated buffers into the space reserved for FastCGI protocol data, creating an opportunity for remote code execution.

8.4