Search

Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35230 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.8 Medium
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
CVE-2020-35229 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 8.8 High
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
CVE-2020-35228 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2020-35227 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 7.2 High
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
CVE-2020-35226 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 7.1 High
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
CVE-2020-35225 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.8 Medium
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
CVE-2020-35224 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.5 Medium
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
CVE-2020-35223 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 8.8 High
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
CVE-2020-35221 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 8.8 High
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.
CVE-2020-35219 1 Asus 2 Dsl-n17u, Dsl-n17u Firmware 2024-11-21 9.8 Critical
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.
CVE-2020-35217 1 Eclipse 1 Vert.x-web 2024-11-21 8.8 High
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
CVE-2020-35216 1 Atomix 1 Atomix 2024-11-21 5.9 Medium
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.
CVE-2020-35215 1 Atomix 1 Atomix 2024-11-21 6.5 Medium
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
CVE-2020-35214 1 Atomix 1 Atomix 2024-11-21 8.1 High
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
CVE-2020-35213 1 Atomix 1 Atomix 2024-11-21 8.1 High
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
CVE-2020-35211 1 Atomix 1 Atomix 2024-11-21 7.5 High
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.
CVE-2020-35210 1 Atomix 1 Atomix 2024-11-21 6.5 Medium
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
CVE-2020-35209 1 Atomix 1 Atomix 2024-11-21 7.5 High
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
CVE-2020-35208 1 Logmein 1 Lastpass 2024-11-21 5.7 Medium
An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices
CVE-2020-35207 1 Logmein 1 Lastpass 2024-11-21 5.7 Medium
An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices