US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: February 24, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — macos_x Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. 2020-02-21 7.5 CVE-2016-4606
MISC
MISC
MISC
berkeley —  berkeley_open_infrastructure_for_network_computing Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2020-02-20 7.5 CVE-2013-2018
MISC
MISC
broadcom — ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. 2020-02-18 10 CVE-2020-8010
CONFIRM
broadcom — ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. 2020-02-18 7.5 CVE-2020-8012
CONFIRM
eltex — ntp-rg-1402g_router
 
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. 2020-02-17 10 CVE-2020-9026
MISC
eltex — ntp-rg-1402g_router
 
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. 2020-02-17 10 CVE-2020-9027
MISC
hcl — appscan_standard_edition
 
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. 2020-02-14 10 CVE-2019-4392
MISC
horde — groupware_webmail_edition
 
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. 2020-02-17 7.5 CVE-2020-8518
FEDORA
FEDORA
CONFIRM
ibm — db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960. 2020-02-19 7.2 CVE-2020-4204
XF
CONFIRM
iteris — vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. 2020-02-17 10 CVE-2020-9020
MISC
iteris — vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. 2020-02-17 7.5 CVE-2020-9023
MISC
iteris — vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. 2020-02-17 10 CVE-2020-9024
MISC
jsreport — jsreport
 
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. 2020-02-14 7.5 CVE-2020-8128
MISC
jsreport — script-manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. 2020-02-14 7.5 CVE-2020-8129
MISC
moxa — mgate_5105-mb-eip_series_protocol_gateways
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. 2020-02-14 9 CVE-2020-8858
MISC
MISC
nec — multiple_aterm_series_devices
 
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. 2020-02-21 8.3 CVE-2020-5524
MISC
MISC
MISC
nec — multiple_aterm_series_devices
 
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. 2020-02-21 7.7 CVE-2020-5525
MISC
MISC
nec — multiple_aterm_series_devices
 
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. 2020-02-21 7.7 CVE-2020-5534
MISC
MISC
netsweeper — netsweeper Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. 2020-02-19 7.5 CVE-2014-9613
MISC
netsweeper — netsweeper The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. 2020-02-19 7.5 CVE-2014-9614
MISC
netsweeper — netsweeper SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. 2020-02-19 7.5 CVE-2014-9612
MISC
openx — openx_ad_server A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code 2020-02-14 7.5 CVE-2013-4211
MISC
MISC
MISC
MISC
MISC
post_oak_traffic_systems — awam_bluetooth_multiple_field_devices Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. 2020-02-17 10 CVE-2020-9021
MISC
prestashop — prestashop PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module 2020-02-18 7.5 CVE-2013-6295
MISC
MISC
proftpd — proftpd
 
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. 2020-02-20 9 CVE-2020-9273
CONFIRM
CONFIRM
MLIST
promise-probe — promise-probe promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. 2020-02-18 7.5 CVE-2019-10791
MISC
MISC
soplanning — simple_online_planning SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. 2020-02-18 9 CVE-2020-9269
MISC
spacewalk_project — spacewalk
 
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. 2020-02-17 7.5 CVE-2020-1693
CONFIRM
MISC
MISC
wordpress — wordpress
 
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. 2020-02-17 9 CVE-2020-9043
MISC
MISC
MISC
wordpress — wordpress
 
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on WordPress instances. (This issue has been fixed in the 3.x branch of popup-builder.) 2020-02-17 7.5 CVE-2020-9006
MISC
MISC
MISC
MISC
xorus — lpar2rrd
 
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. 2020-02-17 10 CVE-2014-4981
MISC
MISC
MISC
MISC
BID
XF
yeager — yeager_cms SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the “passwordreset&token” parameter. 2020-02-18 7.5 CVE-2015-7567
MISC
MISC
MISC
MISC
zabbix — zabbix
 
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. 2020-02-17 7.5 CVE-2013-3738
MISC
zend_framework — zend_framework SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. 2020-02-17 7.5 CVE-2014-8089
MISC
MISC
BID
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — asset_suite
 
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource’s URL can access the resource directly. 2020-02-17 5.5 CVE-2019-18998
CONFIRM
accusoft — imagegear An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 6.8 CVE-2019-5187
MISC
accusoft — imagegear An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 6.8 CVE-2020-6068
MISC
ai — risknet_acquirer RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. 2020-02-14 5 CVE-2013-5687
XF
aishu_technology — anyshare_cloud AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. 2020-02-16 4 CVE-2020-8996
MISC
arvato — skillpipe
 
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id=”watermark”> from the HTML source code. 2020-02-16 4 CVE-2020-9013
MISC
MISC
atos — unify_openscape_uc_web_client Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload. 2020-02-21 4.3 CVE-2019-19865
MISC
MISC
broadcom — ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. 2020-02-18 5 CVE-2020-8011
CONFIRM
cisco — finesse
 
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-02-19 4.3 CVE-2020-3159
CISCO
cisco — unified_communications_manager
 
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. 2020-02-19 4.3 CVE-2015-0749
MISC
codecov — codecov-node
 
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. 2020-02-17 6.5 CVE-2020-7597
MISC
MISC
combodo — itop iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version. 2020-02-14 5 CVE-2019-13967
MISC
MISC
combodo — itop In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title). 2020-02-14 4.3 CVE-2019-13966
MISC
MISC
combodo — itop In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. 2020-02-14 6.8 CVE-2019-11215
MISC
MISC
combodo — itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. 2020-02-14 4.3 CVE-2019-13965
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640. 2020-02-14 6.8 CVE-2020-8856
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358. 2020-02-14 6.8 CVE-2020-8845
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400. 2020-02-14 6.8 CVE-2020-8846
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591. 2020-02-14 6.8 CVE-2020-8853
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606. 2020-02-14 6.8 CVE-2020-8854
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560. 2020-02-14 6.8 CVE-2020-8855
MISC
MISC
foxit — reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413. 2020-02-14 6.8 CVE-2020-8849
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862. 2020-02-14 6.8 CVE-2020-8857
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415. 2020-02-14 6.8 CVE-2020-8850
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406. 2020-02-14 6.8 CVE-2020-8851
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. 2020-02-14 6.8 CVE-2020-8844
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9414. 2020-02-14 6.8 CVE-2020-8847
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407. 2020-02-14 6.8 CVE-2020-8848
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416. 2020-02-14 4.3 CVE-2020-8852
MISC
MISC
gitlab — gitlab GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. 2020-02-14 4 CVE-2019-15592
MISC
MISC
gitlab — gitlab
 
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. 2020-02-14 4 CVE-2019-15594
MISC
MISC
gitlab — gitlab_enterprise_edition In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. 2020-02-17 5 CVE-2020-8795
CONFIRM
MISC
gluu — identity_configuration A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. 2020-02-16 4.3 CVE-2020-9012
MISC
huawei — cloudlink_board
 
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. 2020-02-17 5 CVE-2020-1841
CONFIRM
huawei — gaussdb_200 GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. 2020-02-17 4 CVE-2020-1853
CONFIRM
huawei — gaussdb_200
 
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. 2020-02-18 6.5 CVE-2020-1790
CONFIRM
huawei — gaussdb_200
 
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. 2020-02-18 6.5 CVE-2020-1811
CONFIRM
huawei — hege-60_and_multiple_osca_products Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. 2020-02-18 4.6 CVE-2020-1843
CONFIRM
huawei — hege-60_and_multiple_osca_products
 
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. 2020-02-18 4.6 CVE-2020-1842
CONFIRM
huawei — multiple_osca_products
 
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. 2020-02-18 4.6 CVE-2020-1789
CONFIRM
huawei — multiple_products Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can’t be established, result in a denial of service. 2020-02-17 5 CVE-2020-1858
CONFIRM
CONFIRM
huawei — multiple_products Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. 2020-02-17 5 CVE-2020-1856
CONFIRM
huawei — multiple_products

 

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. 2020-02-18 4.3 CVE-2020-1816
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. 2020-02-18 4.3 CVE-2020-1815
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. 2020-02-17 5 CVE-2020-1827
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. 2020-02-17 5 CVE-2020-1828
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. 2020-02-17 5 CVE-2020-1829
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service. 2020-02-18 5 CVE-2020-1830
CONFIRM
huawei — p30_smartphones HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. 2020-02-18 6.8 CVE-2020-1812
CONFIRM
ibm — db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. 2020-02-19 5 CVE-2020-4135
XF
CONFIRM
ibm — db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341. 2020-02-19 4 CVE-2020-4161
XF
CONFIRM

ibm — emptoris_spend_analysis_and_emptoris_strategic_supply_management_platform

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348. 2020-02-20 6.5 CVE-2019-4752
XF
CONFIRM
CONFIRM
ibm — jazz_foundation IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654. 2020-02-19 4 CVE-2019-4457
XF
CONFIRM
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. 2020-02-20 4 CVE-2019-4583
XF
CONFIRM
ibm — maximo_asset_management
 
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. 2020-02-18 6.8 CVE-2013-3323
MISC
MISC
CONFIRM
icehrm — icehrm ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. 2020-02-18 4.3 CVE-2020-9271
MISC
icehrm — icehrm
 
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. 2020-02-18 6.8 CVE-2020-9270
MISC
imagemagick — imagemagick Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. 2020-02-17 6.8 CVE-2014-1947
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ipsilon_project — ipsilon
 
The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response. 2020-02-17 4.3 CVE-2015-5216
MISC
MISC
MISC
istio — istio An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. 2020-02-14 5.8 CVE-2020-8843
MISC
MISC
CONFIRM
iteris — vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. 2020-02-17 4.3 CVE-2020-9025
MISC
jasper — jasper Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. 2020-02-17 6.8 CVE-2015-8751
MISC
MISC
MISC
BID
MISC
joplin — joplin Joplin through 1.0.184 allows Arbitrary File Read via XSS. 2020-02-17 4.3 CVE-2020-9038
MISC
MISC
lenovo — xclarity_administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. 2020-02-14 4.3 CVE-2019-6194
CONFIRM
linux — linux_kernel
 
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. 2020-02-14 4.9 CVE-2020-8992
MISC
lvm2 — lvm2 vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. 2020-02-14 5 CVE-2020-8991
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. 2020-02-17 6.4 CVE-2020-9029
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the “User Creation, Deletion and Password Maintenance” screen (when creating a new user). 2020-02-17 4.3 CVE-2020-9028
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. 2020-02-17 6.4 CVE-2020-9030
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. 2020-02-17 6.4 CVE-2020-9031
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. 2020-02-17 6.4 CVE-2020-9032
MISC
microsemi — symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. 2020-02-17 6.4 CVE-2020-9033
MISC
moodle — moodle Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. 2020-02-17 4 CVE-2020-1692
CONFIRM
nec — aterm_wg2600hs_device Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-02-21 4.3 CVE-2020-5533
MISC
MISC
netsurf — libnsbmp libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. 2020-02-18 5 CVE-2015-7507
MISC
MISC
netsweeper — netsweeper
 
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2020-02-19 4.3 CVE-2014-9607
MISC
netsweeper — netsweeper
 
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. 2020-02-19 5 CVE-2014-9609
MISC
netsweeper — netsweeper
 
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2020-02-19 5.8 CVE-2014-9617
MISC
netsweeper — netsweeper
 
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. 2020-02-19 4.3 CVE-2014-9615
MISC
netsweeper — netsweeper
 
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2020-02-19 4.3 CVE-2014-9608
MISC
netsweeper — netsweeper
 
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. 2020-02-19 4.3 CVE-2014-9606
MISC
opensips — opensips
 
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. 2020-02-17 5 CVE-2013-3722
MISC
proftpd — proftpd
 
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. 2020-02-20 5 CVE-2020-9272
CONFIRM
CONFIRM
progress — moveit_transfer In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim’s browser, aka XSS. 2020-02-14 6 CVE-2020-8612
MISC
CONFIRM
CONFIRM
CONFIRM
progress — moveit_transfer
 
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer’s database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. 2020-02-14 6.5 CVE-2020-8611
MISC
CONFIRM
CONFIRM
CONFIRM
silverstripe — silverstripe SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. 2020-02-19 4.3 CVE-2019-12246
MISC
MISC
CONFIRM
silverstripe — silverstripe SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user’s credentials or other sensitive user input. 2020-02-17 4.3 CVE-2019-19325
CONFIRM
silverstripe — silverstripe In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, 2020-02-19 6.8 CVE-2019-12437
MISC
MISC
CONFIRM
soplanning — simple_online_planning SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. 2020-02-18 4.3 CVE-2020-9266
MISC
soplanning — simple_online_planning SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. 2020-02-18 4.3 CVE-2020-9267
MISC
soplanning — simple_online_planning
 
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. 2020-02-18 5 CVE-2020-9268
MISC
twiki — twiki
 
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. 2020-02-17 6.4 CVE-2014-7236
MISC
MISC
BID
MISC
western_digital — mycloud.com Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. 2020-02-20 4.3 CVE-2020-8960
MISC
MISC
wordpress — wordpress Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-02-18 6.8 CVE-2020-5530
MISC
MISC
MISC
wordpress — wordpress
 
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities 2020-02-18 6.4 CVE-2013-4454
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. 2020-02-17 4.3 CVE-2020-6850
MISC
MISC
MISC
xirrus — multiple_wireless_arrays An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. 2020-02-17 4.3 CVE-2020-9022
MISC
zoho_manageengine — remote_access_plus An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. 2020-02-17 4 CVE-2019-20474
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
codologic — codofurm Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. 2020-02-15 3.5 CVE-2020-7050
CONFIRM
MISC
codologic — codofurm
 
Codoforum 4.8.8 allows self-XSS via the title of a new topic. 2020-02-16 3.5 CVE-2020-9007
MISC
dolibarr — dolibarr Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. 2020-02-16 3.5 CVE-2020-9016
MISC
huawei — hege-60_and_hege-570_and_multiple_osca_products Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. 2020-02-18 3.6 CVE-2020-1855
CONFIRM
huawei — mate_20_smartphones
 
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. 2020-02-18 2.1 CVE-2020-1791
CONFIRM
huawei — multiple_products Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. 2020-02-18 3.5 CVE-2020-1814
CONFIRM
huawei — multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. 2020-02-17 2.1 CVE-2020-1857
CONFIRM
huawei — multiple_smartphones
 
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. 2020-02-18 2.1 CVE-2020-1882
CONFIRM
prestashop — prestashop PrestaShop before 1.4.11 allows logout CSRF. 2020-02-14 3.5 CVE-2013-4792
MISC
prestashop — prestashop
 
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. 2020-02-14 3.5 CVE-2013-4791
MISC
wolf_cms — wolf_cms A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. 2020-02-19 3.5 CVE-2012-1932
MISC
wordpress — wordpress
 
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. 2020-02-14 3.5 CVE-2020-8594
MISC
CONFIRM
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abbott — freestyle_libre_sensors
 
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018). 2020-02-16 not yet calculated CVE-2020-8997
MISC
adobe — after_effects
 
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-20 not yet calculated CVE-2020-3765
CONFIRM
adobe — media_encoder
 
Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-20 not yet calculated CVE-2020-3764
CONFIRM
ansible — ansible The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. 2020-02-20 not yet calculated CVE-2014-4678
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ansible — ansible
 
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing ” src=”https://www.us-cert.gov clause, (2) a trailing ” temp=” clause, or (3) a trailing ” validate=” clause accompanied by a shell command. 2020-02-18 not yet calculated CVE-2014-4967
MISC
CONFIRM
ansible — ansible
 
Ansible before 1.6.7 does not prevent inventory data with “{{” and “lookup” substrings, and does not prevent remote data with “{{” substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(‘pipe’) calls or (2) crafted Jinja2 data. 2020-02-18 not yet calculated CVE-2014-4966
MISC
CONFIRM
ansible — ansible
 
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. 2020-02-20 not yet calculated CVE-2014-4658
CONFIRM
BID
ansible — ansible
 
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. 2020-02-20 not yet calculated CVE-2014-4657
CONFIRM
BID
ansible — ansible
 
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the “deb http://user:pass@server:port/” format. 2020-02-20 not yet calculated CVE-2014-4660
MISC
MISC
MISC
MISC
MISC
ansible — ansible
 
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the “deb http://user:pass@server:port/” format. 2020-02-20 not yet calculated CVE-2014-4659
CONFIRM
BID
apache — jclouds
 
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. 2020-02-18 not yet calculated CVE-2014-4651
MISC
MISC
apple — macos_x
 
The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5366
MISC
BID
atos — unify_openscape_uc_web_client Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. 2020-02-21 not yet calculated CVE-2019-19866
MISC
MISC
audiofile — audiofile
 
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. 2020-02-19 not yet calculated CVE-2015-7747
MISC
MISC
MISC
MISC
MISC
MISC
auieo — candid_applicant_tracking_system
 
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. 2020-02-22 not yet calculated CVE-2020-9341
MISC
avira — antivirus_engine
 
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. 2020-02-20 not yet calculated CVE-2020-9320
MISC
MISC
MISC
axous — axous Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. 2020-02-20 not yet calculated CVE-2012-2629
MISC
MISC
bodymen — bodymen
 
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10792
MISC
MISC
bosch — security_systems_nbn-498_dinion2x_ip_cameras The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. 2020-02-18 not yet calculated CVE-2015-6970
MISC
cacti — cacti
 
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. 2020-02-22 not yet calculated CVE-2020-8813
MISC
MISC
MISC
MISC
cisco — adaptive_security_appliance
 
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. 2020-02-19 not yet calculated CVE-2011-2054
CISCO
cisco — anyconnect_secure_mobility_client_for_windows
 
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. 2020-02-19 not yet calculated CVE-2020-3153
CISCO
cisco — asyncos_software_for_cisco_email_security_appliance A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. 2020-02-19 not yet calculated CVE-2020-3132
CISCO
cisco — cloud_web_security A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database. 2020-02-19 not yet calculated CVE-2020-3154
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-02-19 not yet calculated CVE-2020-3113
CISCO
cisco — data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. 2020-02-19 not yet calculated CVE-2020-3114
CISCO
cisco — data_center_network_manager
 
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. 2020-02-19 not yet calculated CVE-2020-3112
CISCO
cisco — enterprise_nfv_infrastructure_software
 
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device. 2020-02-19 not yet calculated CVE-2020-3138
CISCO
cisco — identity_services_engine A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2020-02-19 not yet calculated CVE-2020-3156
CISCO
cisco — ios_xe_sd-wan_software
 
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. 2020-02-19 not yet calculated CVE-2019-1950
CONFIRM
cisco — linksys_e4200_router
 
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi. 2020-02-18 not yet calculated CVE-2013-2679
MISC
MISC
MISC
MISC
MISC
cisco — meeting_server
 
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. 2020-02-19 not yet calculated CVE-2020-3160
CISCO
cisco — smart_software_manager_on-prem A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. 2020-02-19 not yet calculated CVE-2020-3158
CISCO
cisco — unified_contact_center_enterprise
 
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. 2020-02-19 not yet calculated CVE-2020-3163
CISCO
compenent — flatten.js All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10794
CONFIRM
coturn — coturn
 
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. 2020-02-19 not yet calculated CVE-2020-6061
MISC
coturn — coturn
 
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. 2020-02-19 not yet calculated CVE-2020-6062
MISC
couchbase — couchbase_server Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access). 2020-02-22 not yet calculated CVE-2020-9039
CONFIRM
d-link — dap-1330_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. 2020-02-22 not yet calculated CVE-2020-8861
N/A
N/A
d-link — dap-6210_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. 2020-02-22 not yet calculated CVE-2020-8862
N/A
N/A
d-link — dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. 2020-02-21 not yet calculated CVE-2020-6842
MISC
CONFIRM
d-link — dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. 2020-02-21 not yet calculated CVE-2020-6841
MISC
CONFIRM
d-link — dsr-250n_devices
 
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain “persistent root access” via the BusyBox CLI, as demonstrated by overwriting the super user password. 2020-02-19 not yet calculated CVE-2012-6614
CONFIRM
MISC
MISC
debian — x11-common
 
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. 2020-02-21 not yet calculated CVE-2012-1093
MISC
MISC
MISC
MISC
MISC
dell — client_consumer_and_commericial_platforms Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. 2020-02-21 not yet calculated CVE-2020-5324
MISC
dell — client_platforms
 
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. 2020-02-21 not yet calculated CVE-2020-5326
MISC
dot-object — dot-object dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10793
MISC
MISC
drupal — drupal The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. 2020-02-18 not yet calculated CVE-2013-4228
MISC
MISC
MISC
MISC
MISC
drupal — drupal
 
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. 2020-02-18 not yet calculated CVE-2013-4226
MISC
MISC
MISC
drupal — drupal
 
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. 2020-02-18 not yet calculated CVE-2013-4227
MISC
MISC
MISC
MISC
election — election fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. 2020-02-22 not yet calculated CVE-2020-9340
MISC
election — election
 
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> “message if election is closed” field. 2020-02-22 not yet calculated CVE-2020-9336
MISC
electronic_arts — origin
 
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client’s executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. 2020-02-20 not yet calculated CVE-2019-19741
MISC
emerson — openenterprise_scada_server A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. 2020-02-19 not yet calculated CVE-2020-6970
MISC
eset — multiple_products
 
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. 2020-02-18 not yet calculated CVE-2020-9264
FULLDISC
MISC
MISC
f-secure — multiple_products The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. 2020-02-22 not yet calculated CVE-2020-9342
MISC
facebook — hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000004
CONFIRM
CONFIRM
facebook — hhvm mcrypt_get_block_size did not enforce that the provided “module” parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000005
CONFIRM
CONFIRM
facebook — hhvm HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000109
CONFIRM
MISC
CONFIRM
freebsd — freebsd The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. 2020-02-20 not yet calculated CVE-2015-2923
MISC
MISC
MISC
MISC
freebsd — freebsd In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. 2020-02-18 not yet calculated CVE-2020-7450
MISC
freebsd — freebsd In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. 2020-02-18 not yet calculated CVE-2019-5613
MISC
freebsd — freebsd
 
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. 2020-02-18 not yet calculated CVE-2019-15875
MISC
general_electric — ultrasound_products
 
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products – all versions; LOGIQ – all versions not including LOGIQ 100 Pro; Voluson – all versions; Versana Essential – all versions; Invenia ABUS Scan station – all versions; Venue – all versions not including Venue 40 R1-3 and Venue 50 R4-5 2020-02-20 not yet calculated CVE-2020-6977
MISC
gitlab — gitlab_enterprise_edition
 
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. 2020-02-17 not yet calculated CVE-2019-12825
MISC
CONFIRM
gogs — gogs Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. 2020-02-21 not yet calculated CVE-2020-9329
MISC
golang — go golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. 2020-02-20 not yet calculated CVE-2020-9283
CONFIRM
google — android
 
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. 2020-02-21 not yet calculated CVE-2014-7914
MISC
google — android
 
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. 2020-02-20 not yet calculated CVE-2014-7951
MISC
MISC
MISC
MISC
MISC
goverlan — reach_console_ and_reach_server_and_client_agent Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. 2020-02-16 not yet calculated CVE-2019-20456
MISC
hitron — coda-4582u-devices
 
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. 2020-02-19 not yet calculated CVE-2020-8824
MISC
honeywell — inncom_inncontrol_3_device Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. 2020-02-20 not yet calculated CVE-2020-6968
MISC
hp — forfity_sca The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. 2020-02-19 not yet calculated CVE-2014-2228
CONFIRM
huawei — p10_plus_smartphones
 
Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. 2020-02-18 not yet calculated CVE-2020-1872
CONFIRM
ibm — db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. 2020-02-19 not yet calculated CVE-2020-4230
XF
CONFIRM
ibm — db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914. 2020-02-19 not yet calculated CVE-2020-4200
XF
CONFIRM
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. 2020-02-19 not yet calculated CVE-2019-4429
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. 2020-02-19 not yet calculated CVE-2019-4640
XF
CONFIRM
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. 2020-02-18 not yet calculated CVE-2012-0718
MISC
jackweb — gecko_cms
 
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities 2020-02-18 not yet calculated CVE-2015-1425
MISC
jetbrains — scala_plugin In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. 2020-02-21 not yet calculated CVE-2020-7907
MISC
MISC
jyaml — jyaml
 
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. 2020-02-19 not yet calculated CVE-2020-8441
MISC
MISC
MISC
MISC
kaseya — traverse Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data. 2020-02-17 not yet calculated CVE-2020-8427
CONFIRM
kaseya — virtual_system_administrator
 
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. 2020-02-17 not yet calculated CVE-2015-6922
MISC
MISC
MISC
MISC
MISC
labvantage_solutions — labvantage_laboratory_information_management
 
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an ‘Unrecognized Database exception message if the database does not exist. 2020-02-17 not yet calculated CVE-2020-7959
MISC
EXPLOIT-DB
libarchive — libarchive
 
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. 2020-02-20 not yet calculated CVE-2020-9308
MISC
MISC
MISC
libnsfig — libnsfig Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file. 2020-02-18 not yet calculated CVE-2015-7505
MISC
MISC
libnsfig — libnsfig The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file. 2020-02-18 not yet calculated CVE-2015-7506
MISC
linux — linux_kernel OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. 2020-02-19 not yet calculated CVE-2012-0055
MLIST
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
linux — linux_kernel fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. 2020-02-20 not yet calculated CVE-2011-4915
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. 2020-02-20 not yet calculated CVE-2011-0699
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. 2020-02-20 not yet calculated CVE-2011-2498
MISC
MISC
MISC
MISC
MISC
longtail_video — jw_player
 
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. 2020-02-20 not yet calculated CVE-2012-3351
MISC
MISC
MISC
MISC
MISC
MISC
mcafee — data_exchange_layer_framework Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. 2020-02-17 not yet calculated CVE-2020-7252
CONFIRM
microsemi — symmetricom_syncserver Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. 2020-02-17 not yet calculated CVE-2020-9034
MISC
microsoft — windows_7
 
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5364
MISC
BID
mitsubishi_electric — multiple_controller_modules
 
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. 2020-02-17 not yet calculated CVE-2020-5531
MISC
MISC
moped_gem_for_ruby_on_rails — moped_gem_for_ruby_on_rails The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. 2020-02-20 not yet calculated CVE-2015-4411
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moped_gem_for_ruby_on_rails — moped_gem_for_ruby_on_rails
 
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. 2020-02-20 not yet calculated CVE-2015-4410
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefox
 
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding 2020-02-18 not yet calculated CVE-2013-5594
MISC
MISC
multiple_vendors — multiple_products The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. 2020-02-20 not yet calculated CVE-2012-5362
MISC
BID
multiple_vendors — multiple_products
 
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. 2020-02-20 not yet calculated CVE-2012-5363
MISC
BID
multiple_vendors — multiple_products
 
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to “a number of underlying issues” in which “some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.” 2020-02-21 not yet calculated CVE-2012-6277
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
multiple_vendors — multiple_products
 
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices allow attackers to bypass intended TACACS+ shell restrictions via a | character. 2020-02-20 not yet calculated CVE-2020-9015
MISC
MISC
multiple_vendors — multiple_products
 
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5365
MISC
BID
musl — libc Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. 2020-02-20 not yet calculated CVE-2014-3484
MISC
MISC
netsurf — netsurf Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. 2020-02-21 not yet calculated CVE-2012-0844
MISC
MISC
MISC
BID
nokogiri_gem_for_ruby_on_rails — nokogiri_gem_for_ruby_on_rails Nokogiri before 1.5.4 is vulnerable to XXE attacks 2020-02-19 not yet calculated CVE-2012-6685
MISC
CONFIRM
CONFIRM
open-xchange — open-xchange_appsuite OX App Suite through 7.10.2 allows SSRF. 2020-02-21 not yet calculated CVE-2019-18846
MISC
open_dynamics — collabtive Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. 2020-02-17 not yet calculated CVE-2015-0258
MISC
MISC
open_networking_foundation — open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16302
MISC
open_networking_foundation — open_network_operating_system Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy. 2020-02-20 not yet calculated CVE-2019-11189
MISC
open_networking_foundation — open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16299
MISC
open_networking_foundation — open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16300
MISC
open_networking_foundation — open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16301
MISC
open_networking_foundation — open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16298
MISC
open_networking_foundation — open_network_operating_system
 
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16297
MISC
openhab — openhab openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. 2020-02-20 not yet calculated CVE-2020-5242
MISC
CONFIRM
openjpeg — openjpeg
 
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. 2020-02-20 not yet calculated CVE-2016-3182
MISC
MISC
MISC
CONFIRM
openpam — nummularia
 
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. 2020-02-18 not yet calculated CVE-2014-3879
MISC
CONFIRM
BID
MISC
openshift — servicemesh An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-02-17 not yet calculated CVE-2020-1704
CONFIRM
openstack — nova
 
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service’s logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. 2020-02-19 not yet calculated CVE-2015-9543
MLIST
MISC
MISC
CONFIRM
openstack — swift
 
OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE 2020-02-20 not yet calculated CVE-2013-7109
MISC
MISC
MISC
MISC
MISC
MISC
MISC
otrs — otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 not yet calculated CVE-2013-4088
MISC
MISC
MISC
MISC
otrs — otrs_itsm Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 not yet calculated CVE-2013-3551
MISC
MISC
owncloud — owncloud_server The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. 2020-02-17 not yet calculated CVE-2015-4715
MISC
MISC
CONFIRM
MISC
patriot — viper_rgb A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. 2020-02-21 not yet calculated CVE-2019-19452
MISC
MISC
phoenix_contact — axl_f_bk_pn_and_axl_f_bk_eth_and_axl_f_bk_xc_devices An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices. Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. 2020-02-18 not yet calculated CVE-2018-16994
CONFIRM
phoenix_contact — emalytics_controller_ilc
 
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. 2020-02-17 not yet calculated CVE-2020-8768
MISC
phoenix_contact — fl_nat_2208_and_fl_nat_2304-2gc-2sfp_devices Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. 2020-02-18 not yet calculated CVE-2019-18352
MISC
php_group — hypertext_preprocessor
 
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. 2020-02-19 not yet calculated CVE-2014-3622
MISC
MISC
MISC
phpmychat-plus — phpmychat-plus phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. 2020-02-18 not yet calculated CVE-2020-9265
MISC
puppet — puppet_and_puppet_agent
 
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node’s catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. 2020-02-19 not yet calculated CVE-2020-7942
CONFIRM
python — python The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. 2020-02-20 not yet calculated CVE-2014-4650
MISC
MISC
REDHAT
red_gate_software — sql_monitor Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15. 2020-02-20 not yet calculated CVE-2020-9318
MISC
samsung — galaxy_s10_devices
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. 2020-02-22 not yet calculated CVE-2020-8860
N/A
N/A
solarwinds — network_performance_monitor SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. 2020-02-17 not yet calculated CVE-2019-12954
MISC
soplanning — simple_online_planning SOPlanning 1.45 allows XSS via the “Your SoPlanning url” field. 2020-02-22 not yet calculated CVE-2020-9338
MISC
soplanning — simple_online_planning
 
SOPlanning 1.45 allows XSS via the Name or Comment to status.php. 2020-02-22 not yet calculated CVE-2020-9339
MISC
sqlite — sqlite In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. 2020-02-21 not yet calculated CVE-2020-9327
MISC
MISC
MISC
synacor — zimbra_collaboration_suite An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. 2020-02-18 not yet calculated CVE-2020-8633
CONFIRM
synacor — zimbra_collaboration_suite Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. 2020-02-18 not yet calculated CVE-2020-7796
CONFIRM
taffy — taffy
 
taffy through 2.6.2 allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. 2020-02-17 not yet calculated CVE-2019-10790
MISC
tibco_software — ebx
 
The Web server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. 2020-02-19 not yet calculated CVE-2019-17333
CONFIRM
CONFIRM
topmanage — olk_2020
 
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. 2020-02-18 not yet calculated CVE-2020-6844
MISC
EXPLOIT-DB
topmanage — olk_2020
 
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. 2020-02-18 not yet calculated CVE-2020-6845
MISC
EXPLOIT-DB
trend_micro — multiple_products
 
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. 2020-02-20 not yet calculated CVE-2019-14688
MISC
trend_micro — security_2019
 
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product’s malware protection functions or the entire product completely.. 2020-02-20 not yet calculated CVE-2019-19694
MISC
MISC
MISC
MISC
trend_micro — vulnerability_protection
 
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. 2020-02-20 not yet calculated CVE-2020-8601
MISC
trustwave — mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. 2020-02-19 not yet calculated CVE-2014-2727
MISC
tucan — tucan
 
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. 2020-02-21 not yet calculated CVE-2012-0063
MLIST
MISC
MISC
MISC
ua-parser — ua-core
 
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. 2020-02-21 not yet calculated CVE-2020-5243
MISC
CONFIRM
undefsafe — undefsafe
 
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The ‘a’ function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10795
MISC
MISC
valve — dota_2
 
meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled. 2020-02-17 not yet calculated CVE-2020-9005
MISC
vmware — vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. 2020-02-19 not yet calculated CVE-2020-3943
CONFIRM
vmware — vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. 2020-02-19 not yet calculated CVE-2020-3944
CONFIRM
vmware — vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information 2020-02-19 not yet calculated CVE-2020-3945
CONFIRM
webkit-gtk — webkit-gtk
 
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. 2020-02-17 not yet calculated CVE-2013-7324
MISC
MISC
MISC
western_digital — multiple_products
 
Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. 2020-02-19 not yet calculated CVE-2020-8959
MISC
MISC
western_digital — my_cloud_home Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. 2020-02-20 not yet calculated CVE-2020-8990
MISC
MISC
wordpress — wordpress
 
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. 2020-02-20 not yet calculated CVE-2020-9003
MISC
MISC
MISC
MISC
world_wide_web_consortium — hypertext_transfer_protocol_secure The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a “BREACH” attack, a different issue than CVE-2012-4929. 2020-02-21 not yet calculated CVE-2013-3587
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wso2 — transport-http Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. 2020-02-19 not yet calculated CVE-2019-10797
CONFIRM
xchat-wdk — xchat-wdk
 
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). 2020-02-21 not yet calculated CVE-2012-0828
MISC
MISC
MISC
MISC
xerox — workcentre_printers
 
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices. 2020-02-21 not yet calculated CVE-2020-9330
MISC
MISC
yaml_project — pyyaml PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. 2020-02-19 not yet calculated CVE-2019-20477
MISC
MISC
yaml_project — ruamel.yaml
 
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. 2020-02-19 not yet calculated CVE-2019-20478
MISC
zmartzone — mod_auth_openidc A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. 2020-02-20 not yet calculated CVE-2019-20479
MISC
MISC
zte — zxv10_w300_router ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. 2020-02-20 not yet calculated CVE-2014-4019
MISC
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: February 17, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 10 CVE-2020-3740
CONFIRM
ajaxeplorer — ajaxeplorer
 
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). 2020-02-11 10 CVE-2013-4267
MISC
MISC
MISC
artica — pandora_fms
 
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. 2020-02-12 9 CVE-2020-8947
MISC
MISC
MISC
atutor — atutor
 
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. 2020-02-11 7.5 CVE-2014-9753
MISC
MISC
MISC
MISC
MISC
belkin — n300_router
 
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using “Javascript debugging.” 2020-02-07 10 CVE-2013-3091
MISC
MISC
MISC
biscom — secure_file_transfer
 
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. 2020-02-07 7.5 CVE-2020-8796
MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/175922
bosch — bvms_mobile_video_service
 
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed. 2020-02-07 10 CVE-2020-6770
CONFIRM
canonical — lxc
 
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. 2020-02-10 9.3 CVE-2017-18641
MISC
corsair — corsair_icue
 
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. 2020-02-07 7.2 CVE-2020-8808
MISC
MISC
d-link — multiple_products
 
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. 2020-02-11 10 CVE-2013-5945
MISC
MISC
MISC
MISC
MISC
dell — multiple_products
 
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. 2020-02-11 10 CVE-2013-1359
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
dell — multiple_products
 
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. 2020-02-11 10 CVE-2013-1360
MISC
MISC
MISC
MISC
MISC
MISC
echoping_project — echoping
 
echoping through 6.0.2 has buffer overflow vulnerabilities 2020-02-11 10 CVE-2013-4448
MISC
MISC
MISC
enorth — enorth_webpublisher_cms
 
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. 2020-02-12 7.5 CVE-2015-5617
MISC
MISC
eyesofnetwork — eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. 2020-02-07 9.3 CVE-2020-8655
MISC
MISC
eyesofnetwork — eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. 2020-02-07 7.5 CVE-2020-8656
MISC
MISC
eyesofnetwork — eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. 2020-02-07 9 CVE-2020-8654
MISC
MISC
golang — go
 
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. 2020-02-08 7.5 CVE-2015-5741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
google — android
 
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. 2020-02-07 9 CVE-2014-7224
MISC
MISC
MISC
MISC
google — chrome
 
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 9.3 CVE-2020-6406
SUSE
MISC
MISC
hubot_scripts — hubot_scripts scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. 2020-02-12 7.5 CVE-2013-7378
MISC
MISC
MISC
MISC
ibm — sterling_authentication_server
 
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. 2020-02-11 7.2 CVE-2013-0517
MISC
MISC
libnotify — libnotify
 
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. 2020-02-12 7.5 CVE-2013-7381
MISC
MISC
CONFIRM
MISC
linux — linux_kernel
 
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. 2020-02-11 7.2 CVE-2009-4067
MISC
MISC
lstio — lstio
 
Istio 1.3 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. 2020-02-12 7.5 CVE-2020-8595
REDHAT
CONFIRM
MISC
MISC
MISC
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. 2020-02-08 9.3 CVE-2012-4381
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microsoft — multiple_internet_explorer_products
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0674
MISC
microsoft — multiple_internet_explorer_products
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0673
MISC
microsoft — chakacore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0711
MISC
microsoft — chakacore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713. 2020-02-11 7.6 CVE-2020-0767
MISC
microsoft — chakacore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0712
MISC
microsoft — chakacore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0710
MISC
microsoft — chakacore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767. 2020-02-11 7.6 CVE-2020-0713
MISC
microsoft — excel
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. 2020-02-11 9.3 CVE-2020-0759
MISC
microsoft — multiple_microsoft_exchange_server_products
 
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. 2020-02-11 9 CVE-2020-0688
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0720
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0683. 2020-02-11 7.2 CVE-2020-0686
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka ‘Remote Desktop Client Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0734. 2020-02-11 7.6 CVE-2020-0681
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. 2020-02-11 8.5 CVE-2020-0655
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka ‘Windows SSH Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0757
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. 2020-02-11 9.3 CVE-2020-0738
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. 2020-02-11 9 CVE-2020-0662
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0678
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726. 2020-02-11 7.2 CVE-2020-0731
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0725
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0671, CVE-2020-0672. 2020-02-11 7.2 CVE-2020-0670
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0726
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792. 2020-02-11 7.2 CVE-2020-0745
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka ‘Remote Desktop Client Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0681. 2020-02-11 9.3 CVE-2020-0734
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0723
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0719
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680. 2020-02-11 7.2 CVE-2020-0682
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0671. 2020-02-11 7.2 CVE-2020-0672
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686. 2020-02-11 7.2 CVE-2020-0683
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Wireless Network Manager improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Wireless Network Manager Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0704
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0722
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows IME Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0707
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0685
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0721
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. 2020-02-11 7.2 CVE-2020-0703
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0672. 2020-02-11 7.2 CVE-2020-0671
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 7.2 CVE-2020-0724
MISC
microsoft — office365_proplus_for_32-bit_and_64-bit_systems
 
An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka ‘Microsoft Office Tampering Vulnerability’. 2020-02-11 7.2 CVE-2020-0697
MISC
microsoft — windows_10_and_windows_server
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745. 2020-02-11 7.2 CVE-2020-0792
MISC
microsoft — windows_10_and_windows_server_2016
 
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0732. 2020-02-11 7.2 CVE-2020-0709
MISC
microsoft — windows_10_and_windows_server_2016
 
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0709. 2020-02-11 7.2 CVE-2020-0732
MISC
microvirt — memu
 
An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat’s systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters. 2020-02-11 10 CVE-2019-14514
MISC
netgear — ac1200_smart_wifi_router
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. 2020-02-10 7.5 CVE-2019-17137
MISC
netis — wf2419_router
 
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. 2020-02-07 8.5 CVE-2019-19356
MISC
MISC
node.js — node.js
 
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed 2020-02-07 7.5 CVE-2019-15605
MISC
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nodejs — nodejs
 
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons 2020-02-07 7.5 CVE-2019-15606
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nw.js — nw.js
 
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. 2020-02-07 7.5 CVE-2014-9530
CONFIRM
omniauth-weibo-oauth2_gem_for_ruby_rails — omniauth-weibo-oauth2_gem_for_ruby_rails
 
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. 2020-02-07 7.5 CVE-2019-17268
MISC
CONFIRM
openpne — opopensocialplugin
 
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities 2020-02-07 7.5 CVE-2013-4335
MISC
MISC
MISC
openpne — opwebapiplugin
 
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities 2020-02-07 7.5 CVE-2013-4334
MISC
MISC
phxeventmanager — phxeventmanager
 
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. 2020-02-11 7.5 CVE-2012-1124
MISC
MISC
MISC
MISC
MISC
polarbear — polarbear_cms
 
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. 2020-02-11 7.5 CVE-2013-0803
MISC
MISC
MISC
polycomm — web_management_interface_g3/hdx_800_hd
 
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password. 2020-02-10 10 CVE-2012-6611
MISC
MISC
qemu — qemu
 
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. 2020-02-11 7.2 CVE-2013-4535
MISC
MISC
MISC
MISC
MISC
MISC
qualcomm — multiple_snapdragon_products

 

Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24 2020-02-07 7.2 CVE-2019-14044
CONFIRM
qualcomm — multiple_snapdragon_products

 

APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 2020-02-07 7.2 CVE-2019-14002
CONFIRM
qualcomm — multiple_snapdragon_products

 

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130 2020-02-07 7.2 CVE-2019-14088
CONFIRM
MISC
qualcomm — multiple_snapdragon_products

 

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24 2020-02-07 7.2 CVE-2019-14046
CONFIRM
qualcomm — multiple_snapdragon_products

 

Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-02-07 7.2 CVE-2019-14049
CONFIRM
qualcomm — multiple_snapdragon_products

 

Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14055
CONFIRM
qualcomm — multiple_snapdragon_products

 

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14060
CONFIRM
qualcomm — multiple_snapdragon_products
 
There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-10567
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 10 CVE-2019-10590
CONFIRM
qualcomm — multiple_snapdragon_products
 
Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 9.4 CVE-2019-14057
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-02-07 9.4 CVE-2019-14063
CONFIRM
qualcomm — snapdragon_industrial_iot
 
Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 2020-02-07 7.2 CVE-2019-14051
CONFIRM
ruby_pdfkit_gem_for_ruby_on_rails — ruby_pdfkit_gem_for_ruby_on_rails
 
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability 2020-02-11 7.5 CVE-2013-1607
MISC
MISC
secom — dr.id
 
Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. 2020-02-11 7.5 CVE-2020-3934
MISC
MISC
MISC
siemens — multiple_scalance_products
 
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. 2020-02-11 7.8 CVE-2019-13926
MISC
simplejobscript — simplejobscript
 
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. 2020-02-07 7.5 CVE-2020-8645
MISC
sphider — sphider_pro_and_sphider_plus
 
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. 2020-02-10 7.5 CVE-2014-5086
MISC
sphider — sphider_search_engine
 
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. 2020-02-07 7.5 CVE-2014-5087
MISC
MISC
status2k — server_monitoring_software
 
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. 2020-02-07 10 CVE-2014-5091
MISC
MISC
MISC
MISC
ui — edgeswitch
 
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don’t fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). 2020-02-07 7.2 CVE-2020-8126
MISC
wordpress — wordpress
 
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability 2020-02-12 7.5 CVE-2013-2010
MISC
MISC
MISC
MISC
wordpress — wordpress
 
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload 2020-02-11 10 CVE-2013-3684
MISC
MISC
wordpress — wordpress
 
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. 2020-02-08 7.5 CVE-2014-8739
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
yabb — yabb
 
YaBB through 2.5.2: ‘guestlanguage’ Cookie Parameter Local File Include Vulnerability 2020-02-11 7.5 CVE-2013-2057
MISC
MISC
MISC
zend_framework — zend_framework
 
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. 2020-02-11 7.5 CVE-2014-2052
MISC
CONFIRM
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3733
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3731
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3721
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3739
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3738
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3728
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3736
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3735
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3734
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3732
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3737
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3730
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3729
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3727
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3726
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3725
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3724
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3723
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3722
CONFIRM
adobe — framemaker
 
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 6.8 CVE-2020-3720
CONFIRM
apple — ios_and_os_x LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. 2020-02-12 4.3 CVE-2014-8128
MISC
MISC
MISC
MISC
MISC
MISC
MISC
atlassian — jira_server_and_data_center
 
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 2020-02-12 6.8 CVE-2019-20099
N/A
N/A
atlassian — jira_server_and_data_center
 
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 2020-02-12 6.8 CVE-2019-20098
N/A
N/A
blackberry — playbook
 
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error 2020-02-10 4.3 CVE-2012-5828
MISC
MISC
MISC
MISC
bludit — bludit
 
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users’ profile pictures. 2020-02-07 4 CVE-2020-8811
MISC
bosch — multiple_products
 
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. 2020-02-07 5 CVE-2020-6768
CONFIRM
bosch — video_streaming_gateway_and_divar_ip
 
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device’s firewall. 2020-02-07 6.4 CVE-2020-6769
CONFIRM
canonical — ubuntu
 
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. 2020-02-08 4.6 CVE-2019-11484
MISC
MISC
canonical — ubuntu
 
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. 2020-02-08 6.1 CVE-2019-11481
MISC
MISC
ceph — rgw_beast
 
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. 2020-02-07 6.8 CVE-2020-1700
SUSE
CONFIRM
chamilo — chamilo_lms
 
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. 2020-02-08 4.3 CVE-2012-4029
MISC
MISC
MISC
cisco — application_control_engine Cisco ACE A2(3.6) allows log retention DoS. 2020-02-07 5 CVE-2013-1202
MISC
clearcanvas — clearcanvas Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. 2020-02-07 4.3 CVE-2020-8788
MISC
cypress — psoc_4_devices The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. 2020-02-10 6.1 CVE-2019-17061
MISC
MISC
d-link — dir865l_devices
 
D-Link DIR865L v1.03 suffers from an “Unauthenticated Hardware Linking” vulnerability. 2020-02-07 4.3 CVE-2013-3096
MISC
MISC
MISC
daum_communications — potplayer
 
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability 2020-02-11 6.8 CVE-2013-3942
MISC
MISC
dialog — da14580/1/2/3_devices
 
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. 2020-02-10 6.1 CVE-2019-17517
MISC
MISC
dialog — da1468x_devices
 
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock. 2020-02-10 6.1 CVE-2019-17518
MISC
MISC
docker — docker
 
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. 2020-02-07 4.3 CVE-2014-5278
MISC
MISC
MISC
drupal — drupal
 
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the “access basic_webmail” permission to read arbitrary users’ email addresses. 2020-02-08 4 CVE-2012-5570
MISC
MISC
MISC
CONFIRM
filemaker — filemaker_pro_and_filemaker_advanced
 
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. 2020-02-11 4.6 CVE-2014-8347
MISC
MISC
MISC
MISC
MISC
flowplayer — flowplayer_flash
 
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. 2020-02-08 6.8 CVE-2011-3642
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
fork — fork_cms
 
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. 2020-02-08 4.3 CVE-2014-9470
MISC
MISC
MISC
MISC
MISC
MISC
fortiguard — forticlient_for_linux
 
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted “BackupConfig” type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. 2020-02-07 6.6 CVE-2019-16155
MISC
CONFIRM
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773. 2020-02-08 6.8 CVE-2019-13333
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774. 2020-02-08 6.8 CVE-2019-13334
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775. 2020-02-08 6.8 CVE-2019-17135
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776. 2020-02-08 6.8 CVE-2019-17136
MISC
gizmo5 — gizmo5
 
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a “SIP Digest Leak” issue. 2020-02-12 4.3 CVE-2009-5139
MISC
MISC
google — chrome Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6414
SUSE
MISC
MISC
google — chrome

 

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2020-02-11 4.3 CVE-2020-6392
SUSE
MISC
MISC
google — chrome

 

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6393
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6415
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6413
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. 2020-02-11 6.8 CVE-2020-6410
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. 2020-02-11 6.8 CVE-2020-6409
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. 2020-02-11 6.8 CVE-2020-6402
SUSE
MISC
MISC
google — chrome
 
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6379
MISC
MISC
google — chrome
 
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6382
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6385
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. 2020-02-11 6.8 CVE-2020-6380
MISC
MISC
google — chrome
 
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6381
SUSE
MISC
MISC
google — chrome
 
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2020-02-11 6.8 CVE-2020-6398
SUSE
MISC
MISC
google — chrome
 
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6390
SUSE
MISC
MISC
google — chrome
 
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. 2020-02-11 6.8 CVE-2020-6389
SUSE
MISC
MISC
google — chrome
 
Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6388
SUSE
MISC
MISC
google — chrome
 
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. 2020-02-11 6.8 CVE-2020-6387
SUSE
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2020-02-11 5.8 CVE-2020-6412
SUSE
MISC
MISC
google — chrome
 
Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6378
MISC
MISC
google — chrome
 
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-11 6.8 CVE-2020-6416
SUSE
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2020-02-11 5.8 CVE-2020-6411
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. 2020-02-11 4.6 CVE-2020-6417
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to potentially exploit heap corruption via crafted clipboard content. 2020-02-11 4.6 CVE-2020-6404
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2020-02-11 5.8 CVE-2020-6394
SUSE
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6391
SUSE
MISC
MISC
google — chrome
 
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6395
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6396
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6397
SUSE
MISC
MISC
google — chrome
 
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6400
SUSE
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2020-02-11 4.3 CVE-2020-6401
SUSE
MISC
MISC
google — chrome
 
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6403
SUSE
MISC
MISC
google — chrome
 
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6405
SUSE
MISC
MISC
google — chrome
 
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2020-02-11 4.3 CVE-2020-6399
SUSE
MISC
MISC
hp — system_event_utility
 
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service. 2020-02-13 4.6 CVE-2019-18915
FULLDISC
MISC
htmlunit — htmlunit
 
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application. 2020-02-11 6.8 CVE-2020-5529
CONFIRM
JVN
ibm — cloud_cli
 
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773. 2020-02-12 5 CVE-2019-4427
XF
CONFIRM
ibm — content_navigator
 
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815. 2020-02-12 5 CVE-2019-4741
XF
CONFIRM
ibm — infosphere_guardium InfoSphere Guardium aix_ktap module: DoS 2020-02-10 4.9 CVE-2012-2204
MISC
ispconfig — ispconfig
 
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution 2020-02-07 6.5 CVE-2013-3629
MISC
MISC
MISC
MISC
jenkins — jenkins
 
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. 2020-02-12 4 CVE-2020-2118
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. 2020-02-12 6.5 CVE-2020-2115
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-02-12 4 CVE-2020-2128
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. 2020-02-12 6.5 CVE-2020-2120
MLIST
CONFIRM
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2020-02-12 6.8 CVE-2020-2116
MLIST
CONFIRM
jenkins — jenkins
 
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2020-02-12 4 CVE-2020-2117
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-02-12 4 CVE-2020-2125
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-02-12 6.5 CVE-2020-2121
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-02-12 4 CVE-2020-2126
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2020-02-12 4 CVE-2020-2127
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-02-12 4 CVE-2020-2133
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-02-12 4 CVE-2020-2129
MLIST
CONFIRM
jenkins — jenkins
 
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. 2020-02-12 6.5 CVE-2020-2110
MLIST
CONFIRM
jenkins — jenkins
 
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. 2020-02-12 6.5 CVE-2020-2109
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-02-12 4 CVE-2020-2130
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2020-02-12 4 CVE-2020-2131
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2020-02-12 5 CVE-2020-2114
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2020-02-12 5 CVE-2020-2119
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-02-12 4 CVE-2020-2132
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. 2020-02-12 4 CVE-2020-2124
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-02-12 6.5 CVE-2020-2123
MLIST
CONFIRM
kemp_technologies — loadmaster
 
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. 2020-02-07 6.8 CVE-2014-5288
MISC
MISC
konqueror — konqueror The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to “type confusion.” 2020-02-08 6.8 CVE-2012-4512
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
libgd — libgd
 
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). 2020-02-11 5 CVE-2018-14553
MISC
MISC
MISC
linksys — spa2102_devices
 
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a “SIP Digest Leak” issue. 2020-02-12 4.3 CVE-2009-5140
MISC
MISC
linux — linux_kernel
 
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. 2020-02-12 4.9 CVE-2012-0810
MISC
CONFIRM
CONFIRM
linuxmint — linuxmint
 
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. 2020-02-07 5 CVE-2012-1567
MISC
MISC
linuxmint — linuxmint
 
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. 2020-02-07 5 CVE-2012-1566
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. 2020-02-10 5.8 CVE-2019-19669
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. 2020-02-10 5.8 CVE-2019-19667
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. 2020-02-10 4.3 CVE-2019-19668
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. 2020-02-10 4.3 CVE-2019-19665
MISC
MISC
maxum_development_corporation — rumpus_ftp A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. 2020-02-10 4.3 CVE-2019-19661
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. 2020-02-10 5.8 CVE-2019-19663
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. 2020-02-10 4.3 CVE-2019-19666
MISC
MISC
maxum_development_corporation — rumpus_ftp A CSRF vulnerability exists in the Web File Manager’s Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html. 2020-02-10 4.3 CVE-2019-19660
MISC
MISC
maxum_development_corporation — rumpus_ftp A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. 2020-02-10 4.3 CVE-2019-19670
MISC
MISC
maxum_development_corporation — rumpus_ftp_server A CSRF vulnerability exists in the Web File Manager’s Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users’ details, and escalate privileges via RAPR/DefineUsersSet.html. 2020-02-10 6.8 CVE-2019-19659
MISC
MISC
mfscripts — yetishare
 
MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used). 2020-02-10 5 CVE-2019-20062
MISC
MISC
MISC
mfscripts — yetishare
 
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. 2020-02-10 5 CVE-2019-20060
MISC
MISC
MISC
mfscripts — yetishare
 
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password. 2020-02-10 5 CVE-2019-20061
MISC
MISC
MISC
mfscripts — yetishare
 
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732. 2020-02-10 6.8 CVE-2019-20059
MISC
MISC
MISC
MISC
microchip_technology — atsamb11_devices The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. 2020-02-10 6.1 CVE-2019-19195
MISC
MISC
microsoft — edge
 
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka ‘Microsoft Edge Elevation of Privilege Vulnerability’. 2020-02-11 4 CVE-2020-0663
MISC
microsoft — exchange_server_2013_and_2016_and_2019
 
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ‘Microsoft Exchange Server Elevation of Privilege Vulnerability’. 2020-02-11 6.8 CVE-2020-0692
MISC
microsoft — internet_explorer_10_and_11_and_edge
 
An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka ‘Microsoft Browser Information Disclosure Vulnerability’. 2020-02-11 4.3 CVE-2020-0706
MISC
microsoft — malicious_software_removal_tool
 
An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability’. 2020-02-11 4.6 CVE-2020-0733
MISC
microsoft — multiple_products
 
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka ‘Microsoft Outlook Security Feature Bypass Vulnerability’. 2020-02-11 4.3 CVE-2020-0696
MISC
microsoft — multiple_windows_products A security feature bypass vulnerability exists in secure boot, aka ‘Microsoft Secure Boot Security Feature Bypass Vulnerability’. 2020-02-11 4.6 CVE-2020-0689
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682. 2020-02-11 4.6 CVE-2020-0680
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752. 2020-02-11 4.6 CVE-2020-0735
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. 2020-02-11 4.6 CVE-2020-0669
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory, aka ‘Windows Client License Service Elevation of Privilege Vulnerability’. 2020-02-11 4.6 CVE-2020-0701
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. 2020-02-11 4.6 CVE-2020-0740
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0739. 2020-02-11 4.6 CVE-2020-0737
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749. 2020-02-11 4.6 CVE-2020-0750
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0737. 2020-02-11 4.6 CVE-2020-0739
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. 2020-02-11 4.6 CVE-2020-0668
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. 2020-02-11 4.6 CVE-2020-0741
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. 2020-02-11 4.6 CVE-2020-0742
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750. 2020-02-11 4.6 CVE-2020-0743
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ‘Windows Data Sharing Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0659. 2020-02-11 4.6 CVE-2020-0747
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750. 2020-02-11 4.6 CVE-2020-0749
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735. 2020-02-11 4.6 CVE-2020-0752
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0680, CVE-2020-0682. 2020-02-11 4.6 CVE-2020-0679
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Information Disclosure Vulnerability’. 2020-02-11 5 CVE-2020-0746
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka ‘Active Directory Elevation of Privilege Vulnerability’. 2020-02-11 6.8 CVE-2020-0665
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0754. 2020-02-11 4.6 CVE-2020-0753
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka ‘LNK Remote Code Execution Vulnerability’. 2020-02-11 6.8 CVE-2020-0729
MISC
microsoft — multiple_windows_products
 
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’. 2020-02-11 5 CVE-2020-0660
MISC
microsoft — multiple_windows_products
 
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0751. 2020-02-11 5.5 CVE-2020-0661
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. 2020-02-11 4.6 CVE-2020-0657
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ‘Windows Data Sharing Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0747. 2020-02-11 4.6 CVE-2020-0659
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752. 2020-02-11 4.6 CVE-2020-0666
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0666, CVE-2020-0735, CVE-2020-0752. 2020-02-11 4.6 CVE-2020-0667
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0753. 2020-02-11 4.6 CVE-2020-0754
MISC
microsoft — sql_server_2012_and_2014_and_2016
 
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka ‘Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability’. 2020-02-11 6.5 CVE-2020-0618
MISC
microsoft — surface_hub
 
A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka ‘Surface Hub Security Feature Bypass Vulnerability’. 2020-02-11 4.6 CVE-2020-0702
MISC
misp_project — misp
 
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests. 2020-02-12 4.3 CVE-2020-8890
MISC
MISC
MISC
misp_project — misp
 
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests. 2020-02-12 4.3 CVE-2020-8891
MISC
MISC
MISC
misp_project — misp
 
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. 2020-02-12 6.8 CVE-2020-8892
MISC
MISC
MISC
misp_project — misp
 
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. 2020-02-12 5 CVE-2020-8893
MISC
MISC
misp_project — misp
 
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. 2020-02-12 6.4 CVE-2020-8894
MISC
MISC
netcracker — netcracker_resource_management_system
 
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. 2020-02-08 6.5 CVE-2015-3423
MISC
MISC
netsurf — libnsbmp
 
Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file. 2020-02-12 6.8 CVE-2015-7508
MISC
MISC
node.js — node.js
 
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate 2020-02-07 5 CVE-2019-15604
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nxp — kw41z_devices
 
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. 2020-02-10 6.1 CVE-2019-17060
MISC
MISC
oberhumer — liblzo2_and_lzo-2
 
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. 2020-02-12 6.8 CVE-2014-4607
MISC
CONFIRM
open-school — open-school_community_edition
 
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. 2020-02-08 4 CVE-2014-9127
MISC
open-school — open-school_community_edition
 
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. 2020-02-08 4.3 CVE-2014-9126
MISC
openfiler — openfiler
 
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. 2020-02-07 4.3 CVE-2011-1086
MISC
MISC
MISC
otrs — otrs
 
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions. 2020-02-07 5.5 CVE-2020-1768
CONFIRM
perforce_software — p4web
 
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities 2020-02-12 4.3 CVE-2013-1410
MISC
MISC
phonoerlite — phonerlite
 
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a “SIP Digest Leak” issue. 2020-02-12 4.3 CVE-2014-2560
MISC
php — php When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. 2020-02-10 6.4 CVE-2020-7060
MISC
php — php
 
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. 2020-02-10 6.4 CVE-2020-7059
MISC
pragmamx — pragmamx
 
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. 2020-02-11 4.3 CVE-2012-2452
MISC
MISC
MISC
prestashop — prestashop
 
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. 2020-02-11 4.3 CVE-2012-2517
MISC
MISC
qualcomm — multiple_snapdragon_products
 
During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 4.6 CVE-2019-14041
CONFIRM
qualcomm — multiple_snapdragon_products
 
Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130 2020-02-07 4.6 CVE-2019-14040
CONFIRM
railo_technologies — railo
 
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. 2020-02-07 6.8 CVE-2014-5468
MISC
MISC
MISC
MISC
MISC
red_hat — openshift_entrprise
 
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. 2020-02-07 4.4 CVE-2020-1708
CONFIRM
secom — dr.id Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. 2020-02-11 5 CVE-2020-3935
MISC
MISC
MISC
secom — dr.id
 
Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system. 2020-02-11 5 CVE-2020-3933
MISC
MISC
MISC
siemens — multiple_scalance_devices
 
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. 2020-02-11 5 CVE-2019-13925
MISC
siemens — multiple_scalance_switches
 
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2020-02-11 4.3 CVE-2019-13924
MISC
siemens — multiple_simatic_devices
 
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device’s web server. Beyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition. 2020-02-11 5 CVE-2019-13940
MISC
MISC
siemens — ozw672_and_772_web_servers
 
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application’s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. 2020-02-11 5 CVE-2019-13941
MISC
simple_machines — simple_machines_forum
 
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. 2020-02-07 4 CVE-2013-0192
MISC
MISC
MISC
smoothwall – smoothwall_express_3
 
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. 2020-02-07 4.3 CVE-2011-1084
MISC
smoothwall — smoothwall_express_3
 
CSRF vulnerability in Smoothwall Express 3. 2020-02-07 6.8 CVE-2011-1085
MISC
socialengine — socialengine Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. 2020-02-11 6.8 CVE-2012-6721
MISC
socialengine — socialengine
 
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. 2020-02-11 4.3 CVE-2012-6720
MISC
sockjs — sockjs
 
htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. 2020-02-10 4.3 CVE-2020-8823
MISC
MISC
sphider — sphider
 
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. 2020-02-10 6.5 CVE-2014-5083
MISC
sphider — sphider_plus
 
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. 2020-02-10 6.5 CVE-2014-5085
MISC
sphider — sphider_pro
 
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. 2020-02-10 6.5 CVE-2014-5084
MISC
statusnet — statusnet
 
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. 2020-02-07 5 CVE-2010-4658
MISC
MISC
suse — opensuse_wicked
 
An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. 2020-02-11 5 CVE-2020-7217
SUSE
MISC
MISC
MISCm

symantec — endpoint_protection_and_endpoint_protection_small_business_edition

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2020-02-11 4.6 CVE-2020-5820
MISC

symantec — endpoint_protection_and_endpoint_protection_small_business_edition

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2020-02-11 4.6 CVE-2020-5822
MISC

symantec — endpoint_protection_and_endpoint_protection_small_business_edition

 

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. 2020-02-11 4.6 CVE-2020-5821
MISC

symantec — endpoint_protection_and_endpoint_protection_small_business_edition

 

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2020-02-11 4.6 CVE-2020-5823
MISC
teamviewer — teamviewer_desktop
 
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers’ installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. 2020-02-07 4.4 CVE-2019-18988
MISC
MISC
MISC
MISC
testlink — testlink
 
An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection. 2020-02-10 6.5 CVE-2020-8841
MISC
MISC
texas_instruments — cc2640r2_devices
 
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets. 2020-02-10 6.1 CVE-2019-17520
MISC
MISC
MISC
texas_instruments — multiple_devices
 
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. 2020-02-10 6.1 CVE-2019-19193
MISC
MISC
the_bug_genie — the_bug_genie
 
The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities 2020-02-11 4.3 CVE-2013-1760
MISC
MISC
MISC
ubiquiti_networks — unifi_controller
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. 2020-02-08 6.8 CVE-2014-2225
MISC
MISC
vbseo — vbseo
 
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. 2020-02-10 4.3 CVE-2012-6666
MISC
MISC
vtiger — vtiger_crm
 
vTiger CRM 5.3 and 5.4: ‘files’ Upload Folder Arbitrary PHP Code Execution Vulnerability 2020-02-07 6.5 CVE-2013-3591
MISC
MISC
MISC
MISC
watchguard — firewire_xtm
 
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. 2020-02-07 4.3 CVE-2014-6413
MISC
MISC
MISC
MISC
wordpress — wordpress Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. 2020-02-08 6.5 CVE-2015-2062
MISC
MISC
MISC
MISC
wordpress — wordpress
 
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. 2020-02-11 4.3 CVE-2013-5988
MISC
MISC
wordpress — wordpress
 
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution 2020-02-07 6.8 CVE-2013-2009
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
WordPress Super Cache Plugin 1.3 has XSS. 2020-02-07 4.3 CVE-2013-2008
MISC
MISC
MISC
xiaomi — mi6_devices
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483. 2020-02-10 6.8 CVE-2019-13322
MISC
xiaomi — mi6_devices
 
This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP responses to the Captive Portal. A crafted HTML response can cause the Captive Portal to to open a browser to a specified location without user interaction. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7467. 2020-02-10 5.4 CVE-2019-13321
MISC
zabbix — zabbix
 
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability 2020-02-07 6.5 CVE-2013-3628
MISC
MISC
MISC
MISC
zenphoto — zenphoto
 
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. 2020-02-11 4.3 CVE-2012-4519
MISC
MISC
zoho_manageengine — applications_manager
 
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. 2020-02-08 5 CVE-2014-7863
MISC
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apport — apport
 
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. 2020-02-08 1.9 CVE-2019-11482
MISC
MISC
apport — apport
 
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. 2020-02-08 2.1 CVE-2019-11483
MISC
MISC
apport — apport
 
Sander Bos discovered Apport’s lock file was in a world-writable director which allowed all users to prevent crash handling. 2020-02-08 2.1 CVE-2019-11485
MISC
MISC
bludit — bludit
 
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor’s perspective is that this is “not a bug.” 2020-02-07 3.5 CVE-2020-8812
MISC
cpanel — cpanel_and_whm
 
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. 2020-02-10 3.5 CVE-2012-6449
MISC
digi_transport — multiple_devices
 
Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. 2020-02-10 3.5 CVE-2020-8822
MISC
google — chrome
 
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. 2020-02-11 2.1 CVE-2020-6408
SUSE
MISC
MISC
hp — hp_systems_insight_manager
 
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information 2020-02-10 2.7 CVE-2012-1994
MISC
MISC
MISC
ibm — rational_publishing_engine
 
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888. 2020-02-12 3.5 CVE-2019-4431
XF
CONFIRM
jenkins — jenkins
 
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. 2020-02-12 3.5 CVE-2020-2122
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. 2020-02-12 3.5 CVE-2020-2111
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. 2020-02-12 3.5 CVE-2020-2112
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. 2020-02-12 3.5 CVE-2020-2113
MLIST
CONFIRM
keycloak — keycloak
 
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks. 2020-02-10 3.5 CVE-2020-1697
CONFIRM
linksys — wrt310nv2ne
 
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. 2020-02-07 3.5 CVE-2013-3067
MISC
MISC
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka ‘Windows User Profile Service Elevation of Privilege Vulnerability’. 2020-02-11 3.6 CVE-2020-0730
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka ‘Windows Common Log File System Driver Information Disclosure Vulnerability’. 2020-02-11 2.1 CVE-2020-0658
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756. 2020-02-11 2.1 CVE-2020-0755
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. 2020-02-11 2.1 CVE-2020-0675
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756. 2020-02-11 2.1 CVE-2020-0748
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. 2020-02-11 2.1 CVE-2020-0744
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755. 2020-02-11 2.1 CVE-2020-0756
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0716. 2020-02-11 2.1 CVE-2020-0717
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0717. 2020-02-11 2.1 CVE-2020-0716
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability’. 2020-02-11 2.1 CVE-2020-0705
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka ‘Windows Information Disclosure Vulnerability’. 2020-02-11 2.1 CVE-2020-0698
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. 2020-02-11 2.1 CVE-2020-0677
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. 2020-02-11 2.1 CVE-2020-0676
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. 2020-02-11 2.1 CVE-2020-0736
MISC
microsoft — sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-0693. 2020-02-11 3.5 CVE-2020-0694
MISC
microsoft — sharepoint
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-0694. 2020-02-11 3.5 CVE-2020-0693
MISC
microsoft — windows_10_and_windows_server
 
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0661. 2020-02-11 2.1 CVE-2020-0751
MISC
moodle — moodle
 
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle’s Teacher_role page). Because the vendor has this expectation, they have stated “this report has been closed as a false positive, and not a bug.” 2020-02-11 3.5 CVE-2019-18210
MISC
MISC
mybulletinboard — mybulletinboard
 
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. 2020-02-11 3.5 CVE-2014-3826
MISC
mybulletinboard — mybulletinboard
 
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. 2020-02-11 3.5 CVE-2014-3827
CONFIRM
MISC
netapp — snap_creator_framework
 
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. 2020-02-11 3.5 CVE-2016-5710
MISC
netcracker — netcracker_resource_management_system
 
Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. 2020-02-08 3.5 CVE-2015-2207
MISC
MISC
orange_hrm — orange_hrm
 
Orange HRM 2.7.1 allows XSS via the vacancy name. 2020-02-10 3.5 CVE-2013-1353
MISC
piwigo — piwigo
 
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. 2020-02-10 3.5 CVE-2020-8089
CONFIRM
MISC
projectpier — projectpier
 
ProjectPier 0.8.8 has stored XSS 2020-02-07 3.5 CVE-2013-3635
MISC
projectpier — projectpier
 
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag 2020-02-07 3.5 CVE-2013-3636
MISC
MISC
MISC
projectpier — projectpier
 
ProjectPier 0.8.8 does not use the Secure flag for cookies 2020-02-07 3.5 CVE-2013-3637
MISC
rakuten — viber_for_android
 
An exploitable information disclosure vulnerability exists in the ‘Secret Chats’ functionality of Rakuten Viber on Android 9.3.0.6. The ‘Secret Chats’ functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. 2020-02-13 2.1 CVE-2018-3987
MISC
samsung — knox
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381. 2020-02-10 2.1 CVE-2019-6744
MISC
MISC
symantec — endpoint_protection_and_endpoint_protection_small_business_edition
 
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable. 2020-02-11 2.1 CVE-2020-5824
MISC
symantec — endpoint_protection_and_endpoint_protection_small_business_edition
 
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptiblesto an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5826
MISC
symantec — endpoint_protection_and_endpoint_small_business_edition
 
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges. 2020-02-11 3.6 CVE-2020-5825
MISC
symantec — endpoint_protection_manager
 
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5827
MISC
symantec — endpoint_protection_manager
 
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5829
MISC
symantec — endpoint_protection_manager
 
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5830
MISC
symantec — endpoint_protection_manager
 
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5831
MISC
symantec — symantec_endpoint_protection_manager
 
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-02-11 2.1 CVE-2020-5828
MISC
syska — smart_bulb_devices
 
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. 2020-02-10 3.3 CVE-2017-18642
MISC
vanilla_forum — vanilla
 
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. 2020-02-10 3.5 CVE-2020-8825
MISC
MISC
wordpress — wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. 2020-02-08 3.5 CVE-2015-1394
MISC
MISC
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 not yet calculated CVE-2020-6068
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6066
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 not yet calculated CVE-2019-5187
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6063
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6065
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6064
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6069
MISC
accusoft — imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-11 not yet calculated CVE-2020-6067
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. 2020-02-13 not yet calculated CVE-2020-3762
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3748
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write. 2020-02-13 not yet calculated CVE-2020-3763
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3742
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3743
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-02-13 not yet calculated CVE-2020-3744
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3745
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3746
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-02-13 not yet calculated CVE-2020-3747
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3749
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3750
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak . 2020-02-13 not yet calculated CVE-2020-3753
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3754
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-02-13 not yet calculated CVE-2020-3755
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak . 2020-02-13 not yet calculated CVE-2020-3756
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3751
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-13 not yet calculated CVE-2020-3752
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. 2020-02-13 not yet calculated CVE-2020-3759
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 not yet calculated CVE-2020-3760
CONFIRM
adobe — experience_manager
 
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service. 2020-02-13 not yet calculated CVE-2020-3741
CONFIRM
adobe — flash_player
 
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-13 not yet calculated CVE-2020-3757
CONFIRM
ai — risknet_acquirer
 
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. 2020-02-14 not yet calculated CVE-2013-5687
XF
amazon — aws-js-s3-explorer
 
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. 2020-02-13 not yet calculated CVE-2019-14652
MISC
MISC
MISC

amd — radeon_amd_user_experience_program_launcher

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. 2020-02-12 not yet calculated CVE-2020-8950
MISC
MISC
ammyy — ammyy_admin
 
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. 2020-02-11 not yet calculated CVE-2013-5582
MISC
apache — nifi
 
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext. 2020-02-11 not yet calculated CVE-2020-1942
MISC
ariadne — ariadne
 
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. 2020-02-11 not yet calculated CVE-2011-4938
MISC
MISC
MISC
MISC
MISC
aruba_networks — intelligent_edge_switches
 
A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions. 2020-02-13 not yet calculated CVE-2019-5322
MISC
askey — ap400w_devices
 
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. 2020-02-13 not yet calculated CVE-2020-8614
MISC
askpop3d — askpop3d
 
A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), 2020-02-13 not yet calculated CVE-2014-3208
MISC
MISC
atlassian — jira_and_greenhoper Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. 2020-02-13 not yet calculated CVE-2012-1500
MISC
EXPLOIT-DB
atlassian — jira_server_and_data_center
 
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 2020-02-12 not yet calculated CVE-2019-20100
N/A
N/A
N/A
avira — antivir_engine
 
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. 2020-02-12 not yet calculated CVE-2013-4602
MISC
MISC
MISC
MISC
MISC
barracuda — web_application_firewall
 
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. 2020-02-12 not yet calculated CVE-2014-2595
MISC
MISC
MISC
MISC
MISC
MISC
MISC
bearftp — bearftp
 
Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets. 2020-02-12 not yet calculated CVE-2020-8815
MISC
MISC
CONFIRM
MISC
CONFIRM
belkin — n750_routers Belkin n750 routers have a buffer overflow. 2020-02-13 not yet calculated CVE-2013-7173
MISC
MISC
boat_browser — boat_browser_for_android
 
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. 2020-02-12 not yet calculated CVE-2014-4968
MISC
bss — bs-client_private_client
 
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. 2020-02-13 not yet calculated CVE-2014-4198
MISC
chiyu_technology — bf-430_devices
 
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. 2020-02-12 not yet calculated CVE-2020-8839
MISC
MISC
cisco — internetwork_operating_system
 
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. 2020-02-12 not yet calculated CVE-2011-4661
MISC
cloud_foundry — credhub
 
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. 2020-02-12 not yet calculated CVE-2020-5399
CONFIRM
codologic — codofurm
 
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. 2020-02-15 not yet calculated CVE-2020-7050
CONFIRM
MISC
codologic — codofurm
 
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. 2020-02-13 not yet calculated CVE-2020-7051
CONFIRM
MISC
combodo — itop
 
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title). 2020-02-14 not yet calculated CVE-2019-13966
MISC
MISC
combodo — itop
 
iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version. 2020-02-14 not yet calculated CVE-2019-13967
MISC
MISC
combodo — itop
 
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. 2020-02-14 not yet calculated CVE-2019-13965
MISC
MISC
combodo — itop
 
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. 2020-02-14 not yet calculated CVE-2019-11215
MISC
MISC
cypress — psoc_4_devices
 
The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame. 2020-02-12 not yet calculated CVE-2019-16336
MISC
MISC
MISC
d-link — dir-842_revc_devices
 
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. 2020-02-13 not yet calculated CVE-2020-8962
MISC
digi_international — connectport_lts_32_mei
 
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application. 2020-02-12 not yet calculated CVE-2020-6975
MISC
digi_international — connectport_lts_32_mei
 
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. 2020-02-13 not yet calculated CVE-2020-6973
MISC
dojo — dojox
 
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. 2020-02-13 not yet calculated CVE-2019-10785
MISC
MISC
dovecot — dovecot
 
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. 2020-02-12 not yet calculated CVE-2020-7957
CONFIRM
CONFIRM
MISC
dovecot — dovecot
 
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. 2020-02-12 not yet calculated CVE-2020-7046
CONFIRM
CONFIRM
MISC
drupal — drupal
 
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the “access resource node” and “create page content” permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. 2020-02-11 not yet calculated CVE-2013-4225
MISC
MISC
MISC
MISC
easyxdm — easyxdm
 
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. 2020-02-14 not yet calculated CVE-2013-5212
MISC
XF
etherpad — etherpad
 
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. 2020-02-13 not yet calculated CVE-2015-3309
MISC
MISC
MISC
extrun — ilbo
 
ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user’s device via unspecified vectors. 2020-02-14 not yet calculated CVE-2020-5532
MISC
MISC
MISC
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. 2020-02-10 not yet calculated CVE-2020-8840
MISC
foxit — phantompdf This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400. 2020-02-14 not yet calculated CVE-2020-8846
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560. 2020-02-14 not yet calculated CVE-2020-8855
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358. 2020-02-14 not yet calculated CVE-2020-8845
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591. 2020-02-14 not yet calculated CVE-2020-8853
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606. 2020-02-14 not yet calculated CVE-2020-8854
MISC
MISC
foxit — phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640. 2020-02-14 not yet calculated CVE-2020-8856
MISC
MISC
foxit — reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416. 2020-02-14 not yet calculated CVE-2020-8852
MISC
MISC
foxit — reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862. 2020-02-14 not yet calculated CVE-2020-8857
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9414. 2020-02-14 not yet calculated CVE-2020-8847
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406. 2020-02-14 not yet calculated CVE-2020-8851
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407. 2020-02-14 not yet calculated CVE-2020-8848
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415. 2020-02-14 not yet calculated CVE-2020-8850
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413. 2020-02-14 not yet calculated CVE-2020-8849
MISC
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. 2020-02-14 not yet calculated CVE-2020-8844
CONFIRM
MISC
free_reprintables — articlefr
 
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. 2020-02-13 not yet calculated CVE-2014-4170
MISC
MISC
MISC
MISC
freebsd — bsd_libc
 
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. 2020-02-12 not yet calculated CVE-2011-3336
FULLDISC
BID
MISC
BUGTRAQ
fujitsu — multiple_products
 
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. 2020-02-07 not yet calculated CVE-2019-13163
CONFIRM
git — git
 
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. 2020-02-12 not yet calculated CVE-2014-9390
MISC
MISC
MISC
MISC
MISC
MISC
MISC
gitlab — gitlab
 
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. 2020-02-14 not yet calculated CVE-2019-15592
MISC
MISC
gitlab — gitlab
 
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. 2020-02-14 not yet calculated CVE-2019-15594
MISC
MISC
global_payments — php-sdk
 
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations. 2020-02-14 not yet calculated CVE-2019-20455
MISC
MISC
gocloud — mutliple_devices
 
Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring. 2020-02-12 not yet calculated CVE-2020-8949
MISC
google — android In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-122652057 2020-02-13 not yet calculated CVE-2020-0028
MISC
google — android
 
In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859 2020-02-13 not yet calculated CVE-2020-0005
MISC
google — android
 
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 2020-02-13 not yet calculated CVE-2020-0014
MISC
google — android
 
In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel 2020-02-13 not yet calculated CVE-2020-0030
MISC
google — android
 
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. 2020-02-12 not yet calculated CVE-2011-2343
CONFIRM
MISC
google — android
 
In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274 2020-02-13 not yet calculated CVE-2019-2200
MISC
google — android
 
In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101 2020-02-13 not yet calculated CVE-2020-0015
MISC
google — android
 
In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140419401 2020-02-13 not yet calculated CVE-2020-0026
MISC
google — android
 
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892 2020-02-13 not yet calculated CVE-2020-0017
MISC
google — android
 
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049 2020-02-13 not yet calculated CVE-2020-0018
MISC
google — android
 
In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144040966 2020-02-13 not yet calculated CVE-2020-0027
MISC
google — android
 
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731 2020-02-13 not yet calculated CVE-2020-0020
MISC
google — android
 
In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692 2020-02-13 not yet calculated CVE-2020-0021
MISC
google — android
 
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 2020-02-13 not yet calculated CVE-2020-0022
FULLDISC
MISC
google — android
 
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871 2020-02-13 not yet calculated CVE-2020-0023
MISC
hashicorp — sentinel HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2. 2020-02-14 not yet calculated CVE-2019-19879
MISC
hcl — appscan_standard_edition
 
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. 2020-02-14 not yet calculated CVE-2019-4392
MISC
hitachi — command_suite_and_automation_director
 
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. 2020-02-14 not yet calculated CVE-2018-21032
MISC
CONFIRM
hitachi — multiple_products
 
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. 2020-02-14 not yet calculated CVE-2018-21033
MISC
CONFIRM
hp — linuxki
 
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. 2020-02-13 not yet calculated CVE-2020-7208
MISC
hp — linuxki
 
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. 2020-02-13 not yet calculated CVE-2020-7209
MISC
ibm — tivoli_monitoring_service
 
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647. 2020-02-13 not yet calculated CVE-2019-4592
XF
CONFIRM
ibm — urbancode_deploy_and_urbancode_build IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248. 2020-02-13 not yet calculated CVE-2019-4666
XF
CONFIRM
CONFIRM
intel — converged_security_and_management_engine
 
Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. 2020-02-13 not yet calculated CVE-2019-14598
MISC
intel — e1000e/82574l_network_controller_devices
 
A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image. 2020-02-13 not yet calculated CVE-2013-1634
MISC
MISC
MLIST
MLIST
SECTRACK
XF
intel — manycore_platform_software_stack
 
Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-02-13 not yet calculated CVE-2020-0563
MISC
intel — renesas_electronics_usb
 
Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-02-13 not yet calculated CVE-2020-0560
MISC
intel — sgx_software_development_kit Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-02-13 not yet calculated CVE-2020-0561
MISC
intel —  raid_web_console_2 Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-02-13 not yet calculated CVE-2020-0562
MISC
intel —  raid_web_console_3_for_windows Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-02-13 not yet calculated CVE-2020-0564
MISC
invision_power_services — invision_power_board
 
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. 2020-02-12 not yet calculated CVE-2013-3725
MISC
istio — istio
 
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. 2020-02-14 not yet calculated CVE-2020-8843
MISC
MISC
CONFIRM
joomla! — joomla!
 
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. 2020-02-12 not yet calculated CVE-2011-4906
CONFIRM
EXPLOIT-DB
MISC
joomla! — joomla!
 
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. 2020-02-12 not yet calculated CVE-2011-4908
MISC
EXPLOIT-DB
MLIST
jsreport — jsreport
 
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. 2020-02-14 not yet calculated CVE-2020-8128
MISC
jsreport — script-manager
 
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. 2020-02-14 not yet calculated CVE-2020-8129
MISC
juniper — junos_os
 
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. 2020-02-11 not yet calculated CVE-2014-6447
CONFIRM
MISC
kaseya — virtual_system_administrator
 
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. 2020-02-13 not yet calculated CVE-2015-6589
MISC
MISC
MISC
MISC
kde — paste_applet
 
The %{password(…)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. 2020-02-11 not yet calculated CVE-2013-2120
MISC
MISC
MISC
MISC
MISC
kde — paste_applet
 
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function’s linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. 2020-02-11 not yet calculated CVE-2013-2213
MISC
MISC
MISC
kinetica — kinetica
 
The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command. 2020-02-11 not yet calculated CVE-2020-8429
MISC
MISC
lenovo — ez_media_&_backup_center A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. 2020-02-14 not yet calculated CVE-2019-19758
CONFIRM
lenovo — multiple_devices
 
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop – All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. 2020-02-14 not yet calculated CVE-2019-6190
CONFIRM
lenovo — xclarity_administrator
 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user’s web browser if a specially crafted link is visited. The JavaScript code is executed on the user’s system, not executed on LXCA itself. 2020-02-14 not yet calculated CVE-2019-19757
CONFIRM
lenovo — xclarity_administrator
 
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. 2020-02-14 not yet calculated CVE-2019-6194
CONFIRM
lenovo — xclarity_administrator
 
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. 2020-02-14 not yet calculated CVE-2019-6193
CONFIRM
lenovo — xclarity_controller
 
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC. 2020-02-14 not yet calculated CVE-2019-6195
CONFIRM
lexmark — multiple_devices
 
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. 2020-02-13 not yet calculated CVE-2019-18791
MISC
CONFIRM
libuv — libuv
 
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. 2020-02-11 not yet calculated CVE-2014-9748
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. 2020-02-14 not yet calculated CVE-2020-8992
MISC
lvm2 — lvm2
 
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. 2020-02-14 not yet calculated CVE-2020-8991
MISC
magento — magento Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. 2020-02-13 not yet calculated CVE-2012-6091
MLIST
BID
XF
mailu — mailu
 
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354 2020-02-13 not yet calculated CVE-2020-5239
MISC
CONFIRM
mambo — mambo_cms Mambo CMS through 4.6.5 has multiple XSS. 2020-02-12 not yet calculated CVE-2011-2499
MLIST
mantisbt — mantisbt
 
A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362. 2020-02-13 not yet calculated CVE-2020-8981
MISC
MISC
matestack-ui-core_gem_for_ruby_on_rails — matestack-ui-core_gem_for_ruby_on_rails matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4. 2020-02-13 not yet calculated CVE-2020-5241
CONFIRM
maxum_development_corporation — rumpus_ftp
 
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. 2020-02-10 not yet calculated CVE-2019-19664
MISC
MISC
maxum_development_corporation — rumpus_ftp_server
 
A CSRF vulnerability exists in the Web File Manager’s Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. 2020-02-10 not yet calculated CVE-2019-19662
MISC
MISC
mcafee — endpoint_security
 
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. 2020-02-14 not yet calculated CVE-2020-7251
CONFIRM
microsoft — multiple_windows_products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka ‘Windows Modules Installer Service Information Disclosure Vulnerability’. 2020-02-11 not yet calculated CVE-2020-0728
MISC
BUGTRAQ
microsoft — multiple_windows_products An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Information Disclosure Vulnerability’. 2020-02-11 not yet calculated CVE-2020-0714
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792. 2020-02-11 not yet calculated CVE-2020-0715
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. 2020-02-11 not yet calculated CVE-2020-0727
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka ‘Windows Imaging Library Remote Code Execution Vulnerability’. 2020-02-11 not yet calculated CVE-2020-0708
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. 2020-02-11 not yet calculated CVE-2020-0691
MISC
microsoft — office_online_server
 
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka ‘Microsoft Office Online Server Spoofing Vulnerability’. 2020-02-11 not yet calculated CVE-2020-0695
MISC
microsys — promotic
 
Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. 2020-02-13 not yet calculated CVE-2014-1617
MISC
MISC
mobileiron — vsp_and_sentry
 
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. 2020-02-13 not yet calculated CVE-2013-7287
MISC
MISC
mobileiron — vsp_and_sentry
 
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm 2020-02-12 not yet calculated CVE-2013-7286
MISC
MISC
moxa — mgate_5105-mb-eip_devices
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. 2020-02-14 not yet calculated CVE-2020-8858
MISC
MISC
netgear — cg3100_devices
 
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. 2020-02-13 not yet calculated CVE-2014-3919
MISC
netis — wf2471_devices
 
Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. 2020-02-12 not yet calculated CVE-2020-8946
MISC
nvidia — graphics_drivers
 
A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. 2020-02-12 not yet calculated CVE-2012-0951
MISC
MISC
nxp — kw41z_devices
 
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. 2020-02-12 not yet calculated CVE-2019-17519
MISC
openconnect_project — openconnect_vpn_client OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. 2020-02-13 not yet calculated CVE-2013-7098
CONFIRM
openvpn — access_server OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). 2020-02-13 not yet calculated CVE-2020-8953
CONFIRM
openx — openx_ad_server
 
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code 2020-02-14 not yet calculated CVE-2013-4211
MISC
MISC
MISC
MISC
MISC
otrs — itsm_and_faq
 
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. 2020-02-12 not yet calculated CVE-2013-2637
MISC
MISC
MISC
MISC
palo_alto_networks — expedition_migration_tool
 
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. 2020-02-12 not yet calculated CVE-2020-1977
CONFIRM
palo_alto_networks — globalprotect
 
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. 2020-02-12 not yet calculated CVE-2020-1976
CONFIRM
palo_alto_networks — pan-os
 
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. 2020-02-12 not yet calculated CVE-2020-1975
CONFIRM
pcre — pearl_compatible_regular_expressions
 
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. 2020-02-14 not yet calculated CVE-2019-20454
MISC
MISC
MISC
MISC
podman — podman
 
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. 2020-02-11 not yet calculated CVE-2020-1726
CONFIRM
prestashop — prestashop
 
PrestaShop before 1.4.11 allows logout CSRF. 2020-02-14 not yet calculated CVE-2013-4792
MISC
prestashop — prestashop
 
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. 2020-02-14 not yet calculated CVE-2013-4791
MISC
prismview — prismview_system_and_prismview_player
 
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.) 2020-02-10 not yet calculated CVE-2019-20451
MISC
proglottis — gpgme
 
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. 2020-02-12 not yet calculated CVE-2020-8945
MISC
MISC
MISC
MISC
progress — moveit_transfer
 
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer’s database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. 2020-02-14 not yet calculated CVE-2020-8611
MISC
CONFIRM
CONFIRM
CONFIRM
progress — moveit_transfer
 
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim’s browser, aka XSS. 2020-02-14 not yet calculated CVE-2020-8612
MISC
CONFIRM
CONFIRM
CONFIRM
python-mode — python-mode A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. 2020-02-12 not yet calculated CVE-2013-5106
MISC
qemu — qemu
 
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. 2020-02-11 not yet calculated CVE-2020-1711
CONFIRM
MISC
MISC
qnap — viocard-300_devices
 
QNAP VioCard 300 has hardcoded RSA private keys. 2020-02-13 not yet calculated CVE-2013-6277
MISC
MISC
realtek — ndis_driver_rt64x64.sys
 
Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0. 2020-02-12 not yet calculated CVE-2019-11867
MISC
MISC
red_hat — openshift_enterprise
 
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of “mooo” for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. 2020-02-12 not yet calculated CVE-2014-0234
MISC
MISC
MISC
MISC
MISC
runc — runc
 
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) 2020-02-12 not yet calculated CVE-2019-19921
SUSE
MISC
MISC
MISC
MISC
salesagility — suitecrm
 
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. 2020-02-13 not yet calculated CVE-2020-8804
MISC
MISC
MISC
salesagility — suitecrm
 
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. 2020-02-13 not yet calculated CVE-2020-8803
MISC
MISC
MISC
salesagility — suitecrm
 
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. 2020-02-13 not yet calculated CVE-2020-8802
MISC
MISC
MISC
salesagility — suitecrm
 
SuiteCRM through 7.11.11 allows PHAR Deserialization. 2020-02-13 not yet calculated CVE-2020-8801
MISC
MISC
MISC
salesagility — suitecrm
 
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. 2020-02-13 not yet calculated CVE-2020-8800
MISC
MISC
MISC
samsung — s6_edge_smartphone
 
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. 2020-02-12 not yet calculated CVE-2015-7890
MISC
MISC
MISC
sap — business_objects_intelligence_platform Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. 2020-02-12 not yet calculated CVE-2020-6189
MISC
MISC
sap — enterprise_resource_planning_and_s/4hana
 
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. 2020-02-12 not yet calculated CVE-2020-6188
MISC
MISC
sap — host_agent SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. 2020-02-12 not yet calculated CVE-2020-6183
MISC
MISC
sap — host_agent
 
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. 2020-02-12 not yet calculated CVE-2020-6186
MISC
MISC
sap — landscape_management
 
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. 2020-02-12 not yet calculated CVE-2020-6192
MISC
MISC
sap — landscape_management
 
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. 2020-02-12 not yet calculated CVE-2020-6191
MISC
MISC
sap — mobile_platform
 
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. 2020-02-12 not yet calculated CVE-2020-6177
MISC
MISC
sap — netweaver
 
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. 2020-02-12 not yet calculated CVE-2020-6187
MISC
MISC
sap — netweaver
 
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. 2020-02-12 not yet calculated CVE-2020-6193
MISC
MISC
sap — netweaver_and_abap_platform
 
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. 2020-02-12 not yet calculated CVE-2020-6181
MISC
MISC
sap — netweaver_and_s/4hana Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. 2020-02-12 not yet calculated CVE-2020-6184
MISC
MISC
sap — netweaver_and_s/4hana
 
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. 2020-02-12 not yet calculated CVE-2020-6185
MISC
MISC
sap — netweaver_as_java
 
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. 2020-02-12 not yet calculated CVE-2020-6190
MISC
MISC
shaman — shaman
 
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. 2020-02-12 not yet calculated CVE-2011-4338
MISC
MISC
siemens — multiple_devices
 
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. 2020-02-11 not yet calculated CVE-2019-13946
MISC
simple_machines — simple_machines_forum
 
Simple Machines Forum (SMF) through 2.0.5 has XSS 2020-02-12 not yet calculated CVE-2013-4395
MISC
MISC
MISC
simplisafe — ss3_devices
 
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. 2020-02-13 not yet calculated CVE-2019-3998
MISC
skrill — skrill
 
Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 2020-02-12 not yet calculated CVE-2013-1924
MISC
MISC
sprite_software — spritebud_and_backup
 
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. 2020-02-12 not yet calculated CVE-2013-3685
MISC
MISC
MISC
MISC
sqlite — android_sqlite
 
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. 2020-02-12 not yet calculated CVE-2011-3901
BID
FULLDISC
squirrelmail — squirrelmail Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. 2020-02-13 not yet calculated CVE-2012-5623
MLIST
stem_innovation — izon_ip_camera
 
IZON IP 2.0.2: hard-coded password vulnerability 2020-02-12 not yet calculated CVE-2013-6236
MISC
MISC
MISC
stmicroeletronics — stm32wb5x_series_devices
 
The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. 2020-02-12 not yet calculated CVE-2019-19192
MISC
synergy_systems_&_solutions — husky_rtu_devices
 
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a different issue than CVE-2019-16879 and CVE-2019-20046. 2020-02-14 not yet calculated CVE-2019-20045
MISC
synergy_systems_&_solutions — husky_rtu_devices
 
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045. 2020-02-14 not yet calculated CVE-2019-20046
MISC

telink — tlsr8x5_and_tlsr823x_and_tlsr826x_devices

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets. 2020-02-12 not yet calculated CVE-2019-19196
MISC
MISC

telink — tlsr8x5_and_tlsr823x_and_tlsr826x_devices

 

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device’s function by establishing an encrypted session with the zero LTK. 2020-02-12 not yet calculated CVE-2019-19194
MISC
MISC
telligent_systems — telligent_community XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. 2020-02-13 not yet calculated CVE-2012-1903
MISC
tiki_wiki — cms_groupware
 
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. 2020-02-12 not yet calculated CVE-2013-6022
MISC
MISC
timetools — multiple_deivces
 
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a “hardcoded cookie.” 2020-02-13 not yet calculated CVE-2020-8964
MISC
timetools — multiple_deivces
 
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. 2020-02-13 not yet calculated CVE-2020-8963
MISC
trendnet — ts-s402_devices
 
TRENDnet TS-S402 has a backdoor to enable TELNET. 2020-02-13 not yet calculated CVE-2013-6360
MISC
MISC
tri-plc — internet_trilogi_server
 
Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. 2020-02-13 not yet calculated CVE-2013-6927
BID
XF
umplayer — umplayer
 
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code. 2020-02-12 not yet calculated CVE-2013-3494
MISC
varnish_software — varnish_http_cache
 
Varnish HTTP cache before 3.0.4: ACL bug 2020-02-12 not yet calculated CVE-2013-4090
MISC
visual_it — tube_map_live_underground_for_android
 
Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability 2020-02-12 not yet calculated CVE-2013-6681
MISC
MISC
voatz — voatz_for_android
 
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. 2020-02-13 not yet calculated CVE-2020-8988
MISC
MISC
voatz — voatz_for_android
 
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter’s vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter’s choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters’ abilities to vote for a candidate opposed by the attacker. 2020-02-13 not yet calculated CVE-2020-8989
MISC
MISC
weechat – weechat
 
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). 2020-02-12 not yet calculated CVE-2020-8955
MISC
MISC
wordpress — wordpress
 
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). 2020-02-11 not yet calculated CVE-2020-8596
MISC
MISC
wordpress — wordpress
 
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. 2020-02-14 not yet calculated CVE-2020-8594
MISC
CONFIRM
MISC
wordpress — wordpress
 
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. 2020-02-13 not yet calculated CVE-2013-1400
BID
XF
BUGTRAQ
wordpress — wordpress
 
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. 2020-02-13 not yet calculated CVE-2013-1401
BID
XF
BUGTRAQ
wordpress — wordpress
 
WordPress WP Cleanfix Plugin 2.4.4 has CSRF 2020-02-10 not yet calculated CVE-2013-2108
MISC
MISC
MISC
MISC
wordpress — wordpress
 
WordPress plugin wp-cleanfix has Remote Code Execution 2020-02-10 not yet calculated CVE-2013-2109
MISC
MISC
xerox — colorcube_and_workcenter
 
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. 2020-02-13 not yet calculated CVE-2013-6362
MISC
MISC
xilisoft — video_conerter_ultimate
 
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability 2020-02-12 not yet calculated CVE-2014-3860
MISC
zenoss — zenoss_core
 
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. 2020-02-12 not yet calculated CVE-2014-6262
MISC
MISC
MISC
zimbra — zimbra_collaboration Zimbra 2013 has XSS in aspell.php 2020-02-12 not yet calculated CVE-2013-1938
MISC
MISC
MISC
zpanel_project — zpanel
 
ZPanel through 10.1.0 has Remote Command Execution 2020-02-12 not yet calculated CVE-2013-2097
MISC
MISC
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: February 10, 2020 | Last revised: February 12, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aircrack-ng — aircrack-ng
 
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. 2020-01-31 7.5 CVE-2014-8322
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
aruba_networks — instant
 
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. 2020-01-31 7.5 CVE-2016-2031
MISC
MISC
MISC
MISC
changing_information_technology — servisign
 
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. 2020-02-03 7.8 CVE-2020-3926
CONFIRM
changing_information_technology — servisign
 
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. 2020-02-03 8.5 CVE-2020-3927
CONFIRM
cisco — multiple_ip_phones
 
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-02-05 8.3 CVE-2020-3111
MISC
CISCO
cisco — video_surveillance_8000_series_ip_cameras
 
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later. 2020-02-05 8.3 CVE-2020-3110
MISC
CISCO
coppermine_development_team — coppermine_gallery
 
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. 2020-02-05 7.5 CVE-2010-4815
MISC
MISC
MISC
curling — curling
 
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. 2020-02-06 10 CVE-2019-10789
MISC
MISC
django — django
 
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. 2020-02-03 7.5 CVE-2020-7471
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
CONFIRM
CONFIRM
dot-prop — dot-prop Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. 2020-02-04 7.5 CVE-2020-8116
MISC
dotcms — dotcms
 
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). 2020-02-05 7.5 CVE-2020-6754
CONFIRM
CONFIRM
edk2 — unified_extensible_firmware_interface
 
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. 2020-01-31 7.2 CVE-2014-4860
MISC
edk2 — unified_extensible_firmware_interface
 
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. 2020-01-31 7.2 CVE-2014-4859
MISC
eg_innovations — eg_manager
 
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). 2020-02-03 7.5 CVE-2020-8592
MISC
eg_innovations — eg_manager
 
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. 2020-02-03 7.5 CVE-2020-8591
MISC
fortinet — fortimanager A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. 2020-02-04 9 CVE-2015-3611
MISC
MISC
CONFIRM
fortinet — mortimanager
 
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page 2020-02-04 7.5 CVE-2015-3613
MISC
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission 2020-02-05 7.5 CVE-2020-8114
CONFIRM
MISC
MISC
hashicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. 2020-01-31 7.5 CVE-2020-7956
MISC
MISC
jobberbase — jobberbase
 
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint. 2020-02-05 7.5 CVE-2019-20447
MISC
MISC
klona — klona Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. 2020-02-04 7.5 CVE-2020-8125
MISC
nanopb — nanopb
 
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4. 2020-02-04 7.5 CVE-2020-5235
MISC
MISC
MISC
CONFIRM
netapp — oncommand_system_manager NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. 2020-01-31 9 CVE-2013-3322
XF
MISC
norman — malware_cleaner nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. 2020-02-03 7.5 CVE-2020-8508
MISC
phpabook — phpabook
 
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. 2020-02-03 7.5 CVE-2020-8510
MISC
MISC
phplist — phplist
 
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. 2020-02-03 7.5 CVE-2020-8547
MISC
playsms — playsms
 
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. 2020-02-05 7.5 CVE-2020-8644
MISC
MISC
ppp — ppp
 
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. 2020-02-03 7.5 CVE-2020-8597
MISC
MLIST
python — python
 
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. 2020-02-04 7.1 CVE-2019-9674
MISC
MISC
MISC
MISC
MISC
qualcomm — mdm9206_and_mdm9607_devices
 
Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 2020-02-07 7.2 CVE-2019-14051
CONFIRM
qualcomm — multiple_snapdragon_products Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24 2020-02-07 7.2 CVE-2019-14046
CONFIRM
qualcomm — multiple_snapdragon_products Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24 2020-02-07 7.2 CVE-2019-14044
CONFIRM
qualcomm — multiple_snapdragon_products Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14055
CONFIRM
qualcomm — multiple_snapdragon_products APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 2020-02-07 7.2 CVE-2019-14002
CONFIRM
qualcomm — multiple_snapdragon_products
 
There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-10567
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-02-07 9.4 CVE-2019-14063
CONFIRM
qualcomm — multiple_snapdragon_products
 
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14060
CONFIRM
qualcomm — multiple_snapdragon_products
 
Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 9.4 CVE-2019-14057
CONFIRM
qualcomm — multiple_snapdragon_products
 
Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-02-07 7.2 CVE-2019-14049
CONFIRM
qualcomm — multiple_snapdragon_products
 
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 10 CVE-2019-10590
CONFIRM
sap — netweaver
 
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. 2020-02-05 7.5 CVE-2011-1517
MISC
MISC
MISC
simplejobscript.com — simplejobscript.com controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. 2020-01-31 7.5 CVE-2020-8440
CONFIRM
smartbear — readyapi_and_soapui An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy “Load Script” is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the “Save Script” function, which is executed automatically when saving a project. 2020-02-05 9.3 CVE-2019-12180
MISC
squid — squid
 
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. 2020-02-04 7.5 CVE-2020-8450
MISC
MISC
MISC
MISC
MISC
MISC
the_update_framework — tuf TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. 2020-02-05 7.5 CVE-2020-6174
CONFIRM
tp-link — tg-sg105e_devices The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. 2020-02-03 7.8 CVE-2019-16893
EXPLOIT-DB
zpanel_project — zpanel
 
ZPanel 10.0.1 has insufficient entropy for its password reset process. 2020-02-04 7.5 CVE-2012-5686
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1up — oneupuploaderbundle
 
oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5. 2020-02-05 6.5 CVE-2020-5237
MISC
CONFIRM
abrt — abrt
 
ABRT might allow attackers to obtain sensitive information from crash reports. 2020-01-31 5 CVE-2011-4088
MISC
MISC
aircrack-ng — aircrack-ng
 
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. 2020-01-31 4.6 CVE-2014-8321
CONFIRM
MISC
MISC
CONFIRM
MISC
alcatel-lucent — 1830_photonic_service_switch
 
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. 2020-01-31 4.3 CVE-2014-3809
MISC
apache — ofbiz
 
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 2020-02-06 5 CVE-2019-12426
MLIST
CONFIRM
apple — bonjour
 
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. 2020-02-05 4.9 CVE-2011-0220
MISC
apple — safari
 
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. 2020-02-03 5 CVE-2016-4676
MISC
MISC
MISC
CONFIRM
MISC
aroxsolution — school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. 2020-01-31 4.3 CVE-2020-8505
MISC
aroxsolution — school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. 2020-01-31 4.3 CVE-2020-8504
MISC
aruba — airwave_management_platform
 
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 2020-01-31 5 CVE-2016-2032
MISC
MISC
MISC
MISC
atlassian — crowd
 
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. 2020-02-06 5 CVE-2019-20104
N/A
atlassian — jira
 
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. 2020-02-06 4 CVE-2019-20404
N/A
atlassian — jira
 
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. 2020-02-06 4.4 CVE-2019-20400
N/A
atlassian — jira
 
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. 2020-02-06 4.3 CVE-2019-20405
N/A
atlassian — jira
 
Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. 2020-02-06 4.3 CVE-2019-20401
N/A
atlassian — jira
 
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. 2020-02-06 5 CVE-2019-20403
N/A
atlassian — jira
 
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. 2020-02-06 4 CVE-2019-20106
N/A
atlassian — jira
 
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. 2020-02-06 4 CVE-2019-20402
N/A
auth0 — auth0_lock
 
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. 2020-02-03 4.3 CVE-2019-20174
CONFIRM
MISC
batavi — batavi
 
Batavi before 1.0 has CSRF. 2020-02-05 6.8 CVE-2011-0525
MISC
MISC
brocade — fabric_os
 
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. 2020-02-05 5 CVE-2019-16204
CONFIRM
brocade — fabric_os
 
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. 2020-02-05 5 CVE-2019-16203
CONFIRM
brother — mfc-9970cdw_devices
 
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. 2020-02-03 5 CVE-2013-2674
MISC
XF
BID
brother — mfc-9970cdw_devices
 
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. 2020-02-03 5 CVE-2013-2672
MISC
XF
brother — mfc-9970cdw_devices
 
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. 2020-02-03 4.6 CVE-2013-2673
MISC
BID
c-lightning — c-lightning
 
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states “It can be used for testing, but it should not be used for real funds.” 2020-01-31 5 CVE-2019-12998
MISC
CONFIRM
cisco — linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. 2020-02-06 5 CVE-2013-2683
MISC
BID
XF
cisco — linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. 2020-02-05 5 CVE-2013-2680
MISC
BID
XF
cisco — linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. 2020-02-04 6.8 CVE-2013-2678
MISC
EXPLOIT-DB
BID
XF
cisco — linksys_e4200 Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. 2020-02-05 4.3 CVE-2013-2681
MISC
BID
XF
cisco — linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. 2020-02-05 4.3 CVE-2013-2682
MISC
BID
XF
cisco — linksys_e4200
 
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-02-06 4.3 CVE-2013-2684
MISC
BID
XF
computer_incident_response_center_luxembourg — ail-framework Global.py in AIL framework 2.8 allows path traversal. 2020-02-03 5 CVE-2020-8545
MISC
cysharp — messagepack_for_c#_and_unity
 
MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. 2020-01-31 6.8 CVE-2020-5234
MISC
CONFIRM
d-link — dir-100_devices
 
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure 2020-02-04 5 CVE-2013-7055
MISC
MISC
MISC
d-link — dir-100_devices
 
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script 2020-02-04 5 CVE-2013-7052
MISC
MISC
MISC
d-link — dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi CSRF 2020-02-04 6.8 CVE-2013-7053
MISC
MISC
MISC
d-link — dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters 2020-02-04 6.8 CVE-2013-7051
MISC
MISC
MISC
MISC
d-link — dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi XSS 2020-02-04 4.3 CVE-2013-7054
MISC
MISC
MISC
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. 2020-01-31 4.3 CVE-2014-8338
MISC
MISC
eclair — eclair
 
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states “it is beta-quality software and don’t put too much money in it.” 2020-01-31 5 CVE-2019-13000
MISC
MISC
CONFIRM
ens_domains — ens
 
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. 2020-01-31 4.9 CVE-2020-5232
MISC
CONFIRM
eucalyptus — eucalyptus_management_console
 
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 6.8 CVE-2014-5039
CONFIRM
evernote_corporation — evernote
 
Evernote prior to 5.5.1 has insecure password change 2020-01-31 6.6 CVE-2013-5116
MISC
MISC
MISC
f5 — big-ip
 
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default ‘xnet’ driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. 2020-02-06 5 CVE-2020-5856
CONFIRM
f5 — big-ip_edge_client_for_windows
 
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user’s machine can get shell access under unprivileged user. 2020-02-06 4.6 CVE-2020-5855
CONFIRM
gitlab — gitlab_enterprise_edition
 
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. 2020-02-05 5 CVE-2020-6833
MISC
CONFIRM
gitlab — gitlab
 
GitLab through 12.7.2 allows XSS. 2020-02-05 4.3 CVE-2020-7973
MISC
CONFIRM
MISC
gitlab — gitlab_enterprise_edition GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. 2020-02-05 5 CVE-2020-7966
MISC
CONFIRM
gitlab — gitlab_enterprise_edition GitLab EE 10.1 through 12.7.2 allows Information Disclosure. 2020-02-05 5 CVE-2020-7974
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission 2020-02-05 4.3 CVE-2020-7979
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). 2020-02-05 4 CVE-2020-7967
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. 2020-02-05 5 CVE-2020-7976
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. 2020-02-05 5 CVE-2020-7968
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. 2020-02-05 5 CVE-2020-7969
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 11.0 and later through 12.7.2 allows XSS. 2020-02-05 4.3 CVE-2020-7971
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. 2020-02-05 5 CVE-2020-7978
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). 2020-02-05 5 CVE-2020-7972
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. 2020-02-05 4.3 CVE-2020-7977
MISC
CONFIRM
google — android
 
An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR’s length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim’s device in a short amount of time from different source addresses. This will cause the victim’s Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. 2020-02-05 6.8 CVE-2019-11516
CONFIRM
MISC
MISC
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. 2020-01-31 5 CVE-2020-7955
MISC
MISC
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. 2020-01-31 5 CVE-2020-7219
MISC
MISC
hashicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. 2020-01-31 5 CVE-2020-7218
MISC
MISC
htcondor — mrg_grid
 
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. 2020-01-31 6.5 CVE-2014-8126
MISC
MISC
MISC
MISC
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability 2020-02-05 5.8 CVE-2013-0507
MISC
ibm — planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. 2020-02-05 6.8 CVE-2019-4613
XF
CONFIRM
ibm — sdk_java_technology
 
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. 2020-02-03 6.9 CVE-2019-4732
XF
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814. 2020-02-04 6.5 CVE-2019-4541
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. 2020-02-04 6 CVE-2020-4163
XF
CONFIRM
ibm — workflow_for_bluemix
 
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2020-02-05 5.8 CVE-2015-0102
MISC
CONFIRM
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. 2020-02-04 5 CVE-2019-4562
XF
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. 2020-02-04 4.3 CVE-2019-4548
XF
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. 2020-02-04 5 CVE-2019-4551
XF
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952. 2020-02-04 5 CVE-2019-4550
XF
CONFIRM
ibm — security_directory_server
 
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. 2020-02-04 5 CVE-2019-4540
XF
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. 2020-02-04 4 CVE-2019-4674
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. 2020-01-31 5 CVE-2019-4720
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. 2020-02-05 4 CVE-2019-4670
XF
CONFIRM
icewarp — webmail_server
 
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. 2020-02-01 4.3 CVE-2020-8512
MISC
MISC
MISC
info-zip — unzip
 
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8140
MISC
MISC
MISC
MISC
info-zip — unzip
 
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8139
MISC
MISC
MISC
MISC
info-zip — unzip
 
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8141
MISC
MISC
MISC
MISC
infoware — mapsuite_mapapi
 
Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 4.3 CVE-2014-2843
MISC
MISC
MISC
ipmitool — ipmitool
 
It’s been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. 2020-02-05 6.5 CVE-2020-5208
MISC
CONFIRM
MLIST
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. 2020-01-31 5 CVE-2020-7914
MISC
CONFIRM
joomla! — joomla! Joomla! 1.7.1 has core information disclosure due to inadequate error checking. 2020-02-04 5 CVE-2011-4937
MISC
MISC
MISC
MISC
joomla! — joomla!
 
Joomla! core 1.7.1 allows information disclosure due to weak encryption 2020-02-04 5 CVE-2011-3629
MISC
MISC
MISC
MISC
joomla! — joomla!
 
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. 2020-02-05 6.4 CVE-2011-1151
MISC
MISC
joomla! — joomla!
 
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. 2020-02-04