Vulnerability Summary for the Week of January 27, 2020
Released
Feb 03, 2020
Document ID
SB20-034
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- illustrator_cc | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 9.3 | CVE-2020-3714 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 9.3 | CVE-2020-3712 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 9.3 | CVE-2020-3710 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 9.3 | CVE-2020-3711 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 9.3 | CVE-2020-3713 CONFIRM |
| alienvault -- ossim | OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability | 2020-01-27 | 7.8 | CVE-2013-6056 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | 7.8 | CVE-2019-5124 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | 7.8 | CVE-2019-5146 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | 7.8 | CVE-2019-5147 MISC |
| apache -- spamassassin | A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. | 2020-01-30 | 9.3 | CVE-2020-1931 CONFIRM BUGTRAQ DEBIAN |
| apache -- spamassassin | A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges. | 2020-01-30 | 9.3 | CVE-2020-1930 CONFIRM MLIST BUGTRAQ DEBIAN |
| asus -- rt-n56u_devices | ASUS RT-N56U devices allow CSRF. | 2020-01-28 | 9.3 | CVE-2013-3093 MISC |
| avast -- secure_browser | A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker. | 2020-01-27 | 7.2 | CVE-2019-17190 MISC |
| bitdefender -- bitdefender_box_2 | A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. | 2020-01-27 | 10 | CVE-2019-17095 ETC CONFIRM ETC |
| bitdefender -- bitdefender_box_2 | A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | 2020-01-27 | 9.3 | CVE-2019-17096 CONFIRM |
| cisco -- sd-wan_solution | A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 2020-01-26 | 9 | CVE-2019-12629 CISCO |
| cisco -- sd-wan_solution_vmanage | A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. | 2020-01-26 | 7.2 | CVE-2020-3115 CISCO |
| cisco -- small_business_switches | A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 | 2020-01-30 | 7.8 | CVE-2020-3147 CISCO |
| cisco -- webex_video_mesh | A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. | 2020-01-26 | 9 | CVE-2019-16005 CISCO |
| d-link -- dir-859_devices | D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | 2020-01-29 | 10 | CVE-2019-20215 MISC CONFIRM |
| d-link -- dir-859_devices | D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | 2020-01-29 | 10 | CVE-2019-20216 MISC MISC CONFIRM |
| d-link -- dir-859_devices | D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | 2020-01-29 | 10 | CVE-2019-20217 MISC MISC CONFIRM |
| d-link -- dsr-250n_devices | D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | 2020-01-25 | 9 | CVE-2012-6613 EXPLOIT-DB |
| dolibarr -- dolibarr | The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | 2020-01-26 | 10 | CVE-2020-7995 MISC MISC |
| exiv2 -- exiv2 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | 2020-01-27 | 7.1 | CVE-2019-20421 MISC MISC |
| fudforum -- fudforum_bulletin_board | PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. | 2020-01-27 | 9 | CVE-2013-2267 BID XF |
| geocoder -- geocoder | sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | 2020-01-25 | 7.5 | CVE-2020-7981 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | 2020-01-28 | 7.5 | CVE-2019-15585 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | 2020-01-28 | 7.5 | CVE-2019-5464 MISC MISC MISC |
| git -- git | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | 9.3 | CVE-2019-1352 SUSE REDHAT MISC MISC |
| git -- git | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | 2020-01-24 | 9.3 | CVE-2019-1354 SUSE MISC MISC |
| git -- git | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | 9.3 | CVE-2019-1350 SUSE MISC MISC |
| git -- git | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | 9.3 | CVE-2019-1349 SUSE REDHAT MISC MISC |
| gnu -- gnu_coreutils | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | 2020-01-24 | 7.5 | CVE-2015-4042 MISC MISC |
| handsomeweb -- sos_webpages | backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | 2020-01-28 | 7.5 | CVE-2014-3445 MISC MISC MISC MISC MISC |
| huawei -- e587_3g_mobile_hotspot | Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | 2020-01-27 | 10 | CVE-2013-2612 XF BID |
| i_read_it_somewhere -- i_read_it_somewhere | IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | 2020-01-25 | 7.5 | CVE-2013-1744 MISC |
| intellian_technologies -- aptus | The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | 2020-01-27 | 10 | CVE-2020-8001 MISC |
| intellian_technologies -- aptus_web | Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | 2020-01-27 | 10 | CVE-2020-8000 MISC |
| intellian_technologies -- aptus_web | Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | 2020-01-25 | 10 | CVE-2020-7980 MISC MISC MISC |
| intellian -- aptus | The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | 2020-01-27 | 7.5 | CVE-2020-7999 MISC |
| irfanview -- irfanview | IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability | 2020-01-27 | 9.3 | CVE-2013-3486 MISC MISC |
| isof -- isof | All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | 2020-01-29 | 7.5 | CVE-2019-10783 MISC |
| jenkins -- jenkins | Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | 2020-01-29 | 7.5 | CVE-2020-2099 MLIST CONFIRM |
| koha -- koha | SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | 2020-01-24 | 7.5 | CVE-2014-1925 MISC MISC MISC MISC |
| koha -- koha | The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 2020-01-24 | 7.5 | CVE-2014-1924 MISC MISC MISC MISC |
| lexmark -- markvision_enterprise | Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | 2020-01-27 | 7.8 | CVE-2014-8742 CONFIRM MISC |
| lexmark -- markvision_enterprise | Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | 2020-01-27 | 10 | CVE-2014-8741 CONFIRM MISC |
| lorex_technology -- lnc116_and_lnc104_ip_cameras | Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | 2020-01-24 | 7.5 | CVE-2012-6451 MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter. | 2020-01-27 | 7.8 | CVE-2019-20428 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error. | 2020-01-27 | 7.8 | CVE-2019-20423 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check. | 2020-01-27 | 7.8 | CVE-2019-20426 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. | 2020-01-27 | 7.8 | CVE-2019-20430 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error. | 2020-01-27 | 9 | CVE-2019-20427 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. | 2020-01-27 | 7.8 | CVE-2019-20431 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. | 2020-01-27 | 7.8 | CVE-2019-20425 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size. | 2020-01-27 | 7.8 | CVE-2019-20432 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2. | 2020-01-27 | 7.8 | CVE-2019-20429 MISC MISC MISC MISC |
| lustre -- lustre | In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client. | 2020-01-27 | 7.8 | CVE-2019-20424 MISC MISC MISC MISC |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 10 | CVE-2020-3716 CONFIRM |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-29 | 10 | CVE-2020-3718 CONFIRM |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-01-29 | 7.8 | CVE-2020-3719 CONFIRM |
| microsoft -- visual_studio_code | An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'. | 2020-01-24 | 7.2 | CVE-2019-1414 MISC |
| netgear -- centria_wndr4700_devices | NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | 2020-01-28 | 7.5 | CVE-2013-3071 BID |
| netgear -- centria_wndr4700_devices | NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). | 2020-01-28 | 7.8 | CVE-2013-3074 BID |
| netgear -- wnr1000v3_devices | Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | 2020-01-29 | 10 | CVE-2013-3317 EXPLOIT-DB |
| netgear -- wnr1000v3_devices | Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | 2020-01-29 | 10 | CVE-2013-3316 EXPLOIT-DB |
opensmtpd -- opensmtpd | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | 2020-01-29 | 10 | CVE-2020-7247 MISC MISC FULLDISC MISC CONFIRM BUGTRAQ DEBIAN CERT-VN CONFIRM |
| postgresql -- postgresql | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | 2020-01-27 | 7.5 | CVE-2015-0244 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| red_hat -- openshift_origin | The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 2020-01-28 | 10 | CVE-2013-2060 MISC MISC MISC MISC |
| ruckus -- zoneflex_r500_devices | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | 2020-01-29 | 9 | CVE-2020-8438 MISC |
| soapbox -- soapbox | Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | 2020-01-24 | 7.2 | CVE-2012-6302 MISC |
| suse -- linux_enterprise_server_11 | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | 2020-01-24 | 7.2 | CVE-2019-3693 SUSE CONFIRM |
| suse -- linux_enterprise_server_11 | The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | 2020-01-24 | 7.2 | CVE-2019-3692 CONFIRM |
| suse -- opensuse_factory_and_leap | A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. | 2020-01-24 | 7.2 | CVE-2019-3694 CONFIRM |
| suse -- opensuse_leap | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | 2020-01-24 | 7.2 | CVE-2019-3697 CONFIRM |
| synacor -- zimbra_collaboration | Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | 2020-01-27 | 7.5 | CVE-2014-8563 CONFIRM CONFIRM |
| tp-link -- multiple_ip_cameras | A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. | 2020-01-29 | 10 | CVE-2013-2573 MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. | 2020-01-24 | 7.5 | CVE-2013-1595 MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | 2020-01-24 | 9 | CVE-2013-1598 MISC MISC MISC MISC MISC |
| vtiger -- vtiger_crm | vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | 2020-01-29 | 7.5 | CVE-2013-3215 BID XF |
| vtiger -- vtiger_crm | vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 2020-01-28 | 7.5 | CVE-2013-3214 EXPLOIT-DB BID XF |
| webcalendar_project -- webcalendar | install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | 2020-01-27 | 7.5 | CVE-2012-1495 MISC MISC MISC MISC |
| xnview -- xnview | XnView 2.03 has an integer overflow vulnerability | 2020-01-27 | 7.5 | CVE-2013-3493 MISC |
| xnview -- xnview | XnView 2.03 has a stack-based buffer overflow vulnerability | 2020-01-27 | 7.5 | CVE-2013-3492 MISC |
| zavio -- zavio_ip_cameras | A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | 2020-01-29 | 10 | CVE-2013-2568 MISC MISC MISC MISC MISC |
| zavio -- zavio_ip_cameras | A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. | 2020-01-29 | 7.5 | CVE-2013-2570 MISC MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_control_and_gateway_and_hmi | CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | 2020-01-24 | 4 | CVE-2020-7052 CONFIRM MISC |
| adive -- adive | Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. | 2020-01-26 | 6.8 | CVE-2020-7991 MISC MISC MISC |
| adive -- adive_framework | Adive Framework 2.0.8 has admin/user/add userName XSS. | 2020-01-26 | 4.3 | CVE-2020-7990 MISC MISC |
| adive -- adive_framework | Adive Framework 2.0.8 has admin/user/add userUsername XSS. | 2020-01-26 | 4.3 | CVE-2020-7989 MISC MISC |
| amazon -- aws_xms | Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. | 2020-01-27 | 5 | CVE-2013-2474 EXPLOIT-DB BID XF |
amd -- atidxx64.dll_driver | An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | 6.8 | CVE-2019-5183 MISC |
| apache -- nifi | An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present. | 2020-01-28 | 5 | CVE-2020-1928 CONFIRM |
| apache -- nifi | A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers. | 2020-01-28 | 4.3 | CVE-2020-1933 CONFIRM |
| apache -- superset | An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. | 2020-01-28 | 4 | CVE-2020-1932 MISC |
| asus -- wrt-ac66u_3_rt_devices | ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. | 2020-01-28 | 4.3 | CVE-2020-7997 MISC |
| bearftp -- bearftp | BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. | 2020-01-29 | 5 | CVE-2020-8416 CONFIRM CONFIRM CONFIRM MISC |
| big_switch_networks -- big_monitoring_fabric | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. | 2020-01-24 | 4.3 | CVE-2019-19632 MISC MISC |
| bitdefender -- epsecurityservice.exe | An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | 2020-01-27 | 4.4 | CVE-2019-17099 CONFIRM |
| bytemark -- symbiosis | Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. | 2020-01-27 | 5 | CVE-2014-3979 MISC MISC MISC |
| chamilo -- chamilo | Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. | 2020-01-30 | 4.3 | CVE-2013-0739 MISC MISC |
| chamilo -- chamilo | Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. | 2020-01-30 | 4.3 | CVE-2013-0738 MISC MISC |
| cisco -- application_policy_infrastructure_controller | A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j). | 2020-01-26 | 5 | CVE-2020-3139 CISCO |
| cisco -- asyncos_software_for_cisco_email_security_appliance | A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. | 2020-01-26 | 6.4 | CVE-2020-3134 CISCO |
| cisco -- crosswork_change_automation | A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-01-26 | 4.3 | CVE-2019-16024 CISCO |
| cisco -- data_center_analytics_framework | A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. | 2020-01-26 | 4.3 | CVE-2019-16015 CISCO |
| cisco -- finesse | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | 2020-01-26 | 4.3 | CVE-2019-15278 CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | 2020-01-26 | 4 | CVE-2019-15255 CISCO |
| cisco -- ios_xr_software | Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | 2020-01-26 | 5 | CVE-2019-16022 CISCO |
| cisco -- ios_xr_software | A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. | 2020-01-26 | 5 | CVE-2019-15989 CISCO |
| cisco -- ios_xr_software | Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | 2020-01-26 | 5 | CVE-2019-16020 CISCO |
| cisco -- ios_xr_software | A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process. | 2020-01-26 | 4 | CVE-2019-16027 CISCO |
| cisco -- jabber_guest | A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier. | 2020-01-26 | 4.3 | CVE-2020-3136 CISCO |
| cisco -- mobility_management_entity | A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. | 2020-01-26 | 4.3 | CVE-2019-16026 CISCO |
| cisco -- sd-wan_solution_vmanage | A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. | 2020-01-26 | 4 | CVE-2019-12619 CISCO |
| cisco -- small_business_smart_and_managed_switches | A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-01-26 | 4.3 | CVE-2020-3121 CISCO |
| cisco -- smart_software_manager_on-prem | A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. | 2020-01-26 | 6.4 | CVE-2019-16029 CISCO |
| cisco -- ucs_director | A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. | 2020-01-26 | 5 | CVE-2019-16003 CISCO |
| cisco -- webex_meetings_suite_and_online | A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. | 2020-01-26 | 5 | CVE-2020-3142 CISCO |
| cisco -- webex_teams | A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. | 2020-01-26 | 4 | CVE-2020-3131 CISCO |
| codecov -- codecov | Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | 2020-01-25 | 6.5 | CVE-2020-7596 MISC |
| contao -- contao | contao prior to 2.11.4 has a sql injection vulnerability | 2020-01-29 | 6.5 | CVE-2012-4383 MISC |
| core_security -- vivotek_pt7135_ip_camera | An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. | 2020-01-24 | 5 | CVE-2013-1596 MISC MISC MISC MISC MISC |
| core_security -- vivotek_pt7135_ip_camera | An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. | 2020-01-24 | 5 | CVE-2013-1594 MISC MISC MISC MISC MISC MISC |
| cpanel -- webhost_manager | Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-27 | 4.3 | CVE-2012-6448 EXPLOIT-DB |
| dolibarr -- dolibarr | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. | 2020-01-26 | 4.3 | CVE-2020-7994 MISC MISC |
| dolibarr -- dolibarr | htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. | 2020-01-26 | 4.3 | CVE-2020-7996 MISC MISC |
| eucalyptus -- eucalyptus_management_control | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-27 | 4.3 | CVE-2013-4770 MISC |
| f-revocrm -- f-revocrm | Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-27 | 4.3 | CVE-2019-6036 MISC MISC |
| fuji_xerox -- netprint | The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-01-27 | 5.8 | CVE-2020-5520 MISC MISC |
| fuji_xerox -- kantan_netprint | The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-01-27 | 5.8 | CVE-2020-5522 MISC MISC |
| fuji_xerox -- kantan_netprint | The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-01-27 | 5.8 | CVE-2020-5521 MISC MISC |
| gitlab -- gitlab | An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | 2020-01-28 | 5 | CVE-2019-5472 MISC MISC MISC |
| gitlab -- gitlab | An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | 2020-01-28 | 5 | CVE-2019-5470 MISC MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition
| An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | 2020-01-28 | 5 | CVE-2019-15582 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | 2020-01-28 | 5 | CVE-2019-15579 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | 2020-01-28 | 5 | CVE-2019-15578 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | 2020-01-28 | 5 | CVE-2019-15581 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | 2020-01-28 | 5 | CVE-2019-15583 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | 2020-01-28 | 5 | CVE-2019-15590 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | 2020-01-28 | 4.3 | CVE-2019-15586 MISC MISC |
| gitlab -- gitlab_community_end_enterprise_edition | A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | 2020-01-28 | 6.8 | CVE-2019-5462 MISC MISC MISC |
| git -- git | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | 2020-01-24 | 5 | CVE-2019-1351 SUSE MISC MISC |
| gnu -- aspell | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | 2020-01-27 | 6.4 | CVE-2019-20433 MISC |
| gnu -- gnu_coreutils | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | 2020-01-24 | 4.6 | CVE-2015-4041 MISC MISC MISC |
| gnu -- gnutls | GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | 2020-01-27 | 5 | CVE-2015-0294 MISC MISC MISC |
| google -- android | audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | 2020-01-24 | 4.3 | CVE-2015-1525 MISC |
| google -- android | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | 2020-01-24 | 6 | CVE-2015-1530 MISC |
| ibm -- content_navigator | IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. | 2020-01-28 | 4 | CVE-2019-4679 XF CONFIRM |
| ibm -- mq_and_mq_appliance | IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | 2020-01-28 | 4 | CVE-2019-4614 XF CONFIRM |
| ibm -- mq_and_mq_appliance | IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | 2020-01-28 | 4.3 | CVE-2019-4568 XF CONFIRM |
| ibm -- mq_appliance_and_lts | IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. | 2020-01-28 | 4.6 | CVE-2019-4620 XF CONFIRM |
| ibm -- security_access_manager_appliance | IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. | 2020-01-28 | 5.5 | CVE-2019-4707 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | 2020-01-28 | 4 | CVE-2019-4636 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. | 2020-01-28 | 5 | CVE-2019-4639 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004. | 2020-01-28 | 4.3 | CVE-2019-4632 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043. | 2020-01-28 | 4 | CVE-2019-4637 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007. | 2020-01-28 | 4.3 | CVE-2019-4633 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | 2020-01-28 | 4.3 | CVE-2019-4638 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001. | 2020-01-28 | 5.8 | CVE-2019-4631 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | 2020-01-28 | 4 | CVE-2019-4635 XF CONFIRM |
| icewarp -- webmail_server | In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | 2020-02-01 | 4.3 | CVE-2020-8512 MISC MISC |
| jazzband -- django-user-sessions | In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | 2020-01-24 | 4 | CVE-2020-5224 CONFIRM MISC |
| jenkins -- jenkins | Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2020-01-29 | 4 | CVE-2020-2107 MLIST CONFIRM |
| jenkins -- jenkins | REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | 2020-01-29 | 4.3 | CVE-2020-2105 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | 2020-01-29 | 4 | CVE-2020-2103 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 2020-01-29 | 6.5 | CVE-2020-2108 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | 2020-01-29 | 4 | CVE-2020-2104 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | 2020-01-29 | 5 | CVE-2020-2100 MLIST CONFIRM |
| jetbrains -- intellij_idea | Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | 2020-01-30 | 5 | CVE-2020-7905 MISC CONFIRM |
| jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | 2020-01-30 | 5.8 | CVE-2020-7904 MISC CONFIRM |
| jetbrains -- rider | In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. | 2020-01-30 | 5 | CVE-2020-7906 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | 2020-01-30 | 5 | CVE-2020-7909 MISC CONFIRM |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | 2020-01-30 | 4.3 | CVE-2020-7908 MISC CONFIRM |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | 2020-01-30 | 4.3 | CVE-2020-7911 MISC CONFIRM |
| jetbrains -- youtrack | JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. | 2020-01-30 | 4.3 | CVE-2020-7913 MISC CONFIRM |
| jetbrains -- youtrack | In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | 2020-01-30 | 5 | CVE-2020-7912 MISC CONFIRM |
| koha -- koha | Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | 2020-01-24 | 5 | CVE-2014-1923 MISC MISC MISC MISC MISC |
| koha -- koha | Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | 2020-01-24 | 5 | CVE-2014-1922 MISC MISC MISC MISC |
| lldpd -- lldpd | Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | 2020-01-28 | 6.8 | CVE-2015-8011 MISC MISC MISC |
| lldpd -- lldpd | lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. | 2020-01-28 | 5 | CVE-2015-8012 MISC MISC CONFIRM CONFIRM |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-01-29 | 5 | CVE-2020-3717 CONFIRM |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-01-29 | 4.3 | CVE-2020-3715 CONFIRM |
| magento -- magento | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-01-29 | 4.3 | CVE-2020-3758 CONFIRM |
| mediawiki -- mediawiki | The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | 2020-01-28 | 5 | CVE-2013-6455 MISC |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | 2020-01-28 | 4.3 | CVE-2013-6451 MISC |
| microsoft -- microsoft_dynamics_365_server | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | 2020-01-24 | 4 | CVE-2018-8654 MISC |
| mirumee -- saleor | An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). | 2020-01-24 | 5 | CVE-2020-7964 MISC MISC |
| mympc -- media_player_classic_home_cinema | Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file. | 2020-01-31 | 6.8 | CVE-2013-3488 CONFIRM MISC |
| mympc -- media_player_classic_home_cinema | Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file | 2020-01-31 | 6.8 | CVE-2013-3489 MISC MISC |
| netapp -- oncommand_system_manager | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | 2020-01-29 | 6 | CVE-2013-3321 XF MISC |
| netapp -- oncommand_system_manager | Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | 2020-01-29 | 4.3 | CVE-2013-3320 BID XF XF |
| netty -- netty | Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | 2020-01-27 | 5 | CVE-2020-7238 MISC MISC |
| netty -- netty | HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | 2020-01-29 | 6.4 | CVE-2019-20444 MISC MISC MLIST MLIST MLIST |
| netty -- netty | HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. | 2020-01-29 | 6.4 | CVE-2019-20445 MISC MISC MLIST MLIST MLIST |
| novell -- zenworks_configuration_management | Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | 2020-01-25 | 5 | CVE-2012-6345 MISC |
| novell -- zenworks_configuration_management | Novell ZENworks Configuration Management before 11.2.4 allows XSS. | 2020-01-25 | 4.3 | CVE-2012-6344 MISC |
| ntt_data_corporation -- mypallete | Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-01-28 | 5.8 | CVE-2020-5523 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| openpne -- openpne_3 | OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | 2020-01-24 | 6.4 | CVE-2013-4333 MISC MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. | 2020-01-30 | 6.5 | CVE-2020-8442 MISC MISC MISC |
| peerigon -- angular-expressions | Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | 2020-01-24 | 6.8 | CVE-2020-5219 MISC MISC CONFIRM |
| postgresql -- postgresql | The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | 2020-01-27 | 6.5 | CVE-2015-0241 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| postgresql -- postgresql | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | 2020-01-27 | 4 | CVE-2014-8161 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| postgresql -- postgresql | Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | 2020-01-27 | 6.5 | CVE-2015-0242 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| postgresql -- postgresql | Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 2020-01-27 | 6.5 | CVE-2015-0243 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| proxmox -- proxmox | Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability | 2020-01-27 | 5 | CVE-2014-4156 MISC MISC |
| pwgen_project -- pwgen | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | 2020-01-27 | 5 | CVE-2013-4441 MISC MISC MISC MISC |
| pyradius -- pyrad | packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 2020-01-28 | 4.3 | CVE-2013-0294 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM MISC CONFIRM |
| python -- python | In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | 2020-01-28 | 4.3 | CVE-2020-8315 MISC |
| qt -- qt | Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | 2020-01-24 | 5 | CVE-2015-9541 MISC |
| rapid7 -- nexpose | Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access. | 2020-01-25 | 4.3 | CVE-2012-6494 BID XF |
| ratpack -- ratpack | All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode. | 2020-01-28 | 4.3 | CVE-2019-10770 CONFIRM |
| roundup -- roundup | Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | 2020-01-30 | 4.3 | CVE-2012-6133 CONFIRM MISC MISC MISC CONFIRM |
| simplehrm -- simplehrm | SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie. | 2020-01-27 | 5 | CVE-2013-2499 MISC BID XF |
| simplesamlphp -- simplesamlphp | Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. | 2020-01-24 | 5.5 | CVE-2020-5225 CONFIRM MISC |
| smb4k -- smb4k | Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | 2020-01-28 | 5 | CVE-2014-2581 CONFIRM CONFIRM CONFIRM MISC MISC MISC |
| stroom -- stroom | All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user. | 2020-01-28 | 4.3 | CVE-2019-10779 CONFIRM |
| synacor -- zimbra_collaboration | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 2020-01-27 | 4.3 | CVE-2019-8946 MISC MISC MISC MISC |
| synacor -- zimbra_collaboration | Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | 2020-01-27 | 4.3 | CVE-2019-8947 MISC MISC MISC MISC |
| synacor -- zimbra_collaboration | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 2020-01-27 | 4.3 | CVE-2019-8945 MISC MISC MISC MISC |
| synacor -- zimbra_collaboration | In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | 2020-01-27 | 4.3 | CVE-2019-15313 MISC MISC |
| synacor -- zimbracollaboration | Synacor Zimbra Collaboration before 8.0.8 has XSS. | 2020-01-27 | 4.3 | CVE-2014-5500 CONFIRM |
| tennisconnect -- tennisconnect_components | Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | 2020-01-28 | 4.3 | CVE-2014-8490 MISC MISC |
| tiki_software_community_association -- tiki_wiki_cms_groupware | Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | 2020-01-27 | 6 | CVE-2011-4558 MISC |
| tor_project -- tor | buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 2020-01-24 | 5 | CVE-2015-2688 MISC MISC |
| tor_project -- tor | The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | 2020-01-24 | 5 | CVE-2015-2928 MLIST CONFIRM |
| tor_project -- tor | Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 2020-01-24 | 5 | CVE-2015-2689 MISC MISC |
| tor_project -- tor | The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. | 2020-01-24 | 5 | CVE-2015-2929 MISC MISC |
| tornadoweb -- tornado | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 2020-01-24 | 4.3 | CVE-2014-9720 MISC MISC MISC MISC MISC |
| tp-link -- multiple_ip_cameras | A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | 2020-01-29 | 5 | CVE-2013-2572 MISC MISC MISC MISC MISC |
| tp-link -- tp-link_tl-wr849n | TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. | 2020-01-27 | 4.1 | CVE-2019-19143 MISC |
| typo3 -- typo3_and_typo3_elts | svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. | 2020-01-27 | 4.3 | CVE-2020-8091 MISC MISC |
| unity_security_providers -- secure_entry_server | Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default. | 2020-01-28 | 5.8 | CVE-2013-2764 BID XF |
| valve_dota_2 -- valve_dota_2 | meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. | 2020-01-27 | 6.8 | CVE-2020-7950 MISC |
| valve_dota_2 -- valve_dota_2 | meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. | 2020-01-27 | 6.8 | CVE-2020-7951 MISC |
| valve_dota_2 -- valve_dota_2 | schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. | 2020-01-27 | 6.8 | CVE-2020-7949 MISC |
| valve_dota_2 -- valve_dota_2 | rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. | 2020-01-27 | 6.8 | CVE-2020-7952 MISC |
| videolan -- vlc_media_player | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | 2020-01-24 | 6.8 | CVE-2014-9630 MISC MISC CONFIRM |
| videolan -- vlc_media_player | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | 2020-01-24 | 6.8 | CVE-2014-9629 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. | 2020-01-24 | 6.8 | CVE-2014-9627 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | 2020-01-24 | 6.8 | CVE-2014-9625 MISC MISC CONFIRM |
| videolan -- vlc_media_player | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | 2020-01-24 | 6.8 | CVE-2014-9626 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | 2020-01-24 | 6.8 | CVE-2014-9628 MISC MISC CONFIRM |
| viewgit -- viewgit | Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php. | 2020-01-30 | 4.3 | CVE-2013-2294 CONFIRM MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. | 2020-01-24 | 4 | CVE-2013-1597 MISC MISC MISC MISC MISC |
| webcalendar_project -- webcalendar | Local file inclusion in WebCalendar before 1.2.5. | 2020-01-27 | 6.5 | CVE-2012-1496 MISC |
| wiz -- wiz | Wiz 5.0.3 has a user mode write access violation | 2020-01-27 | 5 | CVE-2013-5659 MISC MISC |
| wordpress -- wordpress | WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | 2020-01-27 | 6.4 | CVE-2013-4462 MISC MISC |
| wordpress -- wordpress | Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter. | 2020-01-28 | 4.3 | CVE-2013-2714 BID |
| wordpress -- wordpress | Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php. | 2020-01-28 | 6.8 | CVE-2015-5483 MISC MISC MISC |
| wso2 -- multiple_products | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects. | 2020-01-28 | 4.3 | CVE-2019-20436 MISC MISC |
| wso2 -- multiple_products | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations. | 2020-01-28 | 4.3 | CVE-2019-20437 MISC MISC |
| zavio -- ip_cameras | A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream. | 2020-01-29 | 5 | CVE-2013-2569 MISC MISC MISC MISC |
| zavio -- ip_cameras | An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. | 2020-01-29 | 5 | CVE-2013-2567 MISC MISC MISC MISC MISC |
| zend -- zend_mail | CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | 2020-01-27 | 4.3 | CVE-2015-3154 CONFIRM |
| zeuscart -- zeuscart | Multiple SQL injection vulnerabilities in ZeusCart 4.x. | 2020-01-31 | 6.5 | CVE-2014-3868 MISC MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| a1 -- wlan_box_a | The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). | 2020-01-27 | 3.5 | CVE-2020-8090 MISC |
| bitdefender -- bitdefender_av_for_mac | An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. | 2020-01-27 | 2.1 | CVE-2019-17103 CONFIRM |
| cisco -- multiple_ip_phones | A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-01-26 | 3.5 | CVE-2019-16008 CISCO |
| cisco -- unity_connection_software | A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. | 2020-01-26 | 3.5 | CVE-2020-3129 CISCO |
| dokeos -- dokeos | Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. | 2020-01-29 | 3.5 | CVE-2012-5776 MISC MISC |
| fortinet -- fortisiem | An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | 2020-01-28 | 3.5 | CVE-2019-17651 CONFIRM |
| git -- git | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. | 2020-01-24 | 3.6 | CVE-2019-1348 SUSE REDHAT MISC MISC |
| google -- android | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | 2020-01-24 | 3.5 | CVE-2019-1460 MISC |
| havalite -- havalite_cms | Havalite CMS 1.1.7 has a stored XSS vulnerability | 2020-01-29 | 3.5 | CVE-2013-0161 MISC |
| jenkins -- jenkins | Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | 2020-01-29 | 3.5 | CVE-2020-2106 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | 2020-01-29 | 3.5 | CVE-2020-2102 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | 2020-01-29 | 3.5 | CVE-2020-2101 MLIST CONFIRM |
| jetbrains -- teamcity | JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | 2020-01-30 | 3.5 | CVE-2020-7910 MISC CONFIRM |
| linux -- linux_kernel | fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. | 2020-01-29 | 3.6 | CVE-2020-8428 MLIST MLIST MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. | 2020-01-27 | 2.1 | CVE-2019-20422 MISC MISC |
| microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 2020-01-24 | 3.6 | CVE-2019-1454 MISC |
| netapp -- e-series_santricity_os_controller_software | E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | 2020-01-30 | 3.3 | CVE-2019-17273 CONFIRM |
| node-red -- node-red | A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc. | 2020-01-28 | 3.5 | CVE-2019-15607 MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user. | 2020-01-30 | 2.1 | CVE-2020-8448 MISC MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | 2020-01-30 | 2.1 | CVE-2020-8446 MISC MISC MISC |
| simplesamlphp -- simplesamlphp | Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field. | 2020-01-24 | 3.5 | CVE-2020-5226 CONFIRM MISC |
| suse -- linux_enterprise_server | The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. | 2020-01-24 | 1.9 | CVE-2019-3687 CONFIRM |
| suse -- networkmanager | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | 2020-01-27 | 3.2 | CVE-2006-7246 MISC MISC MISC MISC |
| synacor -- zimbra_collaboration | Zimbra Collaboration before 8.6.0 patch5 has XSS. | 2020-01-27 | 3.5 | CVE-2015-2249 CONFIRM |
| synacor -- zimbra_collaboration | Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | 2020-01-27 | 3.5 | CVE-2019-11318 MISC MISC MISC MISC |
| synacor -- zimbra_collaboration | Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | 2020-01-27 | 3.5 | CVE-2019-12427 MISC MISC MISC |
| virgl -- virglrenderer | A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. | 2020-01-27 | 2.1 | CVE-2020-8003 MISC MISC MISC MISC |
| virgl -- virglrenderer | A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). | 2020-01-27 | 2.1 | CVE-2020-8002 MISC MISC MISC |
| wordpress -- wordpress | The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. | 2020-01-28 | 3.5 | CVE-2020-8426 MISC MISC MISC |
| wordpress -- wordpress | Pinboard 1.0.6 theme for Wordpress has XSS. | 2020-01-27 | 3.5 | CVE-2013-0286 MISC |
| wowza_media_systems -- wowza_streaming_engine | Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. | 2020-01-29 | 3.5 | CVE-2019-7655 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. | 2020-01-28 | 3.5 | CVE-2019-20434 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. | 2020-01-28 | 3.5 | CVE-2019-20435 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. | 2020-01-28 | 3.5 | CVE-2019-20438 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. | 2020-01-28 | 3.5 | CVE-2019-20439 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. | 2020-01-28 | 3.5 | CVE-2019-20440 MISC MISC |
| wso2 -- api_manager | An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. | 2020-01-28 | 3.5 | CVE-2019-20441 MISC MISC |
| wso2 -- multiple_products | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. | 2020-01-28 | 3.5 | CVE-2019-20443 MISC MISC |
| wso2 -- multiple_products | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. | 2020-01-28 | 3.5 | CVE-2019-20442 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abrt -- abrt | ABRT might allow attackers to obtain sensitive information from crash reports. | 2020-01-31 | not yet calculated | CVE-2011-4088 MISC MISC |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-01-28 | not yet calculated | CVE-2019-8257 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-01-28 | not yet calculated | CVE-2019-7131 CONFIRM |
| aircrack-ng -- aircrack-ng | Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | 2020-01-31 | not yet calculated | CVE-2014-8321 CONFIRM MISC MISC CONFIRM MISC |
| aircrack-ng -- aircrack-ng | Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | 2020-01-31 | not yet calculated | CVE-2014-8322 CONFIRM MISC MISC MISC CONFIRM MISC |
| alcatel-lucent -- 1830_photonic_service_switch | Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | 2020-01-31 | not yet calculated | CVE-2014-3809 MISC |
| apache -- jackrabbit_oak | The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. | 2020-01-28 | not yet calculated | CVE-2020-1940 MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST |
| aroxsolution -- school_management_software_php/mysql | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | 2020-01-31 | not yet calculated | CVE-2020-8505 MISC |
| aroxsolution -- school_management_software_php/mysql | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | 2020-01-31 | not yet calculated | CVE-2020-8504 MISC |
| aruba -- airwave_management_platform | A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | 2020-01-31 | not yet calculated | CVE-2016-2032 MISC MISC MISC MISC |
| aruba -- clearpass_policy_manager | Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to 6.5.6 and 6.6.0 includes SQL injection issues, unauthenticated arbitrary file read via XXE, remote root command execution, and elevated privilege issues. | 2020-01-31 | not yet calculated | CVE-2016-2033 CONFIRM |
| aruba -- instate | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | 2020-01-31 | not yet calculated | CVE-2016-2031 MISC MISC MISC MISC |
| belkin -- wemo_switch | Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | 2020-01-28 | not yet calculated | CVE-2013-2748 EXPLOIT-DB BID XF |
| belkin_wemo_insight_switch | A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. | 2020-01-27 | not yet calculated | CVE-2019-17094 CONFIRM |
| biscom -- biscom_secure_file_transfer | Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. | 2020-01-31 | not yet calculated | CVE-2020-8503 MISC |
| bitdefender -- bitdefender_antivirus_for_mac | A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. | 2020-01-30 | not yet calculated | CVE-2020-8092 MISC |
| bitdefender -- bitdefender_antivirus_for_mac | A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | 2020-01-30 | not yet calculated | CVE-2020-8093 MISC |
| bitdefender -- bitdefender_box_2 | An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36. | 2020-01-27 | not yet calculated | CVE-2019-17102 CONFIRM |
| bitdefender -- bitdefender_total_security_2020 | A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | 2020-01-30 | not yet calculated | CVE-2020-8095 CONFIRM |
| bitdefender -- total_security_2020 | An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | 2020-01-27 | not yet calculated | CVE-2019-17100 MISC |
| c-lightning -- c-lightning | c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds." | 2020-01-31 | not yet calculated | CVE-2019-12998 MISC CONFIRM |
| cisco -- ios_xr_software | A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | 2020-01-26 | not yet calculated | CVE-2019-16018 CISCO |
| com.puppycrawl.tools:checkstyle -- com.puppycrawl.tools:checkstyle | All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. | 2020-01-30 | not yet calculated | CVE-2019-10782 MISC |
| cups_easy -- cups_easy_purchase_&_inventory | Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. | 2020-01-28 | not yet calculated | CVE-2020-8425 MISC MISC |
| cups_easy -- cups_easy_purchase_&_inventory | Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. | 2020-01-28 | not yet calculated | CVE-2020-8424 MISC MISC |
| cysharp -- messagepack_for_c#_and_unity | MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. | 2020-01-31 | not yet calculated | CVE-2020-5234 MISC CONFIRM |
| d-link -- multiple_cameras | An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information. | 2020-01-28 | not yet calculated | CVE-2013-1600 MISC MISC MISC MISC MISC |
| d-link -- multiple_ip_cameras | An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream. | 2020-01-28 | not yet calculated | CVE-2013-1603 MISC MISC MISC MISC MISC |
| d-link -- multiple_ip_cameras | A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera?s web interface. | 2020-01-28 | not yet calculated | CVE-2013-1599 MISC MISC MISC MISC FULLDISC MISC |
| d-link -- multiple_ip_cameras | An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information. | 2020-01-28 | not yet calculated | CVE-2013-1601 MISC MISC MISC MISC MISC |
| d-link -- multiple_ip_cameras | An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. | 2020-01-28 | not yet calculated | CVE-2013-1602 MISC MISC MISC MISC |
| das_u-boot -- das_u-boot | In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | 2020-01-29 | not yet calculated | CVE-2020-8432 MISC MISC |
| draytek -- multiple_devices | DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. | 2020-02-01 | not yet calculated | CVE-2020-8515 MISC |
| drupal -- drupal | The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. | 2020-01-30 | not yet calculated | CVE-2013-4187 MISC MISC MISC CONFIRM MISC |
| drupal -- drupal | The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | 2020-01-30 | not yet calculated | CVE-2013-2198 MISC CONFIRM CONFIRM CONFIRM |
| drupal -- drupal | Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | 2020-01-31 | not yet calculated | CVE-2014-8338 MISC MISC |
| eclair -- eclair | Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it." | 2020-01-31 | not yet calculated | CVE-2019-13000 MISC MISC CONFIRM |
| edk2 -- unified_extensible_firmware_interface | Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | 2020-01-31 | not yet calculated | CVE-2014-4859 MISC |
| edk2 -- unified_extensible_firmware_interface | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | 2020-01-31 | not yet calculated | CVE-2014-4860 MISC |
| ensdomains -- ens | A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. | 2020-01-31 | not yet calculated | CVE-2020-5232 MISC CONFIRM |
| eucalyptus -- eucalyptus_management_console | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-31 | not yet calculated | CVE-2014-5039 CONFIRM |
| evernote -- evernote | Evernote before 5.5.1 has insecure PIN storage | 2020-01-31 | not yet calculated | CVE-2013-5112 MISC MISC |
| evernote -- evernote | Evernote prior to 5.5.1 has insecure password change | 2020-01-31 | not yet calculated | CVE-2013-5116 MISC MISC MISC |
| feedgen -- feedgen | Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources. | 2020-01-28 | not yet calculated | CVE-2020-5227 MISC MISC CONFIRM |
| fish-shell -- fish-shell | The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | 2020-01-28 | not yet calculated | CVE-2014-2906 MISC MISC CONFIRM |
| fish-shell -- fish-shell | The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | 2020-01-28 | not yet calculated | CVE-2014-3856 MISC CONFIRM MISC |
| fish-shell -- fish-shell | fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | 2020-01-28 | not yet calculated | CVE-2014-2914 MISC CONFIRM |
| foscam -- ip_camera_fi8620 | An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | 2020-01-29 | not yet calculated | CVE-2013-2574 MISC MISC MISC MISC MISC |
| fuji_xerox -- awms_mobile_app | The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-01-31 | not yet calculated | CVE-2020-5526 MISC MISC |
| fusionauth -- fusionauth | An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | 2020-01-28 | not yet calculated | CVE-2020-7799 MISC MISC MISC BUGTRAQ |
| gemalto -- gemalto_tokend | Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | 2020-01-30 | not yet calculated | CVE-2013-1867 MISC MISC |
| git -- git | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | 2020-01-24 | not yet calculated | CVE-2019-1353 SUSE MISC MISC |
| git-extras -- git-extras | The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | 2020-01-28 | not yet calculated | CVE-2012-6114 MISC MISC MISC |
| gitlab -- gitlab | An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | 2020-01-28 | not yet calculated | CVE-2019-5468 MISC MISC MISC |
| gitlab -- gitlab_and_gitlab_community_edition_and_gitlab_enterprise_edition | The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | 2020-01-28 | not yet calculated | CVE-2013-4582 MISC MISC MISC |
| gitlab -- gitlab_and_gitlab_community_edition_and_gitlab_enterprise_edition | The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | 2020-01-28 | not yet calculated | CVE-2013-4583 MISC MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | 2020-01-28 | not yet calculated | CVE-2019-5466 MISC MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | 2020-01-28 | not yet calculated | CVE-2019-5465 MISC MISC MISC |
| gitlab -- gitlab_enterprise_edition | An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | 2020-01-28 | not yet calculated | CVE-2019-5474 MISC MISC MISC |
| hashicorp -- consul_and_consul_enterprise | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. | 2020-01-31 | not yet calculated | CVE-2020-7219 MISC MISC |
| hashicorp -- consul_and_consul_enterprise | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | 2020-01-31 | not yet calculated | CVE-2020-7955 MISC MISC |
| hashicorp -- nomad_and_nomad_enterprise | HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. | 2020-01-31 | not yet calculated | CVE-2020-7218 MISC MISC |
| hashicorp -- nomad_and_nomad_enterprise | HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | 2020-01-31 | not yet calculated | CVE-2020-7956 MISC MISC |
| hp -- intel-based_business_pcs | A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02). | 2020-01-31 | not yet calculated | CVE-2019-18913 CONFIRM |
| htcondor -- mrg_grid | The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | 2020-01-31 | not yet calculated | CVE-2014-8126 MISC MISC MISC MISC |
| ibm -- watson_iot_message_gateway | IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. | 2020-01-28 | not yet calculated | CVE-2020-4207 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. | 2020-01-31 | not yet calculated | CVE-2019-4720 XF CONFIRM |
| idelji -- web_viewpoint_and_web_viewpoint_plus_and_web_viewpoint_enterprise | An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. | 2020-01-27 | not yet calculated | CVE-2019-19539 CONFIRM |
info-zip -- unzip | Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | not yet calculated | CVE-2014-8140 MISC MISC MISC MISC |
| info-zip -- unzip | Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | not yet calculated | CVE-2014-8139 MISC MISC MISC MISC |
| info-zip -- unzip | Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | not yet calculated | CVE-2014-8141 MISC MISC MISC MISC |
| infoware -- mapsuite_mapapi | Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-31 | not yet calculated | CVE-2014-2843 MISC MISC MISC |
| intel -- multiple_intel_processors | Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2020-01-28 | not yet calculated | CVE-2020-0549 CONFIRM |
| intel -- multiple_intel_processors | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2020-01-28 | not yet calculated | CVE-2020-0548 CONFIRM |
| intergraph_corporation -- erdas_er_viewer | ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities | 2020-01-30 | not yet calculated | CVE-2013-0725 MISC MISC |
| israeli_ex_libris -- aleph_500 | Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. | 2020-01-30 | not yet calculated | CVE-2014-3719 MISC MISC |
| israeli_ex_libris -- aleph_500 | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter. | 2020-01-30 | not yet calculated | CVE-2014-3718 MISC MISC |
| jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | 2020-01-31 | not yet calculated | CVE-2020-7914 MISC CONFIRM |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. | 2020-01-28 | not yet calculated | CVE-2020-8419 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. | 2020-01-28 | not yet calculated | CVE-2020-8420 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | 2020-01-28 | not yet calculated | CVE-2020-8421 MISC |
| kronos -- kronos_web_time_and_attendance | A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | 2020-01-30 | not yet calculated | CVE-2020-8493 MISC MISC |
| kronos -- kronos_web_time_and_attendance | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | 2020-01-30 | not yet calculated | CVE-2020-8495 MISC MISC |
| kronos -- kronos_web_time_and_attendance | In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | 2020-01-30 | not yet calculated | CVE-2020-8496 MISC MISC |
| kronos -- kronos_web_time_and_attendance | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. | 2020-01-30 | not yet calculated | CVE-2020-8494 MISC MISC |
| ktor -- ktor | In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. | 2020-01-27 | not yet calculated | CVE-2020-5207 MISC CONFIRM |
| liferay -- portal_ce | In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). | 2020-01-28 | not yet calculated | CVE-2020-7934 MISC |
| lightning_labs -- lightning_network_daemon | Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. | 2020-01-31 | not yet calculated | CVE-2019-12999 MISC MISC CONFIRM |
| linux -- linux_kernel | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. | 2020-01-31 | not yet calculated | CVE-2019-3016 CONFIRM CONFIRM CONFIRM |
| logmein -- lastpass | LastPass prior to 2.5.1 allows secure wipe bypass. | 2020-01-31 | not yet calculated | CVE-2013-5114 MISC MISC MISC |
| logmein -- lastpass | LastPass prior to 2.5.1 has an insecure PIN implementation. | 2020-01-31 | not yet calculated | CVE-2013-5113 MISC MISC MISC |
| lzx_apps -- super_file_explorer | An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service. | 2020-01-28 | not yet calculated | CVE-2020-7998 MISC MISC |
| mediawiki -- mediawiki | The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | 2020-01-27 | not yet calculated | CVE-2014-9481 MISC MISC CONFIRM MISC |
| micasaverde -- veralite | MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | 2020-01-28 | not yet calculated | CVE-2013-4862 MISC MISC MISC |
| micasaverde -- veralite | Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. | 2020-01-28 | not yet calculated | CVE-2013-4861 MISC MISC MISC |
| micasaverde -- veralite | MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. | 2020-01-28 | not yet calculated | CVE-2013-4864 MISC MISC MISC |
| micasaverde -- veralite | Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. | 2020-01-28 | not yet calculated | CVE-2013-4865 MISC MISC MISC |
| micasaverde -- veralite | The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | 2020-01-28 | not yet calculated | CVE-2013-4863 MISC MISC MISC |
| motu -- motu_avb_devices | AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. | 2020-01-27 | not yet calculated | CVE-2020-8009 MISC |
| multiple_vendors -- multiple_bios_implementations | The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | 2020-01-30 | not yet calculated | CVE-2015-0949 MISC |
| multiple_vendors -- multiple_realtek_sdk_based_routers | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | 2020-01-27 | not yet calculated | CVE-2019-19823 MISC MISC FULLDISC FULLDISC MISC MISC |
| multiple_vendors -- multiple_realtek_sdk_based_routers | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. | 2020-01-27 | not yet calculated | CVE-2019-19822 MISC MISC FULLDISC FULLDISC MISC MISC |
| neato -- botvac_connected | An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot. | 2020-01-27 | not yet calculated | CVE-2018-19441 MISC MISC |
| netapp -- oncommand_system_manager | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | 2020-01-31 | not yet calculated | CVE-2013-3322 XF MISC |
| nethack -- nethack | In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5209 MISC CONFIRM |
| nethack -- nethack | In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5211 CONFIRM |
| nethack -- nethack | In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5214 CONFIRM |
| nethack -- nethack | In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5210 MISC CONFIRM |
| nethack -- nethack | In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5212 CONFIRM |
| nethack -- nethack | In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | 2020-01-28 | not yet calculated | CVE-2020-5213 CONFIRM |
| network_time_foundation -- network_time_protocol | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | 2020-01-28 | not yet calculated | CVE-2015-7851 MISC MISC MISC |
| node-uuid -- node-uuid | node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | 2020-01-30 | not yet calculated | CVE-2015-8851 MISC MISC CONFIRM CONFIRM |
| oauth2_proxy -- oauth2_proxy | OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | 2020-01-30 | not yet calculated | CVE-2020-5233 MISC MISC CONFIRM |
| open-xchange -- open-xchange_app_suite | Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | 2020-01-31 | not yet calculated | CVE-2014-5236 MISC MISC MISC |
| opencast -- opencast | In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 | 2020-01-30 | not yet calculated | CVE-2020-5206 MISC CONFIRM |
| opencast -- opencast | Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | 2020-01-30 | not yet calculated | CVE-2020-5222 MISC CONFIRM |
| opencast -- opencast | Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint. | 2020-01-30 | not yet calculated | CVE-2020-5229 MISC CONFIRM |
| opencast -- opencast | Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows. | 2020-01-30 | not yet calculated | CVE-2020-5228 MISC CONFIRM |
| opencast -- opencast | Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(?) vs Id.compact(?) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | 2020-01-30 | not yet calculated | CVE-2020-5230 MISC CONFIRM |
| opencast -- opencast | In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name ? implying an admin for a specific course ? users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration. | 2020-01-30 | not yet calculated | CVE-2020-5231 MISC CONFIRM |
| openjpeg -- openjpeg | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. | 2020-01-28 | not yet calculated | CVE-2020-8112 MISC MLIST |
| opensc -- opensc.tokend | OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | 2020-01-30 | not yet calculated | CVE-2013-1866 MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 2020-01-30 | not yet calculated | CVE-2020-8447 MISC MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 2020-01-30 | not yet calculated | CVE-2020-8443 MISC MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data. | 2020-01-30 | not yet calculated | CVE-2020-8445 MISC MISC MISC |
| ossec -- ossec-hids | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 2020-01-30 | not yet calculated | CVE-2020-8444 MISC MISC MISC |
| pandora_fms -- pandora_fms | Pandora FMS ? 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type. | 2020-01-30 | not yet calculated | CVE-2019-20050 MISC |
| perl -- perl | The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | 2020-01-31 | not yet calculated | CVE-2011-4117 MISC MISC MISC |
| perl -- perl | The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | 2020-01-28 | not yet calculated | CVE-2014-3230 MISC MISC MISC MISC MISC |
| perl -- perl | _is_safe in the File::Temp module for Perl does not properly handle symlinks. | 2020-01-31 | not yet calculated | CVE-2011-4116 MISC MISC MISC MISC MISC |
| perl -- perl | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 2020-01-28 | not yet calculated | CVE-2013-1437 MISC MISC MISC |
| perl -- perl | Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | 2020-01-31 | not yet calculated | CVE-2011-4115 MISC MISC CONFIRM |
| pivotal -- pivotal_tc_server_and_pivotal_tc_runtime | In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. | 2020-01-27 | not yet calculated | CVE-2019-11288 CONFIRM |
| polycom -- hdx_video_end_points_and_uc_ap | Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. | 2020-01-28 | not yet calculated | CVE-2012-6610 MISC MISC |
| polycom -- web_management_interface_g3/hdx_8000_hd | Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | 2020-01-28 | not yet calculated | CVE-2012-6609 MISC MISC |
| prosody -- prosody | The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | 2020-01-28 | not yet calculated | CVE-2020-8086 MISC MISC CONFIRM BUGTRAQ DEBIAN |
| python -- python | The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | 2020-01-28 | not yet calculated | CVE-2013-1895 MISC MISC MISC MISC MISC |
| python -- python | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | 2020-01-30 | not yet calculated | CVE-2020-8492 MISC MISC MISC |
| qemu -- qemu | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 2020-01-31 | not yet calculated | CVE-2015-6815 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM CONFIRM |
| rockwell_automation -- arena_simulation_software | A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. | 2020-01-27 | not yet calculated | CVE-2019-13521 MISC MISC |
| rockwell_automation -- arena_simulation_software | A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. | 2020-01-27 | not yet calculated | CVE-2019-13519 MISC MISC |
| senior -- rubiweb | Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL. | 2020-01-31 | not yet calculated | CVE-2019-19550 CONFIRM |
| silicon_graphics_international -- sgi_tempo | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | 2020-01-27 | not yet calculated | CVE-2014-7303 MISC MISC |
| silicon_graphics_international -- sgi_tempo | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | 2020-01-27 | not yet calculated | CVE-2014-7302 MISC MISC |
| silicon_graphics_international -- sgi_tempo | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. | 2020-01-27 | not yet calculated | CVE-2014-7301 MISC MISC |
| simplejobscript -- simplejobscript | controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | 2020-01-31 | not yet calculated | CVE-2020-8440 CONFIRM |
| smc_networks -- d3g0804w_d3gnv5m-3.5.1.6.10_ga_devices | SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. | 2020-01-27 | not yet calculated | CVE-2020-8087 MISC |
| solarwinds -- n-central | SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | 2020-01-26 | not yet calculated | CVE-2020-7984 MISC MISC MISC MISC MISC MISC MISC MISC |
| sonalak -- verax_nms | Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. | 2020-01-30 | not yet calculated | CVE-2013-1352 MISC MISC MISC |
| sonalak -- verax_nms | Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | 2020-01-30 | not yet calculated | CVE-2013-1350 MISC MISC |
| sonalak -- verax_nms | Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | 2020-01-30 | not yet calculated | CVE-2013-1351 MISC MISC MISC |
| sonalak -- verax_nms | Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action | 2020-01-30 | not yet calculated | CVE-2013-1631 MISC MISC |
| sudo -- sudo | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. | 2020-01-29 | not yet calculated | CVE-2019-18634 FULLDISC MLIST MLIST MLIST BUGTRAQ BUGTRAQ BUGTRAQ CONFIRM DEBIAN CONFIRM MISC |
| suse -- linux_enterprise_server_15_obs-service-tar_scm_and_opensuse_factory_obs-service-tar_scm | Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | 2020-01-27 | not yet calculated | CVE-2018-12476 CONFIRM |
| suse -- opensuse_leap_yast2-rmt | A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | 2020-01-27 | not yet calculated | CVE-2018-20105 CONFIRM |
| suse -- suse_studio_onsite_susestudio-common | A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. | 2020-01-27 | not yet calculated | CVE-2017-14806 CONFIRM |
| suse -- suse_studio_onsite_susestudio-ui-server | An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. | 2020-01-27 | not yet calculated | CVE-2017-14807 CONFIRM |
| sylius -- resourcebundle | Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3. | 2020-01-27 | not yet calculated | CVE-2020-5220 MISC CONFIRM |
| sylius -- sylius | Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore. | 2020-01-27 | not yet calculated | CVE-2020-5218 MISC CONFIRM |
| tensorflow -- tensorflow | In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0. | 2020-01-28 | not yet calculated | CVE-2020-5215 MISC MISC MISC CONFIRM |
| tibco_software -- tibco_patterns_-_search | The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below. | 2020-01-28 | not yet calculated | CVE-2019-17338 CONFIRM CONFIRM |
| totolink -- realtek_sdk_based_routers | On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. | 2020-01-27 | not yet calculated | CVE-2019-19824 MISC FULLDISC FULLDISC MISC |
| totolink -- realtek_sdk_based_routers | On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. | 2020-01-27 | not yet calculated | CVE-2019-19825 MISC FULLDISC FULLDISC MISC |
| trend_micro -- anti-threat_toolkit | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | 2020-01-30 | not yet calculated | CVE-2019-20358 FULLDISC N/A N/A |
| united_planet -- intrexx_professional | Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. | 2020-01-31 | not yet calculated | CVE-2014-2025 MISC MISC CONFIRM |
| usebb -- usebb | panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 2020-01-27 | not yet calculated | CVE-2020-8088 MISC |
| videolan -- vlc_media_player | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 2020-01-31 | not yet calculated | CVE-2013-3565 MISC MISC MISC MISC |
| vtiger -- vtiger_crm | vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | 2020-01-28 | not yet calculated | CVE-2013-3212 EXPLOIT-DB BID XF |
| web2project -- web2project | Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | 2020-01-31 | not yet calculated | CVE-2014-3119 MISC MISC MISC |
| webargs -- webargs | flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF. | 2020-01-29 | not yet calculated | CVE-2020-7965 CONFIRM |
| wolfssl -- cyassl | wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | 2020-01-28 | not yet calculated | CVE-2014-2898 MISC MISC CONFIRM CONFIRM |
| wolfssl -- cyassl | The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. | 2020-01-28 | not yet calculated | CVE-2014-2896 MISC MISC CONFIRM CONFIRM |
| wolfssl -- cyassl | The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | 2020-01-28 | not yet calculated | CVE-2014-2897 MISC MISC CONFIRM CONFIRM |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page). | 2020-01-30 | not yet calculated | CVE-2013-4241 MISC MISC MISC MISC MISC |
| wordpress -- wordpress | XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | 2020-01-30 | not yet calculated | CVE-2020-8498 MISC MISC MISC |
| wordpress -- wordpress | The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | 2020-01-28 | not yet calculated | CVE-2020-8417 MISC MISC |
| wordpress -- wordpress | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | 2020-01-30 | not yet calculated | CVE-2013-0291 MISC MISC |
| wowza -- wowza_streaming_engine | Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. | 2020-01-29 | not yet calculated | CVE-2019-7654 MISC MISC |
| wowza -- wowza_streaming_engine | A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. | 2020-01-29 | not yet calculated | CVE-2019-7656 MISC MISC |
| xpient -- xpient_point_of_sale_systems | Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | 2020-01-28 | not yet calculated | CVE-2013-2571 MISC MISC MISC MISC |
| zoho_manageengine -- desktopcentral | Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | 2020-01-27 | not yet calculated | CVE-2013-7390 MISC MISC |
| zoho_manageengine -- remote_access_plus | An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | 2020-01-31 | not yet calculated | CVE-2020-8422 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.