Vulnerability Summary for the Week of February 24, 2020
Released
Mar 02, 2020
Document ID
SB20-062
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- jsery_protocol | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. | 2020-02-24 | 7.5 | CVE-2020-1938 MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM |
| cacti -- cacti | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | 2020-02-22 | 9.3 | CVE-2020-8813 MISC MISC MISC MISC CONFIRM MISC MISC |
| cisco -- fxos_software | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | 2020-02-26 | 7.2 | CVE-2020-3169 CISCO |
| compile-sass -- compile-sass | compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | 2020-02-24 | 7.5 | CVE-2019-10799 MISC MISC |
| couchbase -- couchbase_server | Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access). | 2020-02-22 | 7.5 | CVE-2020-9039 CONFIRM |
| d-link -- dap-1330_devices | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. | 2020-02-22 | 8.3 | CVE-2020-8861 N/A N/A |
| d-link -- dap-2610_devices | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. | 2020-02-22 | 8.3 | CVE-2020-8862 N/A N/A |
| d-link -- dch-m225_devices | D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 2020-02-21 | 10 | CVE-2020-6841 MISC CONFIRM |
| d-link -- dch-m225_devices | D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 2020-02-21 | 9 | CVE-2020-6842 MISC CONFIRM |
| druva -- insync_macos_client | Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. | 2020-02-25 | 7.2 | CVE-2019-4000 MISC |
| druva -- insync_windows_client | Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | 2020-02-25 | 7.2 | CVE-2019-3999 MISC |
| gnu -- screen | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | 2020-02-24 | 7.5 | CVE-2020-9366 MLIST MISC MISC |
| ibl_software_engineering -- online_weather | IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | 2020-02-26 | 7.5 | CVE-2020-9406 MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. | 2020-02-24 | 10 | CVE-2020-4212 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | 2020-02-24 | 10 | CVE-2020-4211 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. | 2020-02-24 | 10 | CVE-2020-4222 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020. | 2020-02-24 | 10 | CVE-2020-4210 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. | 2020-02-24 | 10 | CVE-2020-4213 XF CONFIRM |
| moxa -- awk-3131a_devices | An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 9 | CVE-2019-5138 MISC |
| moxa -- awk-3131a_devices | An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 9 | CVE-2019-5136 MISC |
| moxa -- awk-3131a_devices | An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. | 2020-02-25 | 9 | CVE-2019-5142 MISC |
| moxa -- awk-3131a_devices | An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 9 | CVE-2019-5162 MISC |
| netapp -- oncommand_cloud_manager | OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | 2020-02-26 | 7.5 | CVE-2019-17275 CONFIRM |
| netgear -- nighthawk_x10-r900_devices | In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. | 2020-02-24 | 9.3 | CVE-2019-12511 MISC |
| networkmanager-ssh -- networkmanager-ssh | danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | 2020-02-23 | 7.5 | CVE-2020-9355 MISC MISC MISC |
| opensmtpd -- opensmtpd | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. | 2020-02-25 | 10 | CVE-2020-8794 FULLDISC MLIST MLIST MLIST DEBIAN MISC MISC |
| patriot -- viper_rgb | A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. | 2020-02-21 | 7.2 | CVE-2019-19452 MISC MISC |
| ruby -- rake | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 2020-02-24 | 9.3 | CVE-2020-8130 MISC MLIST |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php. | 2020-02-26 | 10 | CVE-2019-19994 MISC MISC MISC |
| smartclient -- smartclient | An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. | 2020-02-23 | 7.5 | CVE-2020-9352 MISC |
| tp-link -- tl-wr849n_devices | On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | 2020-02-24 | 7.5 | CVE-2020-9374 MISC MISC |
| yarn -- yarn | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | 2020-02-24 | 7.5 | CVE-2020-8131 CONFIRM MISC |
| zsh -- zsh | In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | 2020-02-24 | 7.2 | CVE-2019-20044 MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- kylin | Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. | 2020-02-24 | 4 | CVE-2020-1937 MLIST |
| apache -- struts | Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | 2020-02-27 | 4.3 | CVE-2015-2992 MISC MISC MISC |
| atos -- unify_openscape_uc_application | Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload. | 2020-02-21 | 4.3 | CVE-2019-19865 MISC MISC |
| atos -- unify_openscape_uc_web_client | Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. | 2020-02-21 | 5 | CVE-2019-19866 MISC MISC |
| auieo -- candid_applicant_tracking_system | CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | 2020-02-22 | 6.8 | CVE-2020-9341 MISC |
| buddypress -- buddypress | In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. | 2020-02-24 | 5 | CVE-2020-5244 MISC MISC CONFIRM |
| centreon -- centreon_web | An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | 2020-02-24 | 6.5 | CVE-2019-15299 MISC MISC MISC |
| dnn_software -- dnn | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | 2020-02-24 | 4 | CVE-2020-5188 MISC MISC MISC |
| dnn_software -- dnn | DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 2020-02-24 | 6.5 | CVE-2020-5187 MISC MISC MISC |
| election -- election | fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. | 2020-02-22 | 6.5 | CVE-2020-9340 MISC |
| fiserv -- accurate_reconciliation | Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp timeOut parameter. | 2020-02-26 | 4.3 | CVE-2020-8952 MISC |
| freeradius -- pam_radius | add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | 2020-02-24 | 5 | CVE-2015-9542 CONFIRM MISC MLIST |
| gogs -- gogs | Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | 2020-02-21 | 4.3 | CVE-2020-9329 MISC |
| golfbuddy -- course_manager | In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | 2020-02-26 | 4 | CVE-2020-9337 MISC MISC |
| google -- android | btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | 2020-02-21 | 5.8 | CVE-2014-7914 MISC |
| google -- chrome | Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-02-27 | 6.8 | CVE-2020-6407 MISC MISC |
| google -- chrome | Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-02-27 | 6.8 | CVE-2020-6386 MISC MISC |
| google -- chrome | Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-02-27 | 6.8 | CVE-2020-6384 MISC MISC |
| google -- chrome | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-02-27 | 4.3 | CVE-2020-6418 MISC MISC |
| google -- chrome | Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-02-27 | 6.8 | CVE-2020-6383 MISC MISC |
| gurux -- gxdlms_director | Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. | 2020-02-25 | 6.8 | CVE-2020-8809 MISC MISC |
| ibl_software_engineering -- online_weather | IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | 2020-02-26 | 5 | CVE-2020-9407 MISC |
| ibl_software_engineering -- online_weather | IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. | 2020-02-26 | 4.3 | CVE-2020-9405 MISC |
| ibm -- business_process_manager_and_business_automation_workflow | IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254. | 2020-02-27 | 6.5 | CVE-2019-4669 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. | 2020-02-24 | 4 | CVE-2019-4745 XF CONFIRM |
| ibm -- qrader_advisor | IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206. | 2020-02-25 | 5 | CVE-2019-4557 XF CONFIRM |
| ibm -- qrader_advisor | IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438. | 2020-02-25 | 5 | CVE-2019-4672 XF CONFIRM |
| ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878. | 2020-02-24 | 5.8 | CVE-2019-4595 XF CONFIRM |
| ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | 2020-02-26 | 4.3 | CVE-2019-4726 XF CONFIRM |
| ibm -- sterling_brb_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881. | 2020-02-26 | 6.5 | CVE-2019-4598 XF CONFIRM |
| ibm -- sterling_brb_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880. | 2020-02-26 | 6.5 | CVE-2019-4597 XF CONFIRM |
| ibm -- websphere_service_registry_and_repository | IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593. | 2020-02-26 | 5 | CVE-2019-4537 XF CONFIRM |
| jetbrains -- scala_plugin | In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | 2020-02-21 | 5 | CVE-2020-7907 MISC MISC |
| kunena -- kunena | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | 2020-02-25 | 4.3 | CVE-2016-11020 MISC MISC MISC |
| litecart -- litecart | LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | 2020-02-25 | 5 | CVE-2020-9018 MISC MISC |
| litecart -- litecart | LiteCart through 2.2.1 allows CSV injection via a customer's profile. | 2020-02-25 | 6 | CVE-2020-9017 MISC MISC |
| lua-openssl -- lua-openssl | openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 2020-02-27 | 6.4 | CVE-2020-9432 MISC |
| lua-openssl -- lua-openssl | openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 2020-02-27 | 6.4 | CVE-2020-9433 MISC |
| lua-openssl -- lua-openssl | openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 2020-02-27 | 6.4 | CVE-2020-9434 MISC |
| mcafee -- web_advisor | Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | 2020-02-24 | 4.3 | CVE-2019-3670 CONFIRM |
| miele -- xgw_3000_zigbee_gateway | In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. | 2020-02-24 | 6.8 | CVE-2019-20480 MISC |
| miele -- xgw_300_zigbee_gateway | In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | 2020-02-24 | 5 | CVE-2019-20481 MISC |
| moxa -- awk-3131a_devices | The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | 2020-02-25 | 5 | CVE-2019-5137 MISC |
| moxa -- awk-3131a_devices | An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. | 2020-02-25 | 5 | CVE-2019-5148 MISC |
| moxa -- awk-3131a_devices | An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 6.5 | CVE-2019-5140 MISC |
| moxa -- awk-3131a_devices | An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 6.5 | CVE-2019-5143 MISC |
| moxa -- awk-3131a_devices | An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 6.5 | CVE-2019-5141 MISC |
| moxa -- awk-3131a_devices | An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 2020-02-25 | 6.5 | CVE-2019-5153 MISC |
| moxa -- awk-3131a_devices | An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. | 2020-02-25 | 6.5 | CVE-2019-5165 MISC |
| netgear -- nighthawk_x10-r900_devices | In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. | 2020-02-24 | 6.4 | CVE-2019-12510 MISC |
| netgear -- nighthawk_x10-r900_devices | In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible. | 2020-02-24 | 4.3 | CVE-2019-12513 MISC |
| netgear -- nighthawk_x10-r900_devices | In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag. | 2020-02-24 | 4.3 | CVE-2019-12512 MISC |
| open-xchange -- ox_app_suite_and_ox_documents | OX App Suite through 7.10.2 allows SSRF. | 2020-02-21 | 4 | CVE-2019-18846 MISC |
| opensmtpd -- opensmtpd | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | 2020-02-25 | 4.7 | CVE-2020-8793 FULLDISC MLIST MISC |
| otrs -- open_ticket_request_system
| Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 2020-02-21 | 4 | CVE-2013-3551 MISC MISC |
| otrs -- open_ticket_request_system | Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 2020-02-21 | 4 | CVE-2013-4088 MISC MISC MISC MISC |
| pacman -- pacman | pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. | 2020-02-24 | 6.8 | CVE-2019-18183 MISC MISC MISC |
| pacman -- pacman | pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. | 2020-02-24 | 6.8 | CVE-2019-18182 MISC MISC CONFIRM |
| php -- php | In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. | 2020-02-27 | 6.4 | CVE-2020-7061 MISC |
| php -- php | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. | 2020-02-27 | 4.3 | CVE-2020-7062 MISC |
| php -- php | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | 2020-02-27 | 5 | CVE-2020-7063 MISC |
| pure-ftpd -- pure-ftpd | An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. | 2020-02-24 | 5 | CVE-2020-9365 MISC |
| rpi -- rpi | rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | 2020-02-24 | 6.8 | CVE-2019-10796 MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem. | 2020-02-26 | 4 | CVE-2019-19992 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. | 2020-02-26 | 5 | CVE-2019-19993 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on. | 2020-02-26 | 4.3 | CVE-2019-19987 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization. | 2020-02-26 | 5 | CVE-2019-19989 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content. | 2020-02-26 | 6.5 | CVE-2019-19988 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database). | 2020-02-26 | 5 | CVE-2019-19986 MISC MISC MISC |
| smartclient -- smartclient | An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal. | 2020-02-23 | 6.4 | CVE-2020-9354 MISC |
| smartclient -- smartclient | An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. | 2020-02-23 | 5 | CVE-2020-9353 MISC |
| smartclient -- smartclient | An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). | 2020-02-23 | 5 | CVE-2020-9351 MISC |
| sqlite -- sqlite | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | 2020-02-21 | 5 | CVE-2020-9327 MISC MISC MISC |
| sympa-community -- sympa | Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | 2020-02-24 | 5 | CVE-2020-9369 MISC MISC |
| total.js -- cms | controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | 2020-02-24 | 5 | CVE-2020-9381 MISC MISC |
| tucan -- tucan | Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. | 2020-02-21 | 6.8 | CVE-2012-0063 MLIST MISC MISC MISC |
| ua-parser -- uap-core | uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. | 2020-02-21 | 5 | CVE-2020-5243 MISC CONFIRM |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. | 2020-02-27 | 5 | CVE-2020-9428 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. | 2020-02-27 | 5 | CVE-2020-9431 MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. | 2020-02-27 | 5 | CVE-2020-9429 MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. | 2020-02-27 | 5 | CVE-2020-9430 MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks. | 2020-02-26 | 4.3 | CVE-2019-19134 MISC MISC MISC MISC |
| wordpress -- wordpress | includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | 2020-02-24 | 4.3 | CVE-2019-17229 MISC MISC MISC |
| wordpress -- wordpress | The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. | 2020-02-25 | 4.3 | CVE-2020-9019 MISC MISC |
| wordpress -- wordpress | An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. | 2020-02-25 | 4.3 | CVE-2020-9393 MISC |
| wordpress -- wordpress | An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. | 2020-02-25 | 6.8 | CVE-2020-9394 MISC |
| wordpress -- wordpress | includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. | 2020-02-24 | 6.4 | CVE-2019-17228 MISC MISC MISC |
| zint -- zint | A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. | 2020-02-25 | 5 | CVE-2020-9385 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blackboard -- learn | Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | 2020-02-25 | 3.5 | CVE-2020-9008 MISC MISC |
| dnn_software -- dnn | DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | 2020-02-24 | 3.5 | CVE-2020-5186 MISC MISC MISC |
| election -- election | fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. | 2020-02-22 | 3.5 | CVE-2020-9336 MISC |
| fiserv -- accurate_reconciliation | Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. | 2020-02-26 | 3.5 | CVE-2020-8951 MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. | 2020-02-24 | 2.9 | CVE-2019-4703 XF CONFIRM |
| ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879. | 2020-02-26 | 3.5 | CVE-2019-4596 XF CONFIRM |
| moxa -- awk_3131A_devices | An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | 2020-02-25 | 3.6 | CVE-2019-5139 MISC |
| netsurf -- netsurf | Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | 2020-02-21 | 2.1 | CVE-2012-0844 MISC MISC MISC BID |
| sas -- visual_analytics | Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | 2020-02-23 | 3.5 | CVE-2020-9350 MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php. | 2020-02-26 | 3.5 | CVE-2019-19990 MISC MISC MISC |
| selesta -- visual_access_manager | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php. | 2020-02-26 | 3.5 | CVE-2019-19991 MISC MISC MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. | 2020-02-22 | 3.5 | CVE-2020-9338 MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 allows XSS via the Name or Comment to status.php. | 2020-02-22 | 3.5 | CVE-2020-9339 MISC |
| wordpress -- wordpress | A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. | 2020-02-25 | 3.5 | CVE-2020-9334 MISC MISC |
| wordpress -- wordpress | Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. | 2020-02-25 | 3.5 | CVE-2020-9335 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | 2020-02-24 | not yet calculated | CVE-2019-17569 MLIST |
| apache -- tomcat | In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | 2020-02-24 | not yet calculated | CVE-2020-1935 MLIST |
| apple -- ios_and_ipados | An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera. | 2020-02-27 | not yet calculated | CVE-2020-3869 MISC |
| apple -- ios_and_ipados | This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews. | 2020-02-27 | not yet calculated | CVE-2020-3873 MISC |
| apple -- ios_and_ipados | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | 2020-02-27 | not yet calculated | CVE-2020-3828 MISC |
| apple -- ios_and_ipados | A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3831 MISC |
| apple -- ios_and_ipados | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | 2020-02-27 | not yet calculated | CVE-2020-3859 MISC |
| apple -- ios_and_ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3858 MISC |
| apple -- ios_and_ipados | This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state. | 2020-02-27 | not yet calculated | CVE-2020-3844 MISC |
| apple -- ios_and_ipados | An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content. | 2020-02-27 | not yet calculated | CVE-2020-3874 MISC |
| apple -- ios_and_ipados_and_watchos | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3860 MISC MISC |
| apple -- itunes_for_windows | The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system. | 2020-02-27 | not yet calculated | CVE-2020-3861 MISC |
| apple -- macos_catalina | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3871 MISC |
| apple -- macos_catalina | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. | 2020-02-27 | not yet calculated | CVE-2020-3845 MISC |
| apple -- macos_catalina | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2020-02-27 | not yet calculated | CVE-2020-3843 MISC |
| apple -- macos_catalina | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory. | 2020-02-27 | not yet calculated | CVE-2020-3839 MISC |
| apple -- macos_catalina | This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper. | 2020-02-27 | not yet calculated | CVE-2020-3866 MISC |
| apple -- macos_catalina | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. | 2020-02-27 | not yet calculated | CVE-2020-3854 MISC |
| apple -- macos_catalina | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. | 2020-02-27 | not yet calculated | CVE-2020-3830 MISC |
| apple -- macos_catalina | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3827 MISC |
| apple -- macos_catalina | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. | 2020-02-27 | not yet calculated | CVE-2020-3835 MISC |
| apple -- macos_catalina_and_watchos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3877 MISC MISC |
| apple -- multiple_iphones | A denial of service issue was addressed with improved input validation. | 2020-02-28 | not yet calculated | CVE-2019-8741 MISC MISC MISC MISC MISC MISC MISC |
| apple -- multiple_products | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3842 MISC MISC MISC MISC |
| apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3878 MISC MISC MISC MISC |
| apple -- multiple_products | An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout. | 2020-02-27 | not yet calculated | CVE-2020-3836 MISC MISC MISC MISC |
| apple -- multiple_products | An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3840 MISC MISC MISC |
| apple -- multiple_products | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. | 2020-02-27 | not yet calculated | CVE-2020-3875 MISC MISC MISC MISC |
| apple -- multiple_products | The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | 2020-02-27 | not yet calculated | CVE-2020-3841 MISC MISC |
| apple -- multiple_products | A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3846 MISC MISC |
| apple -- multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption. | 2020-02-27 | not yet calculated | CVE-2020-3856 MISC MISC MISC MISC |
| apple -- multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | 2020-02-27 | not yet calculated | CVE-2020-3867 SUSE MISC MISC |
| apple -- multiple_products | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3868 SUSE MISC MISC MISC |
| apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3870 MISC MISC MISC MISC |
| apple -- multiple_products | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges. | 2020-02-27 | not yet calculated | CVE-2020-3853 MISC MISC MISC MISC |
| apple -- multiple_products | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3865 SUSE MISC MISC |
| apple -- multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges. | 2020-02-27 | not yet calculated | CVE-2020-3829 MISC MISC MISC MISC |
| apple -- multiple_products | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3837 MISC MISC MISC MISC |
| apple -- multiple_products | A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. | 2020-02-27 | not yet calculated | CVE-2020-3862 SUSE MISC MISC |
| apple -- multiple_products | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. | 2020-02-27 | not yet calculated | CVE-2020-3872 MISC MISC MISC MISC |
| apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3826 MISC MISC |
| apple -- multiple_products | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. | 2020-02-27 | not yet calculated | CVE-2020-3857 MISC MISC MISC MISC |
| apple -- multiple_products | The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. | 2020-02-27 | not yet calculated | CVE-2020-3838 MISC MISC MISC MISC |
| apple -- multiple_products | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-02-27 | not yet calculated | CVE-2020-3825 MISC MISC |
| apple -- safari | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing. | 2020-02-27 | not yet calculated | CVE-2020-3833 MISC |
| apple -- watchos | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-02-27 | not yet calculated | CVE-2020-3834 MISC |
| aruba_networks -- airwave_management_platform | An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. | 2020-02-27 | not yet calculated | CVE-2019-5326 CONFIRM |
| aruba_networks -- airwave_management_platform | There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | 2020-02-27 | not yet calculated | CVE-2019-5323 CONFIRM |
| asus -- multiple_devices | Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | 2020-02-27 | not yet calculated | CVE-2018-8878 MISC |
| asus -- multiple_devices | Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | 2020-02-27 | not yet calculated | CVE-2018-8877 MISC |
| avast -- multiple_products | The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux. | 2020-02-28 | not yet calculated | CVE-2020-9399 MISC MISC |
| avaya -- aura_conferencing | A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | 2020-02-28 | not yet calculated | CVE-2019-7007 CONFIRM |
| blab -- multiple_products | An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | 2020-02-28 | not yet calculated | CVE-2020-9449 MISC |
| centreon -- centreon | Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | 2020-02-28 | not yet calculated | CVE-2020-9463 MISC |
| cisco -- fxos_software | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. | 2020-02-26 | not yet calculated | CVE-2020-3166 CISCO |
cisco -- fxos_software_and_nx-os_software | A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. | 2020-02-26 | not yet calculated | CVE-2020-3172 CISCO |
cisco -- fxos_software_and_unified_computing_system_manager | A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | 2020-02-26 | not yet calculated | CVE-2020-3167 CISCO |
cisco -- fxos_software_and_unified_computing_system_manager_software | A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | 2020-02-26 | not yet calculated | CVE-2020-3171 CISCO |
| cisco -- nexus_1000v_for_vmware_vsphere | A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. | 2020-02-26 | not yet calculated | CVE-2020-3168 CISCO |
| cisco -- nx-os_software | A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions. | 2020-02-26 | not yet calculated | CVE-2020-3174 CISCO |
| cisco -- nx-os_software | A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | 2020-02-26 | not yet calculated | CVE-2020-3170 CISCO |
| cisco -- nx-os_software | A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system’s trusted network. | 2020-02-26 | not yet calculated | CVE-2020-3165 CISCO |
| cisco -- nx-os_software_for_mds_9000_series_multilayer_switches | A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. | 2020-02-26 | not yet calculated | CVE-2020-3175 CISCO |
| cisco -- unified_computing_system_manager_software | A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | 2020-02-26 | not yet calculated | CVE-2020-3173 CISCO |
| cloud_foundry -- cloud_controller | Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. | 2020-02-27 | not yet calculated | CVE-2020-5400 CONFIRM |
| cloud_foundry -- routing_release | Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. | 2020-02-27 | not yet calculated | CVE-2020-5401 CONFIRM |
| cloud_foundry -- uaa | In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | 2020-02-27 | not yet calculated | CVE-2020-5402 CONFIRM |
| drobo -- 5n2_devices | In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself. | 2020-02-24 | not yet calculated | CVE-2018-14705 MISC MISC |
| dropwizard -- dropwizard | Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2. | 2020-02-24 | not yet calculated | CVE-2020-5245 MISC MISC MISC MISC MISC MISC CONFIRM |
| enpeem -- enpeem | enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | 2020-02-28 | not yet calculated | CVE-2019-10801 MISC MISC |
| eyesofnetwork -- eonweb | An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | 2020-02-28 | not yet calculated | CVE-2020-9465 MISC MISC |
| google -- native_client | NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | 2020-02-25 | not yet calculated | CVE-2015-0565 MISC MISC MISC |
| gurux -- gxdlms_director | An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed. | 2020-02-25 | not yet calculated | CVE-2020-8810 MISC MISC |
| gwtupload -- gwtupload | The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename. | 2020-02-28 | not yet calculated | CVE-2020-9447 MISC |
| hostapd -- hostapd | hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. | 2020-02-28 | not yet calculated | CVE-2019-10064 MISC FULLDISC MLIST MLIST MISC |
| huawei -- cloudengine_12800 | CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. | 2020-02-28 | not yet calculated | CVE-2020-1861 MISC |
| huawei -- honor_v10_smartphones | Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot. | 2020-02-28 | not yet calculated | CVE-2020-1792 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. | 2020-02-28 | not yet calculated | CVE-2020-1860 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. | 2020-02-28 | not yet calculated | CVE-2020-1874 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500. | 2020-02-28 | not yet calculated | CVE-2020-1875 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. | 2020-02-28 | not yet calculated | CVE-2020-1876 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot. | 2020-02-28 | not yet calculated | CVE-2020-1873 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. | 2020-02-28 | not yet calculated | CVE-2020-1881 MISC |
| huawei -- multiple_products | NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot. | 2020-02-28 | not yet calculated | CVE-2020-1877 MISC |
| huawei -- pcmanager | PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. | 2020-02-28 | not yet calculated | CVE-2020-1844 MISC |
| hunesion -- i-onenet | Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | 2020-02-27 | not yet calculated | CVE-2017-16900 MISC MISC MISC |
| ibm -- bigfix_self-service_application | BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. | 2020-02-28 | not yet calculated | CVE-2019-4301 CONFIRM |
| ispconfig -- ispconfig | ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | 2020-02-25 | not yet calculated | CVE-2020-9398 MISC |
| jenkins -- multiple_products | Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." | 2020-02-24 | not yet calculated | CVE-2012-0785 MLIST MISC CONFIRM MISC CONFIRM |
| juniper -- junos | Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration. Note that the ftps-extensions option is not enabled by default. | 2020-02-28 | not yet calculated | CVE-2015-5361 CONFIRM |
| juniper -- qfx3500_and_qfx3600_devices | On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. | 2020-02-28 | not yet calculated | CVE-2015-3006 CONFIRM |
| kill-port-process -- kill-port-process | The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | 2020-02-28 | not yet calculated | CVE-2019-15609 MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. | 2020-02-25 | not yet calculated | CVE-2020-9391 MLIST MISC MISC FEDORA |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | 2020-02-25 | not yet calculated | CVE-2020-9383 MISC |
| magento -- magento | An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. | 2020-02-25 | not yet calculated | CVE-2020-8818 MISC MISC MISC |
| mangoraft -- giting | giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | 2020-02-28 | not yet calculated | CVE-2019-10802 MISC MISC |
| mediawiki -- mediawiki | An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function. | 2020-02-24 | not yet calculated | CVE-2020-9382 MISC MISC |
| mitel -- micontact_center_business | The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. | 2020-02-25 | not yet calculated | CVE-2020-9379 MISC CONFIRM |
| moxa -- multiple_devices | Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | 2020-02-26 | not yet calculated | CVE-2019-18238 MISC |
| mozilla -- gateway | An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | 2020-02-28 | not yet calculated | CVE-2020-6803 MISC |
| mozilla -- gateway | A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. | 2020-02-28 | not yet calculated | CVE-2020-6804 MISC |
netapp -- fas_8300/8700_and_aff_a400_baseboard_management_controller_devices | NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. | 2020-02-26 | not yet calculated | CVE-2019-17274 CONFIRM |
| openssl -- openssl | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | 2020-02-27 | not yet calculated | CVE-2020-7042 MISC MISC |
| openssl -- openssl | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | 2020-02-27 | not yet calculated | CVE-2020-7043 MISC MISC |
| openssl -- openssl | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | 2020-02-27 | not yet calculated | CVE-2020-7041 MISC MISC |
| openvpn -- connect | OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. | 2020-02-28 | not yet calculated | CVE-2020-9442 MISC |
| pablo_software_solutions -- quick_n_easy_web_server | The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. | 2020-02-28 | not yet calculated | CVE-2019-19943 EXPLOIT-DB |
| pdf-image -- pdf-image | Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | 2020-02-28 | not yet calculated | CVE-2020-8132 MISC |
| puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails | In Puma (RubyGem) before 4.3.2 and 3.12.2, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. | 2020-02-28 | not yet calculated | CVE-2020-5247 CONFIRM MISC MISC |
| puppet -- puppet_enterprise_console | Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | 2020-02-27 | not yet calculated | CVE-2015-5686 CONFIRM |
| pure-ftpd -- pure-ftpd | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. | 2020-02-26 | not yet calculated | CVE-2020-9274 MISC MLIST MISC |
| push-dir -- push-dire | push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | 2020-02-28 | not yet calculated | CVE-2019-10803 MISC MISC |
| qt -- qt | In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | 2020-02-28 | not yet calculated | CVE-2018-21035 MISC MISC |
| quick_heal -- quick_heal | The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android. | 2020-02-24 | not yet calculated | CVE-2020-9362 MISC |
| rdf-ext -- rdf-graph-array | rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype. | 2020-02-24 | not yet calculated | CVE-2019-10798 MISC MISC |
| red_hat -- red_hat_enterprise_virtualization | VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | 2020-02-25 | not yet calculated | CVE-2015-5201 CONFIRM MISC MISC MISC |
| reveal.js -- reveal.js | Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. | 2020-02-28 | not yet calculated | CVE-2020-8127 MISC |
| serial-number -- serial-number | serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | 2020-02-28 | not yet calculated | CVE-2019-10804 MISC MISC |
| solarwinds -- orion_platform | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 2020-02-25 | not yet calculated | CVE-2019-12863 MISC MISC |
| sophos -- multiple_products | The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. | 2020-02-24 | not yet calculated | CVE-2020-9363 MISC |
suse -- linux_enterprise_server_11_and_12_and_opensuse_factory | UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. | 2020-02-28 | not yet calculated | CVE-2019-3698 CONFIRM |
| synchronet -- bbs | Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header. | 2020-02-27 | not yet calculated | CVE-2017-6371 MISC EXPLOIT-DB |
| tonnet -- tat-76_and_tat-77_series_devices | DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. | 2020-02-27 | not yet calculated | CVE-2020-3924 CONFIRM CONFIRM |
| tonnet -- tat-76_and_tat-77_series_devices | DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. | 2020-02-27 | not yet calculated | CVE-2020-3923 CONFIRM CONFIRM |
| totolink -- a3002ru_devices | In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. | 2020-02-24 | not yet calculated | CVE-2018-13313 MISC MISC |
| valib -- valib | valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks. | 2020-02-28 | not yet calculated | CVE-2019-10805 MISC MISC |
| woocommerce -- woocommerce | An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. | 2020-02-25 | not yet calculated | CVE-2020-8819 MISC MISC MISC MISC EXPLOIT-DB |
| wordpress -- wordpress | Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. | 2020-02-28 | not yet calculated | CVE-2020-9459 MISC MISC |
| wordpress -- wordpress | The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. | 2020-02-28 | not yet calculated | CVE-2020-9466 MISC MISC MISC |
| zte -- e8820v3_router | ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. | 2020-02-27 | not yet calculated | CVE-2020-6864 CONFIRM |
| zte -- e8820v3_router | ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. | 2020-02-27 | not yet calculated | CVE-2020-6863 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.