Vulnerability Summary for the Week of March 9, 2020

Released
Mar 16, 2020
Document ID
SB20-076

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- shardingsphere
 
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.2020-03-117.5CVE-2020-1947
CONFIRM
bookstack -- bookstack
 
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.2020-03-099CVE-2020-5256
MISC
MISC
MISC
CONFIRM
bwa_technology -- direx-pro_devicesBWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.2020-03-0910CVE-2020-10250
MISC
d-link -- dcs-930l_devices
 
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.2020-03-099CVE-2016-11021
MISC
d-link -- dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.2020-03-079CVE-2020-10215
MISC
MISC
d-link -- dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.2020-03-079CVE-2020-10216
MISC
MISC
d-link -- dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.2020-03-079CVE-2020-10213
MISC
MISC
d-link -- dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.2020-03-079CVE-2020-10214
MISC
dell -- digital_delivery
 
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.2020-03-097.2CVE-2020-5342
MISC
dell -- emc_isilon_onefs
 
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.2020-03-0610CVE-2020-5328
MISC
dell -- security_management_server
 
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host./2020-03-069.3CVE-2020-5327
MISC
fat-free_framework -- fat-free_framework 
 
In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method.2020-03-117.5CVE-2020-5203
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.2020-03-107.5CVE-2019-12443
MISC
CONFIRM
gitlab-- gitlab
 
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.2020-03-067.5CVE-2020-8113
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.2020-03-107.5CVE-2019-12428
MISC
CONFIRM
google -- androidIn get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A2020-03-107.2CVE-2020-0011
MISC
google -- android
 
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1431558612020-03-107.8CVE-2020-0039
MISC
google -- android
 
In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1431065352020-03-107.8CVE-2020-0037
MISC
google -- android
 
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-624587702020-03-107.8CVE-2020-0034
MISC
google -- android
 
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1431091932020-03-107.8CVE-2020-0038
MISC
google -- android
 
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1443513242020-03-107.2CVE-2020-0033
MISC
google -- android
 
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A2020-03-107.2CVE-2020-0010
MISC
google -- android
 
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1376488442020-03-107.2CVE-2020-0012
MISC
google -- android
 
In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1446794052020-03-107.2CVE-2020-0036
MISC
google -- android
 
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1453642302020-03-109.3CVE-2020-0032
MISC
google -- android
 
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel2020-03-107.2CVE-2020-0041
MISC
google -- android
 
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS043567542020-03-107.2CVE-2020-0069
MISC
hp -- storage_essentials
 
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.2020-03-1010CVE-2017-10992
MISC
jenkins -- jenkinsJenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.2020-03-099CVE-2020-2159
MLIST
CONFIRM
jenkis -- jenkins
 
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.2020-03-098.5CVE-2020-2139
MLIST
CONFIRM
lexmark -- markvision_exterprise
 
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (2020-03-097.5CVE-2016-6918
MISC
magento -- advanced_newsletter
 
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.2020-03-0910CVE-2014-1634
MISC
palo_alto_networks -- pan-os
 
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.2020-03-117.2CVE-2020-1981
CONFIRM
palo_alto_networks -- pan-os
 
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.2020-03-117.2CVE-2020-1980
CONFIRM
phpgurukul -- job_portal
 
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.2020-03-087.5CVE-2020-10225
MISC
MISC
phpgurukul -- online_book_store
 
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.2020-03-087.5CVE-2020-10224
MISC
MISC
quest -- kace_k1000_systems_management_appliance
 
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.2020-03-097.5CVE-2019-20504
MISC
rconfig -- rconfig
 
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.2020-03-089CVE-2020-10221
MISC
MISC
MISC
rconfig -- rconfig
 
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.2020-03-077.5CVE-2020-10220
MISC
MISC
responsive_filemanager -- responsive_filemanager
 
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728.2020-03-077.5CVE-2020-10212
MISC
ricoh -- multiple_devices
 
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.2020-03-1010CVE-2019-7589
CONFIRM
CERT
sap -- solution_manager
 
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.2020-03-107.5CVE-2020-6198
MISC
MISC
sap -- solution_manager
 
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.2020-03-107.5CVE-2020-6207
MISC
MISC
siemens -- multiple_simatic_devices
 
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.2020-03-107.8CVE-2019-19281
MISC

siemens -- simatic_s7-300_cpu_family_and_sinumerik_840d_sl

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SINUMERIK 840D sl (All versions). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.2020-03-107.8CVE-2019-18336
MISC
siemens -- siprotec_4_and_sprotec_devices
 
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.2020-03-107.8CVE-2019-19279
MISC
sleuth_kit -- sleuth_kit
 
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.2020-03-097.5CVE-2020-10232
MISC
MLIST
substack -- minimist
 
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.2020-03-117.5CVE-2020-7598
MISC
sumavision -- enhanced_multimedia_router
 
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.2020-03-117.5CVE-2020-10181
MISC
MISC
tibco_software -- spotfire_analytics_platform_for_aws_marketplace
 
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.2020-03-119CVE-2020-9408
CONFIRM
CONFIRM
twisted_matrix -- twisted_web
 
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.2020-03-127.5CVE-2020-10108
MISC
MISC
twisted_matrix -- twisted_web
 
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.2020-03-127.5CVE-2020-10109
MISC
MISC
urllib3 -- urllib3
 
The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).2020-03-067.8CVE-2020-7212
MISC
MISC
MISC
wago -- pfc200_devicesAn exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.2020-03-119CVE-2019-5161
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file.2020-03-119.3CVE-2019-5167
MISC
wftpserver -- wing_ftp_server
 
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.2020-03-077.2CVE-2020-8634
MISC
wftpserver -- wing_ftp_server
 
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.2020-03-077.2CVE-2020-8635
MISC
wordpress -- wordpress
 
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.2020-03-107.5CVE-2020-10257
MISC
zoho -- manageengine_desktop_central
 
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.2020-03-117.5CVE-2020-8540
CONFIRM
zoho -- manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.2020-03-0610CVE-2020-10189
MISC
MISC
MISC
CONFIRM
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ansible -- ansible
 
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.2020-03-094.6CVE-2020-1737
CONFIRM
MISC
FEDORA
FEDORA
ansible -- ansible
 
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.2020-03-114.4CVE-2020-1733
CONFIRM
MISC
avast -- antitrack
 
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)2020-03-095.8CVE-2020-8987
CONFIRM
MISC
barracuda -- load_balancer_adc
 
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.2020-03-125.5CVE-2019-5648
MISC
bwa_technology -- direx-pro_devicesBWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.2020-03-095CVE-2020-10249
MISC
bwa_technology -- direx-pro_devicesBWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.2020-03-095CVE-2020-10248
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.2020-03-124.3CVE-2020-10489
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.2020-03-124.3CVE-2020-10483
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.2020-03-124.3CVE-2020-10482
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.2020-03-124.3CVE-2020-10481
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.2020-03-124.3CVE-2020-10480
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.2020-03-124.3CVE-2020-10502
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.2020-03-124.3CVE-2020-10498
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.2020-03-124.3CVE-2020-10500
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.2020-03-124.3CVE-2020-10485
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.2020-03-124.3CVE-2020-10503
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.2020-03-124.3CVE-2020-10504
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.2020-03-124.3CVE-2020-10484
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.2020-03-124.3CVE-2020-10479
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.2020-03-124.3CVE-2020-10499
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.2020-03-124.3CVE-2020-10495
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.2020-03-124.3CVE-2020-10487
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.2020-03-124.3CVE-2020-10490
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.2020-03-124.3CVE-2020-10497
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.2020-03-124.3CVE-2020-10496
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.2020-03-124.3CVE-2020-10494
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.2020-03-124.3CVE-2020-10493
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.2020-03-124.3CVE-2020-10492
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.2020-03-124.3CVE-2020-10491
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.2020-03-124.3CVE-2020-10486
MISC

chadha -- phpkb_standard_multi-language

CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.2020-03-124.3CVE-2020-10488
MISC
chadha -- phpkb_standard_multi-language
 
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).2020-03-124.3CVE-2020-10388
MISC
chadha -- phpkb_standard_multi-language
 
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.2020-03-124CVE-2020-10460
MISC
chadha -- phpkb_standard_multi-language
 
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.2020-03-124CVE-2020-10387
MISC
chadha -- phpkb_standard_multi-language
 
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).2020-03-124CVE-2020-10457
MISC
chadha -- phpkb_standard_multi-language
 
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.2020-03-124CVE-2020-10459
MISC
chadha -- phpkb_standard_multi-language
 
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.2020-03-124.3CVE-2020-10478
MISC
chadha -- phpkb_standard_multi-language
 
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.2020-03-124.3CVE-2020-10461
MISC
chadha -- phpkb_standard_multi-language
 
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.2020-03-125.5CVE-2020-10458
MISC
chadha -- phpkb_standard_multi-language
 
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.2020-03-126.5CVE-2020-10390
MISC

chadha -- phpkb_standard_multi-languagee

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.2020-03-124.3CVE-2020-10501
MISC
citrix -- gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.2020-03-065.8CVE-2020-10112
MISC
MISC
MISC
citrix -- gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.2020-03-065CVE-2020-10111
MISC
MISC
MISC
citrix -- gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.2020-03-065CVE-2020-10110
MISC
MISC
MISC
citrix -- sd-wan_center_and_netscaler_sd-wan_centerCitrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.2020-03-104.3CVE-2019-11345
CONFIRM
ckeditor -- ckeditor
 
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.2020-03-104.3CVE-2020-9440
MISC
ckeditor -- ckeditor
 
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).2020-03-074.3CVE-2020-9281
MISC
dojo -- dojo
 
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.22020-03-105CVE-2020-5258
MISC
CONFIRM
MLIST
dojo -- dojo
 
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.22020-03-105CVE-2020-5259
MISC
CONFIRM
MLIST
eclipse -- theia
 
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.2020-03-105.8CVE-2019-17636
CONFIRM
eset -- archive_support_module
 
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.2020-03-065CVE-2020-10193
MISC
facebook -- thrift
 
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.2020-03-105CVE-2019-11938
MISC
MISC
CONFIRM
facebook -- thrift
 
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.2020-03-105CVE-2019-3553
MISC
MISC
CONFIRM
froxlor -- froxlor
 
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.2020-03-096.5CVE-2020-10235
MISC
MISC
MISC
MISC
gitlab -- enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It has Incorrect Access Control.2020-03-104.3CVE-2019-13010
MISC
CONFIRM
gitlab -- enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.2020-03-104.3CVE-2019-12442
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.2020-03-104.3CVE-2019-12444
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.2020-03-105CVE-2019-12446
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.2020-03-105CVE-2019-12441
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.2020-03-104CVE-2019-13006
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).2020-03-105CVE-2019-13004
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.2020-03-104CVE-2019-13007
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.2020-03-104CVE-2019-12429
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.2020-03-105CVE-2019-13003
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It allows Uncontrolled Resource Consumption.2020-03-104CVE-2019-13009
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.2020-03-104CVE-2019-12432
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.2020-03-105CVE-2019-12433
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.2020-03-104CVE-2019-12431
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.2020-03-106.5CVE-2019-12430
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.2020-03-104CVE-2019-13001
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.2020-03-104CVE-2019-13002
MISC
CONFIRM
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.2020-03-104CVE-2019-12434
MISC
CONFIRM
gitlab -- gitlab_enterprise_and_community_editions
 
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.2020-03-104CVE-2019-13005
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.2020-03-105CVE-2019-13121
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.2020-03-104CVE-2019-13011
MISC
CONFIRM
google -- android
 
In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1427979542020-03-105CVE-2020-0083
MISC
google -- android
 
In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1437898982020-03-104.6CVE-2020-0053
MISC
google -- android
 
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-1406220242020-03-104.9CVE-2020-0035
MISC
google -- android
 
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1455049772020-03-104.9CVE-2020-0061
MISC
google -- android
 
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1432320312020-03-105CVE-2020-0062
MISC
google -- android
 
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1417031972020-03-104.7CVE-2020-0031
MISC
google -- android
 
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1412431012020-03-106.9CVE-2020-0045
MISC
google -- android
 
In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1245213722020-03-104.6CVE-2020-0050
MISC
google -- android
 
In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1384424832020-03-104.4CVE-2020-0051
MISC
google -- android
 
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1466427272020-03-104.6CVE-2020-0054
MISC
google -- android
 
In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1344874382020-03-104.6CVE-2020-0085
MISC
google -- android
 
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1401776942020-03-104.3CVE-2020-0049
MISC
google -- android
 
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-650250772020-03-106.9CVE-2020-0066
MISC
google -- android
 
In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1433397752020-03-104.6CVE-2020-0084
MISC
google -- android
 
In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1431289112020-03-104.4CVE-2020-0063
MISC
google -- android
 
In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1372846522020-03-104.6CVE-2020-0046
MISC
halvotec -- raquest
 
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password.2020-03-095CVE-2019-19614
MISC
MISC
ibm -- spectrum_scale
 
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.2020-03-095CVE-2020-4217
XF
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.2020-03-104.3CVE-2020-10251
MISC
jenkins -- jenkins
 
Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-095CVE-2020-2143
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-095CVE-2020-2150
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.2020-03-094.3CVE-2020-2140
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-095CVE-2020-2155
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.2020-03-095.8CVE-2020-2146
MLIST
CONFIRM
jenkins -- jenkins
 
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.2020-03-096.5CVE-2020-2135
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.2020-03-094CVE-2020-2157
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-03-095.5CVE-2020-2144
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-03-095.5CVE-2020-2138
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.2020-03-094CVE-2020-2148
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.2020-03-094.3CVE-2020-2141
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.2020-03-094.3CVE-2020-2147
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.2020-03-094.3CVE-2020-2152
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-096.5CVE-2020-2158
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.2020-03-094CVE-2020-2156
MLIST
CONFIRM
jenkins -- jenkins
 
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.2020-03-096.5CVE-2020-2134
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.2020-03-094CVE-2020-2142
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.2020-03-094CVE-2020-2153
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-095CVE-2020-2151
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-095CVE-2020-2149
MLIST
CONFIRM
joomla! -- joomla!JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.2020-03-096.5CVE-2015-7340
MISC
joomla! -- joomla!SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.2020-03-096.5CVE-2015-7338
MISC
joomla! -- joomla!
 
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.2020-03-096.5CVE-2015-7341
MISC
joomla! -- joomla!
 
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.2020-03-096.5CVE-2015-7339
MISC
joomla! -- joomla!
 
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.2020-03-096.5CVE-2015-7342
MISC
lexmark -- markvision_enterprises
 
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.2020-03-096.8CVE-2016-1487
MISC
lexmark -- multiple_devices
 
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.2020-03-095CVE-2011-3269
MISC
lexmark -- multiple_devices
 
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.2020-03-095CVE-2011-4538
MISC
livezilla -- live_chat
 
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.2020-03-094.3CVE-2020-9758
MISC
mahara -- mahara
 
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.2020-03-094CVE-2020-9282
MISC
CONFIRM
mahara -- mahara
 
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.2020-03-094CVE-2020-9386
MISC
CONFIRM
metasys -- multiple_products
 
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.2020-03-106.4CVE-2020-9044
CONFIRM
CERT
micro_focus -- service_manager_release_control
 
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.2020-03-094.9CVE-2020-9517
CONFIRM
microsoft -- application_inspector
 
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.2020-03-126.8CVE-2020-0872
MISC
microsoft -- windows_10_and_windows_serverAn information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.2020-03-125CVE-2020-0876
MISC
misp -- misp
 
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.2020-03-094.3CVE-2020-10247
MISC
misp -- misp
 
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.2020-03-094.3CVE-2020-10246
MISC
monstra -- monstra_cms
 
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.2020-03-074CVE-2020-8439
MISC
MISC
moxa -- multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.2020-03-115CVE-2019-9101
CONFIRM
MISC
moxa -- multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.2020-03-115CVE-2019-9095
CONFIRM
MISC
moxa -- multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.2020-03-116.8CVE-2019-9102
CONFIRM
MISC
moxa -- multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization.2020-03-115CVE-2019-9103
CONFIRM
MISC
moxa -- multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.2020-03-115CVE-2019-9104
CONFIRM
MISC
munkireport -- munkireport
 
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php.2020-03-094.3CVE-2020-10192
MISC
MISC
munkireport -- munkireport
 
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.2020-03-096.5CVE-2020-10190
MISC
MISC
nethack -- nethack
 
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.2020-03-104.6CVE-2020-5253
MISC
CONFIRM
nethack -- nethack
 
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.2020-03-104.6CVE-2020-5254
CONFIRM
networkmanager -- networkmanager
 
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.2020-03-104.9CVE-2012-1096
MISC
MISC
MISC
MISC
MISC
MISC
nitro_software -- nitro_pro
 
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.2020-03-085.8CVE-2020-10223
MISC
MISC
nitro_software -- nitro_pro
 
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.2020-03-085.8CVE-2020-10222
MISC
MISC
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.2020-03-114.4CVE-2020-5958
N/A
openshift -- enterprise
 
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.2020-03-094.4CVE-2020-1706
CONFIRM
otrs -- open_ticket_request_system
 
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.2020-03-104CVE-2019-13457
CONFIRM
MISC
palo_alto_networks -- pan-os
 
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions.2020-03-114.6CVE-2020-1979
CONFIRM
paseto_toolkit -- jpaseto
 
JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.2020-03-095CVE-2020-10244
CONFIRM
phpbb -- phpbb
 
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.2020-03-114.3CVE-2019-16107
MISC
CONFIRM
python -- python
 
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.2020-03-115CVE-2013-1753
CONFIRM
qemu -- qemu
 
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.2020-03-104.6CVE-2019-15034
MISC
red_hat -- jboss_as
 
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.2020-03-105CVE-2012-1094
MISC
MISC
sap -- business_objects_business_intelligence_platform
 
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.2020-03-104.6CVE-2020-6208
MISC
MISC
MISC
sap -- businessobjects_mobile
 
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.2020-03-105CVE-2020-6196
MISC
MISC
sap -- cloud_platform_integration_for_data_services
 
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery.2020-03-104.3CVE-2020-6206
MISC
MISC
sap -- commerce
 
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.2020-03-104.3CVE-2020-6201
MISC
MISC
sap -- disclosure_management
 
SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check.2020-03-106.5CVE-2020-6209
MISC
MISC
sap -- enable_now
 
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.2020-03-105.5CVE-2020-6178
MISC
MISC
sap -- fiori_launchpad
 
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability.2020-03-104.3CVE-2020-6210
MISC
MISC
sap -- multiple_products
 
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.2020-03-105.5CVE-2020-6199
MISC
MISC
sap -- netweaver_application
 
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.2020-03-094CVE-2015-7968
MISC
sap -- netweaver_application_server_java
 
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.2020-03-106.5CVE-2020-6202
MISC
MISC
sap -- netweaver_as_abap_business_server_pages
 
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.2020-03-104.3CVE-2020-6205
MISC
MISC
sap -- netweaver_uddi_server
 
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.2020-03-106.4CVE-2020-6203
MISC
MISC
sap -- treasury_and_risk_management
 
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.2020-03-104CVE-2020-6204
MISC
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.2020-03-104CVE-2019-19290
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.2020-03-104CVE-2019-19295
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.2020-03-104.9CVE-2019-19296
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.2020-03-105CVE-2019-19299
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.2020-03-106.5CVE-2019-19292
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats.2020-03-105CVE-2019-19298
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.2020-03-104.3CVE-2019-19293
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.2020-03-105CVE-2019-19297
MISC
siemens -- siport_mp
 
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.2020-03-105.5CVE-2019-19277
MISC
siemens -- spectrum_power_5
 
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).2020-03-104.3CVE-2020-7579
MISC
sleuthkit -- sleuthkit
 
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.2020-03-096.4CVE-2020-10233
MISC
twisted -- twisted
 
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.2020-03-115CVE-2016-1000111
CONFIRM
CONFIRM
CONFIRM
MISC
usrsctp -- usrsctp
 
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.2020-03-064.3CVE-2019-20503
SUSE
MISC
MISC
MLIST
GENTOO
GENTOO
DEBIAN
utilitify -- utilitify
 
utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.2020-03-116.5CVE-2019-10808
MISC
MISC
vega-util -- vega-util
 
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.2020-03-094CVE-2019-10806
MISC
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system().2020-03-116.8CVE-2019-5168
MISC
wago -- e!cockpit
 
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.2020-03-115CVE-2019-5107
MISC
wago -- pfc100_and_pfc2000_devices
 
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).2020-03-115CVE-2019-5149
MISC
wago -- pfc200_devices
 
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.2020-03-116.5CVE-2019-5160
MISC
western_digital -- multiple_sandisk_devices
 
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.2020-03-106.3CVE-2019-10706
MISC
MISC
MISC
western_digital -- sandisk_x600_devices
 
Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.2020-03-104.3CVE-2019-10705
MISC
MISC
MISC

wftpserver -- wing_ftp_server

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.2020-03-076.9CVE-2020-9470
MISC
wordpress -- wordpress
 
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.2020-03-125.5CVE-2020-8435
MISC
MISC
MISC
wordpress -- wordpress
 
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.2020-03-124.3CVE-2020-8436
MISC
MISC
MISC
xiaomi -- mi_user_interface_operating_system
 
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122.2020-03-064.3CVE-2020-9531
MISC
MISC
MISC
xiaomi -- mi_user_interface_operating_system
 
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54.2020-03-064.3CVE-2020-9530
MISC
MISC
zoho -- password_manager_pro
 
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.2020-03-094CVE-2016-1159
MISC
MISC
CONFIRM
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10405
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10468
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10410
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10409
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10408
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10407
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10466
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10454
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10439
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10465
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10412
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10430
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10437
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10443
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10436
MISC

chadha -- phpkb_standard_multi-language

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10393
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10395
MISC

chadha -- phpkb_standard_multi-language

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10394
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10411
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10476
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10413
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10402
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10414
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10470
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10422
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10472
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10473
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10474
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10396
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10477
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10450
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10403
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10417
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10415
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10416
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10419
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10456
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10467
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10404
MISC
chadha -- phpkb_standard_multi-languageThe way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10418
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10425
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10444
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10451
MISC
chadha -- phpkb_standard_multi-language
 
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10464
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10449
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10447
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10446
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10448
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10421
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10399
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10453
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10397
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10452
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10391
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10400
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10401
MISC
chadha -- phpkb_standard_multi-language
 
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10469
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10423
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10398
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10424
MISC
chadha -- phpkb_standard_multi-language
 
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10463
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10440
MISC
chadha -- phpkb_standard_multi-language
 
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-123.5CVE-2020-10471
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10441
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10406
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10426
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10427
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10429
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10420
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10431
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10428
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10432
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10433
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10435
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10442
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10445
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10438
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10455
MISC
chadha -- phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10434
MISC
chadha -- phpkb_standard_multi-language
 
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.2020-03-123.5CVE-2020-10462
MISC

chadha -- phpkb_standard_multi-language  

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.2020-03-123.5CVE-2020-10392
MISC
froxlor -- froxlor
 
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.2020-03-092.1CVE-2020-10237
MISC
froxlor -- froxlor
 
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.2020-03-093.6CVE-2020-10236
MISC
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.2020-03-103.5CVE-2019-12445
MISC
CONFIRM
google -- android
 
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1416202712020-03-102.1CVE-2020-0057
MISC
google -- android
 
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1279890442020-03-101.9CVE-2020-0087
MISC
google -- android
 
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1400658282020-03-102.1CVE-2020-0029
MISC
google -- android
 
In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1371024792020-03-101.9CVE-2020-0052
MISC
google -- android
 
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1417450112020-03-102.1CVE-2020-0058
MISC
google -- android
 
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425435242020-03-102.1CVE-2020-0059
MISC
google -- android
 
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1416223112020-03-102.1CVE-2020-0047
MISC
google -- android
 
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1416196862020-03-102.1CVE-2020-0056
MISC
google -- android
 
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1394171892020-03-102.1CVE-2020-0048
MISC
google -- android
 
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1376502192020-03-102.1CVE-2020-0044
MISC
google -- android
 
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1376502182020-03-102.1CVE-2020-0043
MISC
google -- android
 
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1376495992020-03-102.1CVE-2020-0042
MISC
google -- android
 
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1416176012020-03-102.1CVE-2020-0055
MISC
google -- android
 
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1432298452020-03-102.1CVE-2020-0060
MISC
hcl -- connections
 
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2020-03-093.5CVE-2020-4084
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.2020-03-103.5CVE-2020-4162
XF
CONFIRM
ibm -- tivoli_workload_scheduler
 
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.2020-03-103.5CVE-2019-4608
XF
CONFIRM
jenkins -- jenkins
 
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.2020-03-093.5CVE-2020-2136
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.2020-03-093.5CVE-2020-2137
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.2020-03-092.1CVE-2020-2154
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.2020-03-092.1CVE-2020-2145
MLIST
CONFIRM
joomla! -- joomla!
 
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.2020-03-093.5CVE-2015-7343
MISC
joomla! -- joomla!
 
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].2020-03-093.5CVE-2015-7344
MISC
lexmark -- multiple_devices
 
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.2020-03-063.5CVE-2019-19772
CONFIRM
lexmark -- multiple_devices
 
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.2020-03-063.5CVE-2019-19773
CONFIRM
munkireport -- munkireport
 
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.2020-03-093.5CVE-2020-10191
MISC
MISC
ramp -- altitudecdn_altimeter
 
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.2020-03-103.5CVE-2020-10372
MISC
sap -- commerce
 
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.2020-03-103.5CVE-2020-6200
MISC
MISC
sap -- enable_now
 
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.2020-03-102.1CVE-2020-6197
MISC
MISC
siemens -- sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.2020-03-103.5CVE-2019-19291
MISC
siemens -- sinvr_3_central_control_server_and_video_serverN/A
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.2020-03-103.5CVE-2019-19294
MISC
wago -- pfc200_devies
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.2020-03-122.1CVE-2019-5177
MISC
western_digital -- sandisk _devices
 
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.2020-03-102.1CVE-2019-11686
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abacus -- oauth_login
 
oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message.2020-03-11not yet calculatedCVE-2019-19381
MISC
MISC
administrate_gem_for_ruby_on_rails -- administrate_gem_for_ruby_on_rails
 
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.2020-03-13not yet calculatedCVE-2020-5257
MISC
CONFIRM
ansible -- ansible
 
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.2020-03-12not yet calculatedCVE-2020-1739
CONFIRM
MISC
FEDORA
FEDORA
anttix_linux_and_mx_linux -- anttix_linux_and_mx_linuxantiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.2020-03-14not yet calculatedCVE-2020-10587
MISC
MISC
apache -- commons_configuration
 
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.2020-03-13not yet calculatedCVE-2020-1953
MISC
MLIST
beckhoff -- bk9000_devices
 
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.2020-03-12not yet calculatedCVE-2020-9464
MISC
bitcoin -- bitcoind_and_bitcoin-qtbitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.2020-03-12not yet calculatedCVE-2015-3641
MISC
bitcoin -- bitcoind_and_bitcoin-qtbitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.2020-03-12not yet calculatedCVE-2017-18350
MISC
MISC
bitcoin -- bitcoind_and_bitcoin-qtbitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.2020-03-12not yet calculatedCVE-2018-20586
MISC
blamer -- blamer
 
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.2020-03-11not yet calculatedCVE-2019-10807
MISC
MISC
brother -- multiple_printersSome Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.2020-03-13not yet calculatedCVE-2019-13194
MISC
MISC
MISC
brother -- multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13193
MISC
MISC
MISC
brother -- multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13192
MISC
MISC
MISC
chadha -- phpkb_standard_multi-languageadmin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.2020-03-12not yet calculatedCVE-2020-10386
MISC
chadha -- phpkb_standard_multi-languageReflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.2020-03-12not yet calculatedCVE-2020-10475
MISC
chadha -- phpkb_standard_multi-language
 
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.2020-03-12not yet calculatedCVE-2020-10389
MISC
dell -- emc_xtremio_xms_devicesDell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.2020-03-13not yet calculatedCVE-2019-18576
MISC
dell -- emc_xtremio_xms_devices
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.2020-03-13not yet calculatedCVE-2019-18578
MISC
dell -- emc_xtremio_xms_devices
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.2020-03-13not yet calculatedCVE-2019-18577
MISC
dell -- wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.2020-03-13not yet calculatedCVE-2019-3769
MISC
dell -- wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.2020-03-13not yet calculatedCVE-2019-3770
MISC
devome -- grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query.2020-03-13not yet calculatedCVE-2020-10563
MISC
MISC
devome -- grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.2020-03-13not yet calculatedCVE-2020-10562
MISC
MISC
fortinet -- fortiadc
 
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.2020-03-13not yet calculatedCVE-2019-6699
CONFIRM
fortinet -- fortisiem
 
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.2020-03-12not yet calculatedCVE-2019-17653
CONFIRM
fortinet -- fortisolator
 
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).2020-03-12not yet calculatedCVE-2020-6643
CONFIRM
fortinet -- fortitray
 
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.2020-03-12not yet calculatedCVE-2019-17658
CONFIRM
fortinet -- fortiweb
 
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.2020-03-13not yet calculatedCVE-2019-16157
CONFIRM
fortinet -- fortiweb
 
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).2020-03-12not yet calculatedCVE-2019-16156
CONFIRM
freebsd -- bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.2020-03-14not yet calculatedCVE-2020-10565
MISC
freebsd -- bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.2020-03-14not yet calculatedCVE-2020-10566
MISC
freedesktop -- systemdsystemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).2020-03-11not yet calculatedCVE-2012-1101
MISC
MISC
MISC
CONFIRM
gitlab -- gitlabGitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.2020-03-13not yet calculatedCVE-2020-10082
MISC
CONFIRM
gitlab -- gitlabGitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.2020-03-13not yet calculatedCVE-2020-10092
MISC
CONFIRM
gitlab -- gitlabGitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.2020-03-13not yet calculatedCVE-2020-10076
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.2020-03-13not yet calculatedCVE-2020-10080
MISC
CONFIRM
gitlab -- gitlab
 
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.2020-03-13not yet calculatedCVE-2020-10087
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.2020-03-13not yet calculatedCVE-2020-10088
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,2020-03-13not yet calculatedCVE-2020-10089
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.2020-03-13not yet calculatedCVE-2020-10090
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.2020-03-13not yet calculatedCVE-2020-10083
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.2020-03-13not yet calculatedCVE-2020-10091
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.2020-03-13not yet calculatedCVE-2020-10079
MISC
CONFIRM
gitlab -- gitlab
 
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.2020-03-13not yet calculatedCVE-2020-10081
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.2020-03-13not yet calculatedCVE-2020-10086
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.2020-03-13not yet calculatedCVE-2020-10085
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.2020-03-13not yet calculatedCVE-2020-10078
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.2020-03-12not yet calculatedCVE-2020-10535
MISC
gitlab -- gitlab
 
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.2020-03-13not yet calculatedCVE-2020-10075
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.2020-03-13not yet calculatedCVE-2020-10074
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.2020-03-13not yet calculatedCVE-2020-10077
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace2020-03-13not yet calculatedCVE-2020-10084
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.2020-03-13not yet calculatedCVE-2020-10073
MISC
CONFIRM
halvotec -- raquest
 
An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user.2020-03-13not yet calculatedCVE-2019-19611
MISC
hotels.com -- styxHotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.2020-03-12not yet calculatedCVE-2020-6858
MISC
MISC
huawei -- honor_v30_smartphone
 
Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.2020-03-12not yet calculatedCVE-2020-9064
CONFIRM
huawei -- usg6000v_virtual_service_gateway
 
Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.2020-03-12not yet calculatedCVE-2020-1863
CONFIRM
intel -- bluez
 
Improper access control in subsystem for BlueZ before version 5.53 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access.2020-03-12not yet calculatedCVE-2020-0556
CONFIRM
intel -- fpga_programmable_acceleration_card_n3000
 
Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.2020-03-12not yet calculatedCVE-2019-14626
CONFIRM
intel -- fpga_programmable_acceleration_card_n3000
 
Improper access control in on-card storage for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable denial of service via local access.2020-03-12not yet calculatedCVE-2019-14625
CONFIRM

intel -- graphics_drivers

Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.2020-03-12not yet calculatedCVE-2020-0565
CONFIRM
intel -- graphics_drivers
 
Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.2020-03-12not yet calculatedCVE-2020-0501
CONFIRM
intel -- graphics_drivers
 
Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.2020-03-12not yet calculatedCVE-2020-0507
CONFIRM
intel -- graphics_drivers
 
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.2020-03-12not yet calculatedCVE-2020-0508
CONFIRM
intel -- graphics_drivers
 
Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.2020-03-12not yet calculatedCVE-2020-0511
CONFIRM
intel -- graphics_drivers
 
Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.2020-03-12not yet calculatedCVE-2020-0506
CONFIRM
intel -- graphics_drivers
 
Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local2020-03-12not yet calculatedCVE-2020-0505
CONFIRM
intel -- graphics_drivers
 
Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable a denial of service via local access.2020-03-12not yet calculatedCVE-2020-0504
CONFIRM
intel -- graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.2020-03-12not yet calculatedCVE-2020-0516
CONFIRM
intel -- graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.2020-03-12not yet calculatedCVE-2020-0503
CONFIRM
intel -- graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.2020-03-12not yet calculatedCVE-2020-0502
CONFIRM
intel -- graphics_drivers
 
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.2020-03-12not yet calculatedCVE-2020-0514
CONFIRM
intel -- graphics_drivers
 
Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access2020-03-12not yet calculatedCVE-2020-0515
CONFIRM
intel -- graphics_drivers
 
Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.2020-03-12not yet calculatedCVE-2020-0519
CONFIRM
intel -- graphics_drivers
 
Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.2020-03-12not yet calculatedCVE-2020-0517
CONFIRM
intel -- graphics_drivers
 
Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.2020-03-12not yet calculatedCVE-2020-0520
CONFIRM
intel -- graphics_drivers
 
Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.2020-03-12not yet calculatedCVE-2020-0567
CONFIRM
intel -- max_10_fpga
 
Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable information disclosure via physical access.2020-03-12not yet calculatedCVE-2020-0574
CONFIRM
intel -- multiple_processors
 
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html2020-03-12not yet calculatedCVE-2020-0551
CONFIRM
intel -- multiple_processors
 
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html2020-03-12not yet calculatedCVE-2020-0550
CONFIRM
intel -- nuc
 
Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html2020-03-12not yet calculatedCVE-2020-0526
CONFIRM
intel -- nuc
 
Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html2020-03-12not yet calculatedCVE-2020-0530
CONFIRM

intel -- optane_dc_persistent_memory_module_management_software

Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.2020-03-12not yet calculatedCVE-2020-0546
CONFIRM
intel -- smart_sound_technology
 
Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel® Smart Sound Technology before versions: 10th Generation Intel® Core™ i7 Processors, version 3431 and 8th Generation Intel® Core™ Processors, version 3349.2020-03-12not yet calculatedCVE-2020-0583
CONFIRM
invision_power_services -- invision_power_boardInvision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.2020-03-13not yet calculatedCVE-2009-5159
MISC
MISC
MISC
MISC
kde -- applicationsmessagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.2020-03-12not yet calculatedCVE-2018-19516
MISC
kyocera -- ecosys_m5526cdw_printersSome Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13202
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13197
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.2020-03-13not yet calculatedCVE-2019-13199
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13206
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13201
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-13not yet calculatedCVE-2019-13200
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.2020-03-13not yet calculatedCVE-2019-13195
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-13not yet calculatedCVE-2019-13198
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13196
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13203
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13204
MISC
kyocera -- ecosys_m5526cdw_printers
 
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.2020-03-13not yet calculatedCVE-2019-13205
MISC
lag_digital -- wagtail-2faIn wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1.2020-03-13not yet calculatedCVE-2020-5240
MISC
CONFIRM
lenovo -- xclarity_administrator
 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.2020-03-13not yet calculatedCVE-2019-19756
CONFIRM
lexmark -- multiple_devices
 
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.2020-03-10not yet calculatedCVE-2018-18894
MISC
CONFIRM
mcafee -- advanced_threat_defensePrivilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.2020-03-12not yet calculatedCVE-2020-7254
CONFIRM
mcafee -- mcafee_agent
 
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.2020-03-12not yet calculatedCVE-2020-7253
CONFIRM
mediawiki -- mediawikiIn the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.2020-03-12not yet calculatedCVE-2020-10534
MISC
MISC
meetecho -- janusAn issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.2020-03-14not yet calculatedCVE-2020-10573
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.2020-03-14not yet calculatedCVE-2020-10574
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.2020-03-14not yet calculatedCVE-2020-10575
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.2020-03-14not yet calculatedCVE-2020-10576
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.2020-03-14not yet calculatedCVE-2020-10577
MISC

microsoft -- azure_devop_server_2019_and_team_foundation_server_2017_and_2018

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.2020-03-12not yet calculatedCVE-2020-0700
MISC

microsoft -- azure_devop_server_2019_and_team_foundation_server_2017_and_2018

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.2020-03-12not yet calculatedCVE-2020-0758
MISC
microsoft -- azure_devops_server_2019An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.2020-03-12not yet calculatedCVE-2020-0815
MISC

microsoft -- business_productivity_servers_and_sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.2020-03-12not yet calculatedCVE-2020-0795
MISC

microsoft -- chakracore_and_internet_explorer_11_and_microsoft_edge

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0768
MISC
microsoft -- chakracore_and_microsoft_edgeA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0823
MISC
microsoft -- chakracore_and_microsoft_edgeA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.2020-03-12not yet calculatedCVE-2020-0848
MISC
microsoft -- chakracore_and_microsoft_edgeAn information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0813
MISC
microsoft -- chakracore_and_microsoft_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.2020-03-12not yet calculatedCVE-2020-0812
MISC
microsoft -- chakracore_and_microsoft_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.2020-03-12not yet calculatedCVE-2020-0811
MISC
microsoft -- chakracore_and_microsoft_edgeA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0826
MISC
microsoft -- chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0827
MISC
microsoft -- chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0828
MISC
microsoft -- chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0829
MISC
microsoft -- chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0825
MISC
microsoft -- chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0831
MISC

microsoft -- chakracore_and_microsoft_edge_and_internet_explorer_11

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0830
MISC
microsoft -- exchange_server_2016_and_2019
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.2020-03-12not yet calculatedCVE-2020-0903
MISC
microsoft -- internet_explorer_11
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.2020-03-12not yet calculatedCVE-2020-0824
MISC
microsoft -- internet_explorer_11
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0833
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.2020-03-12not yet calculatedCVE-2020-0847
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.2020-03-12not yet calculatedCVE-2020-0832
MISC
microsoft -- microsoft_edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.2020-03-12not yet calculatedCVE-2020-0816
MISC
microsoft -- multiple_productsAn remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.2020-03-12not yet calculatedCVE-2020-0905
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.2020-03-12not yet calculatedCVE-2020-0892
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.2020-03-12not yet calculatedCVE-2020-0852
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0853
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0861
MISC
microsoft -- multiple_productsAn elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773.2020-03-12not yet calculatedCVE-2020-0860
MISC
microsoft -- multiple_productsAn information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0859
MISC
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0857
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.2020-03-12not yet calculatedCVE-2020-0850
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0776.2020-03-12not yet calculatedCVE-2020-0858
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849.2020-03-12not yet calculatedCVE-2020-0896
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0793
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0810
MISC
microsoft -- multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.2020-03-12not yet calculatedCVE-2020-0894
MISC
microsoft -- multiple_sharepoint_products
 
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.2020-03-12not yet calculatedCVE-2020-0891
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0797
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0799
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898.2020-03-12not yet calculatedCVE-2020-0791
MISC

microsoft -- multiple_windows_products

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.2020-03-12not yet calculatedCVE-2020-0814
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772.2020-03-12not yet calculatedCVE-2020-0806
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887.2020-03-12not yet calculatedCVE-2020-0788
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845.2020-03-12not yet calculatedCVE-2020-0804
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860.2020-03-12not yet calculatedCVE-2020-0773
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0864
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.2020-03-12not yet calculatedCVE-2020-0779
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.2020-03-12not yet calculatedCVE-2020-0778
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882.2020-03-12not yet calculatedCVE-2020-0879
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0858.2020-03-12not yet calculatedCVE-2020-0776
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0775
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0780
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.2020-03-12not yet calculatedCVE-2020-0774
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771.2020-03-12not yet calculatedCVE-2020-0769
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0819
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0785
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804.2020-03-12not yet calculatedCVE-2020-0845
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0690
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0820
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0769.2020-03-12not yet calculatedCVE-2020-0771
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0885
MISC

microsoft -- multiple_windows_products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877.2020-03-12not yet calculatedCVE-2020-0887
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0822
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.2020-03-12not yet calculatedCVE-2020-0684
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783.2020-03-12not yet calculatedCVE-2020-0781
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896.2020-03-12not yet calculatedCVE-2020-0840
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896.2020-03-12not yet calculatedCVE-2020-0841
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843.2020-03-12not yet calculatedCVE-2020-0842
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842.2020-03-12not yet calculatedCVE-2020-0843
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0844
MISC
microsoft -- multiple_windows_productsA tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.2020-03-12not yet calculatedCVE-2020-0645
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0787
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845.2020-03-12not yet calculatedCVE-2020-0803
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860.2020-03-12not yet calculatedCVE-2020-0770
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781.2020-03-12not yet calculatedCVE-2020-0783
MISC
microsoft -- multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869.2020-03-12not yet calculatedCVE-2020-0809
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.2020-03-12not yet calculatedCVE-2020-0798
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.2020-03-12not yet calculatedCVE-2020-0802
MISC
microsoft -- multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869.2020-03-12not yet calculatedCVE-2020-0801
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0834
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896.2020-03-12not yet calculatedCVE-2020-0849
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0800
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806.2020-03-12not yet calculatedCVE-2020-0772
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0777
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882.2020-03-12not yet calculatedCVE-2020-0880
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0871
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887.2020-03-12not yet calculatedCVE-2020-0877
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.2020-03-12not yet calculatedCVE-2020-0874
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866.2020-03-12not yet calculatedCVE-2020-0897
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880.2020-03-12not yet calculatedCVE-2020-0882
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868.2020-03-12not yet calculatedCVE-2020-0867
MISC
microsoft -- multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809.2020-03-12not yet calculatedCVE-2020-0869
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867.2020-03-12not yet calculatedCVE-2020-0868
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0866
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897.2020-03-12not yet calculatedCVE-2020-0865
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.2020-03-12not yet calculatedCVE-2020-0883
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883.2020-03-12not yet calculatedCVE-2020-0881
MISC
microsoft -- office_2016_and_2019_and_office_365_proplus
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.2020-03-12not yet calculatedCVE-2020-0851
MISC

microsoft -- office_2019_for_mac_and_office_365_proplus

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0892.2020-03-12not yet calculatedCVE-2020-0855
MISC
microsoft -- remote_desktop_connection_manager
 
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0765
MISC
microsoft -- service_fabricAn elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'.2020-03-12not yet calculatedCVE-2020-0902
MISC

microsoft -- sharepoint_enterprise_server_2013_and_2016_and_sharepointserver_2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0894.2020-03-12not yet calculatedCVE-2020-0893
MISC
microsoft -- visual_studio_2017_and_2019A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.2020-03-12not yet calculatedCVE-2020-0884
MISC
microsoft -- visual_studio_2019A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.2020-03-12not yet calculatedCVE-2020-0789
MISC
microsoft -- windows_10_and_windows_serverAn information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.2020-03-12not yet calculatedCVE-2020-0863
MISC
microsoft -- windows_10_and_windows_serverAn elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0763.2020-03-12not yet calculatedCVE-2020-0762
MISC
microsoft -- windows_10_and_windows_server_2016
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0791.2020-03-12not yet calculatedCVE-2020-0898
MISC
microsoft -- windows_10_and_windows_server_2016
 
A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.2020-03-12not yet calculatedCVE-2020-0786
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0854
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0762.2020-03-12not yet calculatedCVE-2020-0763
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869.2020-03-12not yet calculatedCVE-2020-0807
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'.2020-03-12not yet calculatedCVE-2020-0808
MISC
micrsoft -- windows_10_and_windows_server
 
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.2020-03-12not yet calculatedCVE-2020-0796
MISC
MISC
MISC
moxa -- mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.2020-03-11not yet calculatedCVE-2019-9096
CONFIRM
MISC
moxa -- mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).2020-03-11not yet calculatedCVE-2019-9099
CONFIRM
MISC
moxa -- mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.2020-03-11not yet calculatedCVE-2019-9097
CONFIRM
MISC
moxa -- mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.2020-03-11not yet calculatedCVE-2019-9098
CONFIRM
MISC

multiple_vendors -- multiple_dynamic_random_access_memory_chips

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.2020-03-10not yet calculatedCVE-2020-10255
MISC
MISC
MISC
MISC
MISC
MISC
multiple_vendors -- multiple_products
 
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.2020-03-11not yet calculatedCVE-2011-2487
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
netapp -- storagegride
 
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).2020-03-13not yet calculatedCVE-2020-8571
CONFIRM
netgear -- cg3700b_voo_deviceThe Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.2020-03-13not yet calculatedCVE-2019-13393
MISC
netgear -- cg3700b_voo_deviceThe Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.2020-03-13not yet calculatedCVE-2019-13394
MISC
netgear -- cg3700b_voo_deviceThe Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.2020-03-13not yet calculatedCVE-2019-13395
MISC
nvidia -- vgpu_graphics_driverNVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.2020-03-12not yet calculatedCVE-2020-5961
N/A
nvidia -- virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.2020-03-12not yet calculatedCVE-2020-5960
N/A
nvidia -- virtual_gpu_manager
 
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.2020-03-12not yet calculatedCVE-2020-5959
N/A
openstack -- manila
 
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.2020-03-12not yet calculatedCVE-2020-9543
MLIST
MISC
CONFIRM
opera_software -- opera_for_android
 
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.2020-03-12not yet calculatedCVE-2019-12278
MISC
MISC
osquery -- osqueryIncorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.2020-03-13not yet calculatedCVE-2020-1887
CONFIRM
CONFIRM
otrs -- open_ticket_request_systemAn issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.2020-03-10not yet calculatedCVE-2019-10065
MISC
CONFIRM
phoenix_contact -- multiple_tc_products
 
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.2020-03-12not yet calculatedCVE-2020-9436
MISC
FULLDISC
MISC
MISC
phoenix_contact -- multiple_tc_products
 
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.2020-03-12not yet calculatedCVE-2020-9435
MISC
FULLDISC
MISC
MISC
poly -- hdx_series_devices
 
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.2020-03-12not yet calculatedCVE-2019-11355
MISC
primetek -- primefaces
 
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.2020-03-13not yet calculatedCVE-2020-10544
MISC
psd-tools -- psd-tools
 
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.2020-03-14not yet calculatedCVE-2020-10571
MISC
MISC
puppet -- puppet_server_and_puppetdb
 
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects Puppet Enterprise 2018.1.x stream prior to 2018.1.13, and prior to 2019.4.0; Puppet Server prior to 6.9.1, and prior to 5.3.12; PuppetDB prior to 6.9.1, and prior to 5.2.13.2020-03-11not yet calculatedCVE-2020-7943
CONFIRM
qcms -- qcmsAn arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.2020-03-14not yet calculatedCVE-2020-10578
MISC
querymen -- querymen
 
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.2020-03-12not yet calculatedCVE-2020-7600
MISC
MISC
responsive_filemanager -- responsive_filemanager
 
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)2020-03-14not yet calculatedCVE-2020-10567
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.2020-03-13not yet calculatedCVE-2019-14299
MISC
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.2020-03-13not yet calculatedCVE-2019-14309
MISC
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.2020-03-13not yet calculatedCVE-2019-14303
MISC
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets2020-03-13not yet calculatedCVE-2019-14310
MISC
MISC
safescan -- timemoto
 
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.2020-03-13not yet calculatedCVE-2019-12182
MISC
MISC
MISC
MISC
sapplica -- sentrifugo
 
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.2020-03-13not yet calculatedCVE-2020-10218
MISC
EXPLOIT-DB
siemens -- multiple_productsA vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.2020-03-10not yet calculatedCVE-2019-19282
MISC
siemens -- s_600_series_devices
 
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.2020-03-10not yet calculatedCVE-2019-6585
MISC
technicolor -- tc7337net_devices
 
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.2020-03-11not yet calculatedCVE-2020-10376
MISC
torpeodquery -- torpeodquery
 
Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.2020-03-12not yet calculatedCVE-2019-11343
MISC
MISC
trendmicro -- password_manager_for_windows
 
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.2020-03-12not yet calculatedCVE-2020-8469
N/A

unicode -- international_components_for_unicode_for_c/c++

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.2020-03-12not yet calculatedCVE-2020-10531
REDHAT
MISC
MISC
MISC
MISC
MISC
GENTOO
MISC
untis -- webuntis
 
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.2020-03-13not yet calculatedCVE-2020-10540
MISC
vesta -- vesta_control_panel
 
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: "escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument." It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places.2020-03-10not yet calculatedCVE-2019-9859
MISC
wago -- e!cockpit
 
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.2020-03-11not yet calculatedCVE-2019-5106
MISC
wago -- e!cockpit
 
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.2020-03-11not yet calculatedCVE-2019-5158
MISC
wago -- e!cockpit
 
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.2020-03-11not yet calculatedCVE-2019-5159
MISC
wago -- pfc100_and_pfc200_devices
 
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).2020-03-11not yet calculatedCVE-2019-5135
MISC
wago -- pfc200_devicesAn exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system().2020-03-11not yet calculatedCVE-2019-5174
MISC
wago -- pfc200_devicesAn exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system().2020-03-11not yet calculatedCVE-2019-5173
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system().2020-03-12not yet calculatedCVE-2019-5170
MISC
wago -- pfc200_devices
 
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.2020-03-11not yet calculatedCVE-2019-5134
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=<contents of type node> using sprintf(). This command is later executed via a call to system().2020-03-11not yet calculatedCVE-2019-5175
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.2020-03-11not yet calculatedCVE-2019-5156
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.2020-03-11not yet calculatedCVE-2019-5157
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.2020-03-11not yet calculatedCVE-2019-5166
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=<contents of gateway node> using sprintf(). This command is later executed via a call to system().2020-03-12not yet calculatedCVE-2019-5169
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().2020-03-12not yet calculatedCVE-2019-5171
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.2020-03-12not yet calculatedCVE-2019-5181
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file.2020-03-11not yet calculatedCVE-2019-5172
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.2020-03-12not yet calculatedCVE-2019-5176
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.2020-03-12not yet calculatedCVE-2019-5179
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash.2020-03-12not yet calculatedCVE-2019-5178
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash.2020-03-12not yet calculatedCVE-2019-5180
MISC
wago -- pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.2020-03-11not yet calculatedCVE-2019-5182
MISC
wago -- pfc200_devices
 
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)2020-03-11not yet calculatedCVE-2019-5155
MISC
watchguard -- firewareThe AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.2020-03-12not yet calculatedCVE-2020-10532
MISC
MISC
wordpress -- wordpresscontrollers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.2020-03-10not yet calculatedCVE-2018-14502
MISC
MISC
wordpress -- wordpressThe sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.2020-03-14not yet calculatedCVE-2020-10568
MISC
MISC
wordpress -- wordpressThe popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.2020-03-13not yet calculatedCVE-2020-10195
MISC
MISC
wordpress -- wordpress
 
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications.2020-03-13not yet calculatedCVE-2020-10196
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.2020-03-13not yet calculatedCVE-2020-10564
MISC
MISC
MISC
xerox -- phaser_3320_printersSome Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.2020-03-13not yet calculatedCVE-2019-13166
MISC
MISC
xerox -- phaser_3320_printersMultiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-13not yet calculatedCVE-2019-13167
MISC
MISC
xerox -- phaser_3320_printersSome Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13169
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13172
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.2020-03-13not yet calculatedCVE-2019-13171
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13165
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.2020-03-13not yet calculatedCVE-2019-13170
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.2020-03-13not yet calculatedCVE-2019-13168
MISC
MISC
yii2cmf -- yii2cmfyidashi yii2cmf 2.0 has XSS via the /search q parameter.2020-03-12not yet calculatedCVE-2018-10704
MISC
MISC
zoho -- managenegine_opmanager
 
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.2020-03-13not yet calculatedCVE-2020-10541
MISC
zoho -- managengine_applications_manager
 
Zoho ManageEngine Applications Manager 14590 and before allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet2020-03-13not yet calculatedCVE-2019-19799
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.