Vulnerability Summary for the Week of December 30, 2019
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
citrix -- application_delivery_controller_and_gateway | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | 2019-12-27 | 7.5 | CVE-2019-19781 CONFIRM |
freeciv -- freeciv | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | 2019-12-30 | 7.8 | CVE-2012-5645 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
magnolia_international -- magnolia_cms | Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | 2019-12-27 | 7.5 | CVE-2013-4621 MISC MISC |
open_dynamics -- collabtive | Collabtive 1.0 has incorrect access control | 2019-12-27 | 7.5 | CVE-2013-5027 MISC |
php-shellcommand -- php-shellcommand | php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-12-30 | 10 | CVE-2019-10774 MISC |
senkas -- kolibri | Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | 2019-12-27 | 7.5 | CVE-2014-5289 MISC BID XF |
sqlite -- sqlite | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | 2020-01-02 | 7.5 | CVE-2019-20218 MISC |
wordpress -- wordpress | wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | 2019-12-27 | 7.5 | CVE-2019-20041 MISC MISC |
yandex -- clickhouse | In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | 2019-12-30 | 7.5 | CVE-2019-16535 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bolt -- bolt | Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | 2019-12-31 | 4.3 | CVE-2019-9553 MISC MISC |
genjxcms -- genjxcms | GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | 2019-12-31 | 4.3 | CVE-2018-14476 MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | 2019-12-27 | 4.3 | CVE-2019-20009 MISC MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | 2019-12-27 | 6.8 | CVE-2019-20010 MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | 2019-12-27 | 6.8 | CVE-2019-20011 MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | 2019-12-27 | 6.8 | CVE-2019-20014 MISC MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | 2019-12-27 | 4.3 | CVE-2019-20012 MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | 2019-12-27 | 4.3 | CVE-2019-20013 MISC MISC MISC |
gnu -- libredwg | An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | 2019-12-27 | 4.3 | CVE-2019-20015 MISC MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c. | 2019-12-31 | 4.3 | CVE-2019-20167 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. | 2019-12-31 | 4.3 | CVE-2019-20163 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c. | 2019-12-31 | 4.3 | CVE-2019-20169 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. | 2019-12-31 | 4.3 | CVE-2019-20168 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. | 2019-12-31 | 4.3 | CVE-2019-20166 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. | 2019-12-31 | 4.3 | CVE-2019-20161 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c. | 2019-12-31 | 4.3 | CVE-2019-20160 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | 2019-12-31 | 4.3 | CVE-2019-20162 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. | 2019-12-31 | 4.3 | CVE-2019-20164 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. | 2019-12-31 | 4.3 | CVE-2019-20165 MISC |
ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | 2019-12-30 | 4 | CVE-2019-4343 XF CONFIRM |
ibm -- mq | IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. | 2019-12-30 | 4 | CVE-2019-4655 XF CONFIRM |
ibm -- watson_studio_local | IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238. | 2019-12-30 | 5 | CVE-2018-1682 XF CONFIRM |
joomla! -- joomla! | Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | 2019-12-27 | 4.3 | CVE-2013-4692 MISC MISC MISC |
libsixel_project -- libsixel | A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. | 2019-12-27 | 4.3 | CVE-2019-20023 MISC |
libsixel_project -- libsixel | An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. | 2019-12-27 | 4.3 | CVE-2019-20022 MISC |
libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. | 2019-12-30 | 6.8 | CVE-2019-20094 MISC |
libsixel_project -- libsixel | A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. | 2019-12-27 | 4.3 | CVE-2019-20024 MISC |
livefyre -- livecomments | Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | 2019-12-27 | 4.3 | CVE-2014-6420 MISC XF |
luquidpixels -- liquifire_os | LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | 2019-12-29 | 6.4 | CVE-2019-20055 MISC |
netis -- dl4323_devices | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | 2019-12-30 | 4.3 | CVE-2019-20072 MISC MISC MISC |
netis -- dl4323_devices | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | 2019-12-30 | 4.3 | CVE-2019-20076 MISC MISC MISC |
netis -- dl4323_devices | On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | 2019-12-30 | 4.3 | CVE-2019-20070 MISC MISC MISC |
netis -- dl4323_devices | On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | 2019-12-30 | 4.3 | CVE-2019-20075 MISC MISC MISC |
netis -- dl4323_devices | On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | 2019-12-30 | 4 | CVE-2019-20074 MISC MISC |
netis -- dl4323_devices | On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | 2019-12-30 | 5.8 | CVE-2019-20071 MISC MISC MISC |
netis -- dl4323_device | On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | 2019-12-30 | 4.3 | CVE-2019-20073 MISC MISC MISC |
paessler -- prtg_network_monitor | PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. | 2019-12-31 | 4.3 | CVE-2019-9207 MISC MISC |
paessler -- prtg_network_monitor | PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. | 2019-12-31 | 4.3 | CVE-2019-9206 MISC MISC |
pillow -- pillow | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | 2020-01-03 | 6.8 | CVE-2020-5312 MISC MISC |
pillow -- pillow | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | 2020-01-03 | 6.8 | CVE-2020-5310 MISC MISC |
pillow -- pillow | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | 2020-01-03 | 6.8 | CVE-2020-5313 MISC MISC |
pillow -- pillow | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | 2020-01-03 | 6.8 | CVE-2020-5311 MISC MISC |
proxyman -- proxyman_for_macos | com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks. | 2019-12-29 | 4.3 | CVE-2019-20057 MISC |
sencha_labs -- connect | Sencha Labs Connect has XSS with connect.methodOverride() | 2019-12-27 | 4.3 | CVE-2013-4691 MISC |
spbas -- business_automation_software | SPBAS Business Automation Software 2012 has CSRF. | 2019-12-27 | 4.3 | CVE-2013-4665 MISC MISC |
spbas-- business_automation_software | SPBAS Business Automation Software 2012 has XSS. | 2019-12-27 | 4.3 | CVE-2013-4664 MISC MISC MISC |
support_incident_tracker_project -- support_incident_tracker | In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS. | 2020-01-02 | 4.3 | CVE-2019-20220 MISC |
support_incident_tracker_project -- support_incident_tracker | In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS. | 2020-01-02 | 4.3 | CVE-2019-20222 MISC |
support_incident_tracker_project -- support_incident_tracker | In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page. | 2020-01-02 | 4.3 | CVE-2019-20221 MISC |
support_incident_tracker_project -- support_incident_tracker | In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235. | 2020-01-02 | 4.3 | CVE-2019-20223 MISC |
tbeu -- matio | A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. | 2019-12-27 | 4.3 | CVE-2019-20018 MISC |
tbeu -- matio | A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. | 2019-12-27 | 4.3 | CVE-2019-20017 MISC |
tbeu -- matio | A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. | 2019-12-27 | 4.3 | CVE-2019-20020 MISC |
tbeu -- matio | An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17. | 2019-12-27 | 4.3 | CVE-2019-20019 MISC |
toshiba -- configfree | Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code. | 2019-12-27 | 6.8 | CVE-2012-4980 BID XF |
upx -- upx | A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 2019-12-27 | 4.3 | CVE-2019-20021 MISC |
winamp -- winamp | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | 2019-12-27 | 6.8 | CVE-2013-4695 MISC MISC |
wordpress -- wordpress | WordPress Xorbin Digital Flash Clock 1.0 has XSS | 2019-12-27 | 4.3 | CVE-2013-4693 MISC |
wordpress -- wordpress | WordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel in wp-includes/formatting.php. | 2019-12-27 | 4.3 | CVE-2019-20042 MISC MISC MISC MISC MISC |
wordpress -- wordpress | An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | 2019-12-30 | 4.3 | CVE-2019-20141 MISC |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter. | 2019-12-27 | 4.3 | CVE-2014-4519 MISC |
wordpress -- wordpress | WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the REST API because of missing access control in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php. | 2019-12-27 | 5 | CVE-2019-20043 MISC MISC MISC MISC |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2019-12-27 | 4.3 | CVE-2014-4592 MISC |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2019-12-27 | 4.3 | CVE-2014-4523 MISC |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | 2019-12-27 | 4.3 | CVE-2014-4525 MISC CONFIRM |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | 2019-12-27 | 4.3 | CVE-2014-4550 MISC |
xnview -- xnview | Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file. | 2020-01-02 | 6.8 | CVE-2013-3246 MISC MISC |
xnview -- xnview | Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. | 2020-01-02 | 6.8 | CVE-2013-3247 MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924. | 2019-12-30 | 3.5 | CVE-2019-4623 XF CONFIRM |
ibm -- watson_studio_local | IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413. | 2019-12-30 | 2.1 | CVE-2019-4335 XF CONFIRM |
nagios -- nagios_xi | In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | 2019-12-30 | 3.5 | CVE-2019-20139 MISC |
tenable -- nessus | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). | 2019-12-27 | 3.5 | CVE-2016-1000028 MISC MISC CONFIRM |
tenable -- nessus | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | 2019-12-27 | 3.5 | CVE-2016-1000029 MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amazon -- blink_xt2_device | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 2019-12-31 | not yet calculated | CVE-2019-3984 CONFIRM |
angular -- angular | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 2020-01-02 | not yet calculated | CVE-2019-14863 CONFIRM MISC |
apache -- solr | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user). | 2019-12-30 | not yet calculated | CVE-2019-17558 MISC |
avira -- free_antivirus | Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. | 2019-12-31 | not yet calculated | CVE-2019-18568 CONFIRM |
axiomatic_systems -- bento4 | An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. | 2019-12-30 | not yet calculated | CVE-2019-20092 MISC |
axiomatic_systems -- bento4 | An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. | 2019-12-30 | not yet calculated | CVE-2019-20091 MISC |
axiomatic_systems -- bento4 | An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | 2019-12-30 | not yet calculated | CVE-2019-20090 MISC |
baidu_x-lab -- rust_sgx_sdk | Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. | 2020-01-04 | not yet calculated | CVE-2020-5499 MISC |
boltwire -- boltwire | Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. | 2020-01-02 | not yet calculated | CVE-2013-0737 MISC |
bombba -- bombba | The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 2019-12-31 | not yet calculated | CVE-2018-19834 MISC |
bssys -- rbs_bs-client | Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter. | 2020-01-03 | not yet calculated | CVE-2014-4196 MISC |
bssys -- rbs_bs-client | Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value. | 2020-01-03 | not yet calculated | CVE-2014-10398 MISC |
bulb_security -- smartphone_pentest_framework | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. | 2020-01-03 | not yet calculated | CVE-2012-5693 MISC |
bulb_security -- smartphone_pentest_framework | Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | 2020-01-03 | not yet calculated | CVE-2012-5878 MISC MISC |
business_alliance_financial_circle -- business_alliance_financial_circle | The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity. | 2019-12-31 | not yet calculated | CVE-2018-19830 MISC |
chamilo -- chamilo_lms | Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | 2020-01-04 | not yet calculated | CVE-2015-9540 MISC |
clusterlabs -- fence-agents | In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | 2020-01-02 | not yet calculated | CVE-2014-0104 MISC MISC MISC MISC |
comtech -- stampede_fx-1010_devices | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | 2020-01-02 | not yet calculated | CVE-2020-5179 MISC |
craftcms -- craft_cms | In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | 2019-12-31 | not yet calculated | CVE-2019-9554 MISC MISC |
cryptobond_network -- cryptobond_network | The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 2019-12-31 | not yet calculated | CVE-2018-19831 MISC |
cumin -- cumin | An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | 2019-12-30 | not yet calculated | CVE-2013-0264 MISC MISC |
d-link -- dgs-1510_series_switches | A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit. | 2019-12-30 | not yet calculated | CVE-2018-7859 CONFIRM |
d-link -- dir-859_routers | D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | 2020-01-02 | not yet calculated | CVE-2019-20213 MISC MISC MISC MISC |
d-link -- dir-859_wi-fi_router | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | 2019-12-30 | not yet calculated | CVE-2019-17621 MISC MISC CONFIRM CONFIRM MISC MISC |
ddq -- ddq | The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 2019-12-31 | not yet calculated | CVE-2018-19833 MISC |
docker -- docker | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | 2020-01-02 | not yet calculated | CVE-2014-0048 MISC MISC MISC MISC MISC MISC MISC |
ds_data_systems -- konakart | Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. | 2020-01-03 | not yet calculated | CVE-2014-5516 MISC MISC MISC |
easy_xml_editor -- easy_xml_editor | Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload. | 2019-12-30 | not yet calculated | CVE-2019-19031 MISC |
ecstatic -- ecstatic | ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | 2020-01-02 | not yet calculated | CVE-2019-10775 MISC |
embedded_glibc -- embedded_glibc | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | 2019-12-31 | not yet calculated | CVE-2013-4357 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
ezxml -- ezxml | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | 2019-12-31 | not yet calculated | CVE-2019-20198 MISC |
ezxml -- ezxml | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. | 2019-12-31 | not yet calculated | CVE-2019-20201 MISC |
ezxml -- ezxml | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. | 2019-12-31 | not yet calculated | CVE-2019-20200 MISC |
ezxml -- ezxml | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | 2019-12-31 | not yet calculated | CVE-2019-20199 MISC |
ezxml -- ezxml | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault. | 2019-12-31 | not yet calculated | CVE-2019-20202 MISC |
fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | 2020-01-03 | not yet calculated | CVE-2019-20330 MISC MISC |
fhdk -- gksu-polkit | gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | 2019-12-31 | not yet calculated | CVE-2013-4161 MISC MISC MISC MISC MISC |
fiberhome -- an5506-04-f_rp_2669_devices | FiberHome an5506-04-f RP2669 devices have XSS. | 2019-12-31 | not yet calculated | CVE-2019-9556 MISC MISC |
fontforge -- fontforge | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | 2020-01-03 | not yet calculated | CVE-2020-5395 MISC |
fontforge -- fontforge | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | 2020-01-03 | not yet calculated | CVE-2020-5496 MISC |
ftp -- ftp | An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. | 2019-12-31 | not yet calculated | CVE-2019-9668 MISC |
fusionforge -- fusionforge | FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | 2020-01-02 | not yet calculated | CVE-2014-6275 MISC MISC |
generalitat_de_catalunya -- accesuniversitat.gencat.cat | The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}. | 2019-12-31 | not yet calculated | CVE-2019-12837 MISC |
getsimple_cms -- getsimple_cms | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | 2020-01-02 | not yet calculated | CVE-2013-1420 MISC MISC MISC |
gitlab -- enterprise_edition | An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20507 MISC |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | 2019-12-30 | not yet calculated | CVE-2018-20490 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | not yet calculated | CVE-2019-19254 CONFIRM MISC MISC |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20489 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | 2019-12-30 | not yet calculated | CVE-2018-20488 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20493 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | 2019-12-30 | not yet calculated | CVE-2018-20499 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | 2020-01-03 | not yet calculated | CVE-2019-19257 CONFIRM MISC |
gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | 2020-01-03 | not yet calculated | CVE-2019-19260 CONFIRM MISC |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20501 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | 2019-12-30 | not yet calculated | CVE-2018-20495 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20494 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | 2019-12-30 | not yet calculated | CVE-2018-20498 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | 2019-12-30 | not yet calculated | CVE-2018-20496 CONFIRM CONFIRM |
gitlab -- gitlab_community_and_enterprise_edition | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | 2019-12-30 | not yet calculated | CVE-2018-20497 CONFIRM CONFIRM |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | 2020-01-03 | not yet calculated | CVE-2019-19263 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | not yet calculated | CVE-2019-19255 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | 2020-01-03 | not yet calculated | CVE-2019-19262 CONFIRM MISC MISC |
gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | 2020-01-03 | not yet calculated | CVE-2019-19087 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | not yet calculated | CVE-2019-19309 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. | 2020-01-03 | not yet calculated | CVE-2019-19088 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | 2020-01-03 | not yet calculated | CVE-2019-19261 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | 2020-01-03 | not yet calculated | CVE-2019-19086 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | 2019-12-30 | not yet calculated | CVE-2018-20491 CONFIRM CONFIRM |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | 2020-01-03 | not yet calculated | CVE-2019-19259 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | not yet calculated | CVE-2019-19258 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | 2020-01-03 | not yet calculated | CVE-2019-19311 CONFIRM MISC MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | not yet calculated | CVE-2019-19256 CONFIRM MISC |
gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | 2020-01-03 | not yet calculated | CVE-2019-19310 CONFIRM MISC |
gonicus -- gosa | The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie. | 2019-12-31 | not yet calculated | CVE-2019-14466 MISC MISC |
google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | not yet calculated | CVE-2019-5845 MISC MISC |
google -- chrome | Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | not yet calculated | CVE-2019-13765 MISC MISC |
google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | not yet calculated | CVE-2019-5846 MISC MISC |
google -- chrome | Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | not yet calculated | CVE-2019-13766 MISC MISC |
google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | not yet calculated | CVE-2019-5844 MISC MISC |
gopro -- gpmf-parser | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. | 2019-12-30 | not yet calculated | CVE-2019-20088 MISC |
gopro -- gpmf-parser | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | 2019-12-30 | not yet calculated | CVE-2019-20086 MISC |
gopro -- gpmf-parser | GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. | 2019-12-30 | not yet calculated | CVE-2019-20089 MISC |
gopro -- gpmf-parser | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | 2019-12-30 | not yet calculated | CVE-2019-20087 MISC |
goscript -- goscript | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | 2019-12-31 | not yet calculated | CVE-2004-2776 MISC MISC MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. | 2019-12-31 | not yet calculated | CVE-2019-20170 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. | 2019-12-31 | not yet calculated | CVE-2019-20171 MISC |
gpac -- gpac | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. | 2019-12-31 | not yet calculated | CVE-2019-20159 MISC |
gpac -- gpac | dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. | 2020-01-02 | not yet calculated | CVE-2019-20208 MISC |
helpdezk -- helpdezk | Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | 2020-01-03 | not yet calculated | CVE-2014-8337 MISC MISC |
hp -- multiple_products | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | 2020-01-03 | not yet calculated | CVE-2019-11994 MISC |
hp -- multiple_products | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | 2020-01-03 | not yet calculated | CVE-2019-11993 MISC |
huawei -- multiple_products | Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. | 2020-01-03 | not yet calculated | CVE-2019-5304 MISC |
huawei -- multiple_smartphones | Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone. | 2020-01-03 | not yet calculated | CVE-2020-1785 MISC |
huawei -- p30_smartphones | HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak. | 2020-01-03 | not yet calculated | CVE-2019-19441 MISC |
huawei -- usg9500_devices | USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. | 2020-01-03 | not yet calculated | CVE-2020-1871 MISC |
infinispan -- infinispan | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling. | 2020-01-02 | not yet calculated | CVE-2019-10158 CONFIRM CONFIRM CONFIRM |
irfanview -- irfanview | Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. | 2020-01-02 | not yet calculated | CVE-2013-3946 MISC CONFIRM |
irfanview -- irfanview | Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. | 2020-01-02 | not yet calculated | CVE-2013-3944 MISC MISC CONFIRM |
irfanview -- irfanview | The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. | 2020-01-02 | not yet calculated | CVE-2013-3945 MISC CONFIRM |
it-novum -- openitcockpit | openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. | 2019-12-31 | not yet calculated | CVE-2019-10227 CONFIRM CONFIRM |
joomla! -- joomla! | Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. | 2020-01-02 | not yet calculated | CVE-2013-3931 MISC MISC MISC |
joomla! -- joomla! | SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. | 2020-01-02 | not yet calculated | CVE-2013-3932 MISC MISC MISC |
kind-of -- kind-of | ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | 2019-12-30 | not yet calculated | CVE-2019-20149 MISC MISC |
knockout -- knockout | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 2020-01-02 | not yet calculated | CVE-2019-14862 CONFIRM MISC |
libmysofa -- libmysofa | hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | 2019-12-29 | not yet calculated | CVE-2019-20063 MISC MISC |
libsixel_project -- libsixel | libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. | 2020-01-02 | not yet calculated | CVE-2019-20205 MISC |
libsixel_project -- libsixel | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | 2019-12-29 | not yet calculated | CVE-2019-20056 MISC |
libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c. | 2019-12-30 | not yet calculated | CVE-2019-20140 MISC |
linux -- linux_kernel | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | 2019-12-31 | not yet calculated | CVE-2019-19927 MISC MISC MISC MISC |
linux -- linux_kernel | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | 2019-12-30 | not yet calculated | CVE-2019-20095 MISC MISC |
linux -- linux_kernel | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | 2019-12-30 | not yet calculated | CVE-2019-20096 MISC MISC |
loaded_commerce -- loaded_commerce | The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. | 2020-01-03 | not yet calculated | CVE-2014-5140 MISC MISC MISC MISC MISC |
mailstore -- mailstore_server_and_mailstore_service_provider | An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt. | 2019-12-31 | not yet calculated | CVE-2019-10229 CONFIRM |
mfscripts -- yetishare | class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing. | 2019-12-30 | not yet calculated | CVE-2019-19735 MISC MISC |
mfscripts -- yetishare | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels. | 2019-12-30 | not yet calculated | CVE-2019-19739 MISC |
mfscripts -- yetishare | translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | 2019-12-30 | not yet calculated | CVE-2019-19732 MISC MISC |
mfscripts -- yetishare | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. | 2019-12-30 | not yet calculated | CVE-2019-19736 MISC |
mfscripts -- yetishare | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | 2019-12-30 | not yet calculated | CVE-2019-19737 MISC |
mfscripts -- yetishare | log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS. | 2019-12-30 | not yet calculated | CVE-2019-19738 MISC MISC |
mfscripts -- yetishare | _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | 2019-12-30 | not yet calculated | CVE-2019-19734 MISC MISC |
mfscripts -- yetishare | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | 2019-12-30 | not yet calculated | CVE-2019-19805 MISC |
mfscripts -- yetishare | _get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS. | 2019-12-30 | not yet calculated | CVE-2019-19733 MISC MISC |
mfscripts -- yetishare | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | 2019-12-30 | not yet calculated | CVE-2019-19806 MISC |
miniupnp -- ngiflib | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | 2020-01-02 | not yet calculated | CVE-2019-20219 MISC |
mitreid_connect -- mitreid_connect | The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. | 2020-01-04 | not yet calculated | CVE-2020-5497 MISC |
monitorix -- monitorix | The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | 2019-12-31 | not yet calculated | CVE-2013-7070 MISC MISC MISC |
monitorix -- monitorix | Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2019-12-31 | not yet calculated | CVE-2013-7071 MISC MISC MISC |
mybb -- mybb | MyBB before 1.8.22 allows an open redirect on login. | 2020-01-02 | not yet calculated | CVE-2019-20225 MISC MISC |
nagios -- nagios_xi | In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 2019-12-31 | not yet calculated | CVE-2019-20197 MISC |
nasm -- netwide_assembler | In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | 2020-01-04 | not yet calculated | CVE-2019-20334 MISC MISC |
newinteltechmedia -- newinteltechmedia | The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 2019-12-31 | not yet calculated | CVE-2018-19832 MISC |
nim -- nim | The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | 2019-12-30 | not yet calculated | CVE-2019-20138 MISC |
obs-server -- obs-server | obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | 2020-01-02 | not yet calculated | CVE-2010-3782 MISC |
open-xchange -- appsuite | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | 2020-01-02 | not yet calculated | CVE-2013-7486 MISC BUGTRAQ SECTRACK XF CONFIRM |
open-xchange -- appsuite | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | 2020-01-02 | not yet calculated | CVE-2013-7485 OSVDB MISC BUGTRAQ SECUNIA SECTRACK XF XF CONFIRM |
open-xchange -- appsuite | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | 2020-01-02 | not yet calculated | CVE-2013-6242 MISC MISC MISC MISC MISC |
opencv -- opencv | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 2020-01-03 | not yet calculated | CVE-2019-5063 MISC |
opencv -- opencv | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 2020-01-03 | not yet calculated | CVE-2019-5064 MISC |
openlambda -- openlambda | OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000. | 2020-01-03 | not yet calculated | CVE-2019-20329 MISC MISC MISC |
openldap -- openldap | An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. | 2020-01-02 | not yet calculated | CVE-2014-8182 MISC MISC MISC MISC |
opsview -- opsview_and_opsview_core | Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. | 2020-01-02 | not yet calculated | CVE-2013-3936 MISC MISC |
opsview -- opsview_and_opsview_core | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. | 2020-01-02 | not yet calculated | CVE-2013-3935 MISC MISC |
outsystems -- platform | OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: the product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) | 2019-12-31 | not yet calculated | CVE-2019-12273 MISC |
ovirt-engine-sdk-python -- ovirt-engine-sdk-python | ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. | 2020-01-02 | not yet calculated | CVE-2014-0161 MISC MISC |
pivotal -- pivotal_spring_framework | Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. | 2020-01-02 | not yet calculated | CVE-2016-1000027 MISC MISC MISC MISC |
plone -- plone | Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | 2020-01-02 | not yet calculated | CVE-2013-7062 MISC MISC MISC MISC CONFIRM CONFIRM |
podofo -- podofo | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | 2019-12-30 | not yet calculated | CVE-2019-20093 MISC |
pure-ftpd -- pure-ftpd | In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | 2019-12-31 | not yet calculated | CVE-2019-20176 MISC |
python-ecdsa -- python-ecdsa | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. | 2020-01-02 | not yet calculated | CVE-2019-14859 CONFIRM MISC MISC MISC |
qemu -- qemu | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | 2019-12-30 | not yet calculated | CVE-2013-2016 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
qemu -- qemu | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 2020-01-02 | not yet calculated | CVE-2013-4532 MISC MISC MISC MISC MISC MISC |
quixplorer -- quixplorer | Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. | 2020-01-02 | not yet calculated | CVE-2013-1642 MISC MISC MISC |
red_hat -- ansible | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | 2020-01-02 | not yet calculated | CVE-2019-14864 CONFIRM MISC MISC |
red_hat -- jboss_enterprise_application_platform | In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | 2020-01-02 | not yet calculated | CVE-2014-0169 MISC MISC |
red_hat -- jboss_portal | It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0. | 2020-01-02 | not yet calculated | CVE-2014-0245 MISC MISC MISC |
red_hat -- openshift_enterprise | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | 2019-12-30 | not yet calculated | CVE-2013-0196 MISC MISC |
red_hat -- openstack_essex_release | Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | 2019-12-30 | not yet calculated | CVE-2012-5476 MISC MISC MISC |
red_hat -- openstack_platform_and_openstack_essex_release | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | 2019-12-30 | not yet calculated | CVE-2012-5474 MISC MISC MISC MISC |
red_hat -- quay | A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | 2020-01-02 | not yet calculated | CVE-2019-10205 CONFIRM |
red_hat -- satellite_6 | Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | 2020-01-02 | not yet calculated | CVE-2014-3590 MISC MISC MISC |
red_hat -- subscription_asset_manager | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | 2020-01-02 | not yet calculated | CVE-2014-0183 MISC MISC |
ricoh -- marcomcentral | A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | 2019-12-31 | not yet calculated | CVE-2019-7751 MISC MISC |
ros -- ros | An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line. | 2019-12-30 | not yet calculated | CVE-2019-13445 MISC CONFIRM CONFIRM |
ros -- ros | An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). | 2019-12-30 | not yet calculated | CVE-2019-13465 CONFIRM CONFIRM |
rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. | 2020-01-03 | not yet calculated | CVE-2019-3768 MISC |
samba -- samba | Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. | 2019-12-31 | not yet calculated | CVE-2011-3585 MISC MISC MISC MISC MISC |
serenityos -- serenityos | Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. | 2019-12-31 | not yet calculated | CVE-2019-20172 MISC MISC |
shaarli -- shaarli | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | 2020-01-02 | not yet calculated | CVE-2013-7351 MISC MISC MISC CONFIRM CONFIRM |
sonicwall -- global_management_system | A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | 2019-12-31 | not yet calculated | CVE-2019-7478 CONFIRM |
sonicwall -- sonicos | A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | 2019-12-31 | not yet calculated | CVE-2019-7479 CONFIRM |
sqlite -- sqlite | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | 2020-01-03 | not yet calculated | CVE-2019-19959 MISC MISC |
supermicro -- x9_and_x8_generation_motherboards | Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | 2020-01-02 | not yet calculated | CVE-2013-3619 CONFIRM MISC MISC CONFIRM CONFIRM |
supermicro -- x9_and_x8_generation_motherboards | Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | 2020-01-02 | not yet calculated | CVE-2013-3620 CONFIRM MISC MISC CONFIRM CONFIRM |
sylius -- sylius | An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object. | 2019-12-31 | not yet calculated | CVE-2019-12186 CONFIRM |
symfony -- symfony | Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | 2020-01-02 | not yet calculated | CVE-2013-4752 MISC MISC CONFIRM MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9538 CERT-VN |
telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9537 CERT-VN |
telos -- automated_message_handling_system | : Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9541 CERT-VN |
telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9542 CERT-VN |
telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9540 CERT-VN |
telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | not yet calculated | CVE-2019-9539 CERT-VN |
textproc/isearch -- textproc/isearch | The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | 2019-12-30 | not yet calculated | CVE-2012-5663 MISC MISC MISC MISC MISC |
tigervnc -- tigervnc | Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | 2020-01-02 | not yet calculated | CVE-2014-0011 MISC CONFIRM |
tiny_file_manager -- tiny_file_manager | In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | 2019-12-30 | not yet calculated | CVE-2019-16790 MISC CONFIRM |
tinywall -- tinywall | An attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13. | 2019-12-30 | not yet calculated | CVE-2019-19470 MISC |
tvt -- nvms-1000_devices | TVT NVMS-1000 devices allow GET /.. Directory Traversal | 2019-12-30 | not yet calculated | CVE-2019-20085 MISC |
unity_technologies -- editor | The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | 2019-12-31 | not yet calculated | CVE-2019-9197 CONFIRM MISC |
vim -- vim | The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | 2019-12-30 | not yet calculated | CVE-2019-20079 MISC MISC MISC |
visual_mining -- netcharts_server | Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 2020-01-03 | not yet calculated | CVE-2014-8516 MISC MISC MISC MISC |
wordpress -- wordpress | Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters. | 2020-01-02 | not yet calculated | CVE-2014-4553 MISC |
wordpress -- wordpress | The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. | 2020-01-02 | not yet calculated | CVE-2019-20204 MISC MISC MISC MISC |
wordpress -- wordpress | The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. | 2020-01-02 | not yet calculated | CVE-2019-20203 MISC MISC MISC MISC |
xmlblueprint -- xmlblueprint | XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload. | 2019-12-30 | not yet calculated | CVE-2019-19032 MISC |
xnview -- xnview | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | 2020-01-02 | not yet calculated | CVE-2013-3939 CONFIRM SECUNIA |
xnview -- xnview | Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. | 2020-01-02 | not yet calculated | CVE-2013-3937 CONFIRM SECUNIA |
xnview -- xnview | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. | 2020-01-02 | not yet calculated | CVE-2013-3941 MISC MISC |
yandex -- clickhouse | In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem. | 2019-12-30 | not yet calculated | CVE-2019-15024 MISC |
zend_framework -- zend_framework | Multiple cross-site scripting (XSS) vulnerabilties in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | 2020-01-03 | not yet calculated | CVE-2012-4451 MISC MISC MISC MISC MISC MISC MISC MISC |
zenphoto -- zenphoto | SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | 2019-12-31 | not yet calculated | CVE-2015-5591 MISC MISC MISC MISC |
zenphoto -- zenphoto | Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption). | 2019-12-31 | not yet calculated | CVE-2015-5595 MISC MISC MISC |
zenphoto -- zenphoto | Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks. | 2019-12-31 | not yet calculated | CVE-2015-5592 MISC MISC MISC MISC |
zenphoto -- zenphoto | The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event. | 2019-12-31 | not yet calculated | CVE-2015-5593 MISC MISC MISC |
zoho_manageengine -- adselfservice_plus | An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation. | 2019-12-31 | not yet calculated | CVE-2019-7162 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.