Vulnerability Summary for the Week of January 6, 2020
Released
Jan 13, 2020
Document ID
SB20-013
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ca -- automatic_dollar_universe | CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015. | 2020-01-08 | 7.2 | CVE-2019-19544 MISC |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15979 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15984 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15985 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-01-06 | 10 | CVE-2019-15975 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-01-06 | 10 | CVE-2019-15976 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2020-01-06 | 7.8 | CVE-2019-15977 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15978 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15980 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15981 CISCO |
| cisco -- data_center_network_manager | Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 9 | CVE-2019-15982 CISCO |
| cisco -- multiple_linksys_routers | Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | 2020-01-07 | 10 | CVE-2013-5122 MISC MISC MISC |
| determine -- contract_lifecycle_management | An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server. | 2020-01-05 | 9 | CVE-2019-20155 MISC |
| gilacms -- gila_cms | Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | 2020-01-06 | 9 | CVE-2020-5514 MISC |
| git-diff-apply -- git-diff-apply | In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | 2020-01-07 | 7.5 | CVE-2019-10776 MISC MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. | 2020-01-03 | 7.5 | CVE-2019-19088 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | 2020-01-05 | 7.5 | CVE-2019-19628 CONFIRM MISC |
| google -- android | In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471 | 2020-01-06 | 7.2 | CVE-2019-9468 CONFIRM |
| google -- android | In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 | 2020-01-08 | 9.3 | CVE-2020-0002 MISC CONFIRM |
| huawei -- multiple_products | Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. | 2020-01-03 | 7.8 | CVE-2019-5304 MISC |
| huawei -- multiple_smartphones | Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone. | 2020-01-03 | 7.1 | CVE-2020-1785 MISC |
| ixia -- centurystar | centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | 2020-01-08 | 10 | CVE-2014-1598 MISC |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | 7.5 | CVE-2019-11757 CONFIRM CONFIRM CONFIRM CONFIRM |
| phpgurukul -- dairy_farm_shop_management_system | PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. | 2020-01-07 | 7.5 | CVE-2020-5307 MISC EXPLOIT-DB |
| phpgurukul -- hostel_management_system | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | 2020-01-08 | 10 | CVE-2020-5510 EXPLOIT-DB |
| soplanning -- simple_online_planning | Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | 2020-01-07 | 7.5 | CVE-2014-8673 MISC MISC MISC MISC |
| thomson_reuters -- fatca | A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | 2020-01-06 | 9 | CVE-2015-5951 MISC MISC MISC MISC MISC |
| wordpress -- wordpress | There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | 2020-01-08 | 7.5 | CVE-2019-20361 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anglersnet -- cgi_an-analyzer | DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page. | 2020-01-06 | 4.3 | CVE-2019-5989 MISC MISC |
| appspace -- on-prem | In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. | 2020-01-07 | 4.3 | CVE-2020-5393 CONFIRM MISC |
| aultware -- pwstore | AultWare pwStore 2010.8.30.0 has XSS | 2020-01-07 | 4.3 | CVE-2013-5658 MISC MISC MISC |
| aultware -- pwstore | AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request | 2020-01-07 | 5 | CVE-2013-5657 MISC MISC MISC |
| chamilo -- chamilo_lms | Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | 2020-01-04 | 5.8 | CVE-2015-9540 MISC |
| cipherdyne -- fwknop | fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | 2020-01-09 | 6.5 | CVE-2012-4434 MISC MISC MISC |
| cisco -- data_center_network_manager | A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | 2020-01-06 | 4 | CVE-2019-15983 CISCO |
| codoforum -- codoforum | Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. | 2020-01-07 | 4.3 | CVE-2020-5842 MISC EXPLOIT-DB |
| determine -- contract_lifecycle_management | An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML. | 2020-01-05 | 4.3 | CVE-2019-20154 MISC |
| digi -- anywhereusb | Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | 2020-01-09 | 4.3 | CVE-2019-18859 MISC |
| dnsmasq -- dnsmasq | A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | 2020-01-07 | 5 | CVE-2019-14834 CONFIRM CONFIRM |
| fontforge -- fontforge | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | 2020-01-03 | 6.8 | CVE-2020-5395 MISC |
| fontforge -- fontforge | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | 2020-01-03 | 6.8 | CVE-2020-5496 MISC |
| fortinet -- fortisiem | An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | 2020-01-07 | 4 | CVE-2019-6700 CONFIRM |
| ftpgetter -- ftpgetter_professional | FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference. | 2020-01-08 | 5 | CVE-2020-5183 MISC EXPLOIT-DB |
| fuzezip -- fuzezip | FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability | 2020-01-07 | 4.6 | CVE-2013-5656 MISC MISC MISC |
| gilacms -- gila_cms | Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | 2020-01-06 | 6.5 | CVE-2020-5515 MISC |
| gilacms -- gila_cms | Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | 2020-01-06 | 6.8 | CVE-2020-5512 MISC |
| gilacms -- gila_cms | Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | 2020-01-06 | 6.8 | CVE-2020-5513 MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | 5 | CVE-2019-19254 CONFIRM MISC MISC |
| gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | 2020-01-03 | 5 | CVE-2019-19257 CONFIRM MISC |
| gitlab -- gitlab_community_and_enterprise_edition | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | 2020-01-03 | 5.5 | CVE-2019-19260 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. | 2020-01-03 | 4 | CVE-2019-19263 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | 4 | CVE-2019-19255 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | 2020-01-03 | 4 | CVE-2019-19310 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | 2020-01-03 | 4 | CVE-2019-19259 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | 2020-01-03 | 4 | CVE-2019-19087 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | 2020-01-03 | 6.8 | CVE-2019-19261 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | 2020-01-03 | 4 | CVE-2019-19086 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | 2020-01-05 | 5 | CVE-2019-19313 CONFIRM MISC MISC |
| gitlab -- gitlab_enterprise_edition | In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | 2020-01-05 | 5 | CVE-2019-19629 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | 2020-01-05 | 5 | CVE-2019-19314 CONFIRM MISC MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | 4 | CVE-2019-19309 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. | 2020-01-05 | 5 | CVE-2019-19312 CONFIRM MISC MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | 5 | CVE-2019-19258 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | 2020-01-03 | 5 | CVE-2019-19256 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | 2020-01-03 | 4 | CVE-2019-19262 CONFIRM MISC MISC |
| gnu -- cpio | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | 2020-01-07 | 6.9 | CVE-2019-14866 CONFIRM MISC MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | 2020-01-08 | 5.8 | CVE-2020-6614 MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | 2020-01-08 | 4.3 | CVE-2020-6610 MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | 2020-01-08 | 5.8 | CVE-2020-6612 MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | 2020-01-08 | 4.3 | CVE-2020-6615 MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | 2020-01-08 | 4.3 | CVE-2020-6611 MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | 2020-01-08 | 5.8 | CVE-2020-6613 MISC |
| google -- android | In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130246677 | 2020-01-06 | 4.6 | CVE-2019-9469 CONFIRM |
| google -- android | In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326 | 2020-01-06 | 4.6 | CVE-2019-9471 CONFIRM |
| google -- android | In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528 | 2020-01-06 | 4.6 | CVE-2019-9470 CONFIRM |
| google -- chrome | Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | 4.3 | CVE-2019-13765 MISC MISC |
| google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | 4.3 | CVE-2019-5844 SUSE SUSE SUSE MISC MISC |
| google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | 4.3 | CVE-2019-5845 SUSE SUSE SUSE MISC MISC |
| google -- chrome | Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | 4.3 | CVE-2019-13766 MISC MISC |
| google -- chrome | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-03 | 4.3 | CVE-2019-5846 SUSE SUSE SUSE MISC MISC |
| huawei -- usg9500_devices | USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. | 2020-01-03 | 6.4 | CVE-2020-1871 MISC |
| icewarp -- webmail_server | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | 2020-01-06 | 4.3 | CVE-2019-19265 MISC CONFIRM |
| ignite_realtime -- openfire | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents. | 2020-01-08 | 4.3 | CVE-2019-20363 MISC MISC |
| ignite_realtime -- openfire | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents. | 2020-01-08 | 4.3 | CVE-2019-20366 MISC MISC |
| ignite_realtime -- openfire | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page. | 2020-01-08 | 4.3 | CVE-2019-20365 MISC MISC |
| ignite_realtime -- openfire | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp. | 2020-01-08 | 4.3 | CVE-2019-20364 MISC MISC |
| it_work_center -- fileview | The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves. | 2020-01-06 | 4.3 | CVE-2019-15602 MISC |
| jamf -- jamf_pro | Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro. | 2020-01-07 | 6.5 | CVE-2018-10465 CONFIRM |
| kunbus -- pr100088_modbus_gateway | An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). | 2020-01-07 | 6.8 | CVE-2019-6529 MISC |
| mitreid_connect -- mitreid_connect | The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. | 2020-01-04 | 4.3 | CVE-2020-5497 MISC |
| mobileiron -- vsp_and_sentry | MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | 2020-01-08 | 6.4 | CVE-2014-1409 MISC MISC MISC |
| moodle -- moodle | moodle before versions 3.7.3, 3.6.7, 3.5.9 is vulnerable to a None. | 2020-01-07 | 5.5 | CVE-2019-14879 CONFIRM |
| mozilla -- firefox | Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. | 2020-01-08 | 5 | CVE-2019-11756 CONFIRM CONFIRM |
| open-xchange -- open-xchange_appsuite | OX App Suite through 7.10.2 has XSS. | 2020-01-06 | 4.3 | CVE-2019-16717 MISC MISC MISC |
| opencv -- opencv | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 2020-01-03 | 6.8 | CVE-2019-5064 MISC MISC |
| opencv -- opencv | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 2020-01-03 | 6.8 | CVE-2019-5063 MISC |
| phpgurukul -- hospital_management_system | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. | 2020-01-06 | 4.3 | CVE-2020-5191 MISC MISC |
| phpscriptsmall.com -- advanced-real-estate-script | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. | 2020-01-05 | 4.3 | CVE-2019-20336 MISC |
| phpscriptsmall.com -- advanced-real-estate-script | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | 2020-01-05 | 6.5 | CVE-2019-20337 MISC |
| red_hat -- openshift_container_platform | OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. | 2020-01-07 | 4 | CVE-2019-14854 CONFIRM |
| red_hat -- openshift_container_platform | A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. | 2020-01-07 | 6.5 | CVE-2019-14819 CONFIRM |
| samsung_kies -- samsung_kies | Samsung Kies before 2.5.0.12094_27_11 has registry modification. | 2020-01-09 | 5 | CVE-2012-3810 MISC BID MISC |
| samsung_kies -- samsung_kies | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | 2020-01-09 | 5 | CVE-2012-3808 MISC BID MISC |
| samsung_kies -- samsung_kies | Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service. | 2020-01-09 | 5 | CVE-2012-3806 MISC BID MISC |
| samsung_kies -- samsung_kies | Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | 2020-01-09 | 5 | CVE-2012-3809 MISC BID MISC |
| seeftl -- seeftl | The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing. | 2020-01-06 | 4.3 | CVE-2019-15603 MISC |
| sqlite -- sqlite | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | 2020-01-03 | 5 | CVE-2019-19959 MISC MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | 2020-01-08 | 6.8 | CVE-2020-6619 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. | 2020-01-08 | 6.8 | CVE-2020-6620 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. | 2020-01-08 | 6.8 | CVE-2020-6621 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | 2020-01-08 | 6.8 | CVE-2020-6623 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. | 2020-01-08 | 6.8 | CVE-2020-6618 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. | 2020-01-08 | 6.8 | CVE-2020-6622 MISC |
| stb_truetype.h -- stb_truetype.h | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | 2020-01-08 | 6.8 | CVE-2020-6617 MISC |
| telos -- automated_message_handling_system | : Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 5 | CVE-2019-9541 CERT-VN |
| telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 4.3 | CVE-2019-9540 CERT-VN |
| telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 4.3 | CVE-2019-9539 CERT-VN |
| telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 4.3 | CVE-2019-9537 CERT-VN |
| telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 4.3 | CVE-2019-9538 CERT-VN |
| telos -- automated_message_handling_system | : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | 2020-01-03 | 4.3 | CVE-2019-9542 CERT-VN |
| troglobit -- uftpd | In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11 | 2020-01-06 | 6.5 | CVE-2020-5204 MISC CONFIRM |
| typsettercms -- typesetter | The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability. | 2020-01-05 | 4.3 | CVE-2019-20077 MISC |
| watchguard -- xmt515 | A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). | 2020-01-07 | 4.3 | CVE-2019-18652 MISC |
| wordpress -- wordpress | A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data. | 2020-01-08 | 5 | CVE-2019-20360 MISC MISC |
| wordpress -- wordpress | A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. | 2020-01-09 | 6.8 | CVE-2020-6167 CONFIRM MISC MISC |
| wordpress -- wordpress | A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. | 2020-01-09 | 5.5 | CVE-2020-6166 CONFIRM MISC MISC |
| wordpress -- wordpress | A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). | 2020-01-09 | 6.5 | CVE-2020-6168 CONFIRM MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| codoforum -- codoforum | Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | 2020-01-05 | 3.5 | CVE-2020-5305 MISC MISC |
| codoforum -- codoforum | Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | 2020-01-05 | 3.5 | CVE-2020-5306 MISC MISC |
| codoforum -- codoforum | Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | 2020-01-07 | 3.5 | CVE-2020-5843 MISC MISC |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | 2020-01-03 | 3.5 | CVE-2019-19311 CONFIRM MISC MISC |
| google -- android | In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904 | 2020-01-08 | 3.7 | CVE-2020-0003 CONFIRM |
| google -- android | In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003 | 2020-01-07 | 2.1 | CVE-2019-9465 CONFIRM |
| google -- android | In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130237611 | 2020-01-06 | 2.1 | CVE-2019-9472 CONFIRM |
| google -- pixel_and_pixel_sl_devices | An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). | 2020-01-08 | 2.1 | CVE-2016-5346 MISC MISC MISC MISC MISC |
| hmailserver -- hmailserver | HMailServer 5.3.x and prior: Memory Corruption which could cause DOS | 2020-01-07 | 2.6 | CVE-2013-5571 MISC |
| huawei -- p30_smartphones | HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak. | 2020-01-03 | 3.3 | CVE-2019-19441 MISC |
| icewarp -- webmail_server | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | 2020-01-06 | 3.5 | CVE-2019-19266 MISC CONFIRM |
| pearson -- enterprise_student_information_system | Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input | 2020-01-08 | 3.5 | CVE-2014-1454 MISC MISC |
| pqi -- aircard | PQI AirCard has persistent XSS | 2020-01-07 | 3.5 | CVE-2013-5637 MISC |
| soplanning -- simple_online_planning | Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | 2020-01-06 | 3.5 | CVE-2014-8674 MISC MISC MISC MISC |
| symantec -- it_management_suite | A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | 2020-01-08 | 3.5 | CVE-2016-6588 MISC CONFIRM MISC |
| transcend -- wifi_sd_card | Transcend WiFiSD 1.8 has persistent XSS | 2020-01-07 | 3.5 | CVE-2013-5638 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advisto -- peel_shopping | Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user. | 2020-01-09 | not yet calculated | CVE-2019-20178 MISC |
| agilebits -- 1password_for_windows | AgileBits 1Password through 1.0.9.340 allows security feature bypass | 2020-01-09 | not yet calculated | CVE-2014-3753 MISC |
| ahsay -- cloud_backup_suite | An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds. | 2020-01-06 | not yet calculated | CVE-2020-5846 MISC |
| akips -- akips | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | 2020-01-06 | not yet calculated | CVE-2016-11017 MISC MISC |
| amazon -- aws-lambda | In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | 2020-01-08 | not yet calculated | CVE-2019-10777 CONFIRM |
| anglersnet -- cgi_an-analyzer | Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page. | 2020-01-06 | not yet calculated | CVE-2019-5988 MISC MISC |
| anglersnet -- cgi_an-analyzer | Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer. | 2020-01-06 | not yet calculated | CVE-2019-5990 MISC MISC |
| anglersnet -- cgi_an-analyzer | Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. | 2020-01-06 | not yet calculated | CVE-2019-5987 MISC MISC |
| ansible -- ansible | Ansible prior to 1.5.4 mishandles the evaluation of some strings. | 2020-01-09 | not yet calculated | CVE-2014-2686 MISC |
| apache -- maven | The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | 2020-01-06 | not yet calculated | CVE-2019-20343 MISC MISC MISC |
| apache -- olingo | Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | 2020-01-09 | not yet calculated | CVE-2020-1925 CONFIRM |
| arial_software -- campaign_enterprise | Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | 2020-01-10 | not yet calculated | CVE-2012-3822 MISC XF |
| arial_software -- campaign_enterprise | A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | 2020-01-10 | not yet calculated | CVE-2012-3821 MISC MISC MISC MISC MISC |
| arial_software -- campaign_enterprise | Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | 2020-01-10 | not yet calculated | CVE-2012-3823 MISC XF |
| arial_software -- campaign_enterprise | In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | 2020-01-10 | not yet calculated | CVE-2012-3824 MISC XF |
| artica -- pandora_fms | netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 2020-01-09 | not yet calculated | CVE-2019-20224 MISC MISC MISC MISC |
| bftpd -- bftpd | An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. | 2020-01-10 | not yet calculated | CVE-2020-6835 MISC MISC |
| bftpd -- bftpd | An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c. | 2020-01-10 | not yet calculated | CVE-2020-6162 CONFIRM CONFIRM |
| bigprof -- online_invoicing_system | BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action. | 2020-01-08 | not yet calculated | CVE-2020-6583 MISC |
| billon -- smart_energy_router_sg600r2 | XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp. | 2020-01-09 | not yet calculated | CVE-2019-14918 MISC |
| billon -- smart_energy_router_sg600r2 | An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device. | 2020-01-09 | not yet calculated | CVE-2019-14919 MISC |
| billon -- smart_energy_router_sg600r2 | Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature. | 2020-01-09 | not yet calculated | CVE-2019-14920 MISC |
| bss -- continuity_cms | BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability | 2020-01-09 | not yet calculated | CVE-2014-3449 MISC MISC |
| bss -- continuity_cms | BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | 2020-01-09 | not yet calculated | CVE-2014-3448 MISC MISC |
| bss -- continuity_cms | BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | 2020-01-09 | not yet calculated | CVE-2014-3447 MISC MISC |
| ca -- automic_sysload | CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | 2020-01-08 | not yet calculated | CVE-2019-19518 CONFIRM |
| chamilo -- chamilo_lms | Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | 2020-01-10 | not yet calculated | CVE-2012-4030 XF |
| cisco -- data_center_network_manager | A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts. | 2020-01-06 | not yet calculated | CVE-2019-15999 MISC CISCO |
| citrix -- xenapp_online_plug-in_for_windows_and_receiver_for_windows | Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | 2020-01-10 | not yet calculated | CVE-2012-4603 BID SECTRACK SECTRACK XF |
| contao -- contao_cms | Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | 2020-01-08 | not yet calculated | CVE-2014-1860 MISC MISC MISC MISC EXPLOIT-DB |
| curl -- curl | CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue). | 2020-01-06 | not yet calculated | CVE-2019-15601 MLIST MISC |
| d-link -- dcs-960l_devices | This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458. | 2020-01-07 | not yet calculated | CVE-2019-17146 N/A N/A |
| dassault_systemes -- catia | Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | 2020-01-08 | not yet calculated | CVE-2014-2072 MISC MISC EXPLOIT-DB |
| dedecms -- dedecms | A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | 2020-01-06 | not yet calculated | CVE-2015-4553 MISC MISC MISC |
| deja_vu -- crescendo_sales_crm | D?j? Vu Crescendo Sales CRM has remote SQL Injection | 2020-01-10 | not yet calculated | CVE-2014-4984 MISC MISC MISC |
| dell -- dell_emc_unisphere_for_powermax_and_dell_emc_powermax_OS | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. | 2020-01-10 | not yet calculated | CVE-2019-18588 MISC |
| determine -- contract_lifecycle_management | An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | 2020-01-05 | not yet calculated | CVE-2019-20153 MISC |
| devcert-sanscache -- devcert-sanscache | devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization. | 2020-01-08 | not yet calculated | CVE-2019-10778 CONFIRM |
| dompdf -- dompdf | DOMPDF before 0.6.2 allows denial of service. | 2020-01-10 | not yet calculated | CVE-2014-5012 MISC MISC |
| dompdf -- dompdf | DOMPDF before 0.6.2 allows Information Disclosure. | 2020-01-10 | not yet calculated | CVE-2014-5011 MISC MISC |
| dompdf -- dompdf | DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | 2020-01-10 | not yet calculated | CVE-2014-5013 MISC MISC |
| drupal -- drupal | The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. | 2020-01-09 | not yet calculated | CVE-2012-2724 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| drupal -- drupal | The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | 2020-01-09 | not yet calculated | CVE-2012-2714 MISC MISC MISC MISC |
| drupal -- drupal | Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym. | 2020-01-09 | not yet calculated | CVE-2012-5558 MISC MISC MISC MISC |
| dten -- d5_and_d7_devices | DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS. | 2020-01-06 | not yet calculated | CVE-2019-16273 MISC |
| dten -- d5_and_d7_devices | DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | 2020-01-06 | not yet calculated | CVE-2019-16274 MISC |
| dten -- d5_and_d7_devices | On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement. | 2020-01-06 | not yet calculated | CVE-2019-16272 MISC |
| dten -- d5_and_d7_devices | DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. | 2020-01-06 | not yet calculated | CVE-2019-16271 MISC |
| e2fsprogs_project -- e2fsck | A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | 2020-01-08 | not yet calculated | CVE-2019-5188 CONFIRM |
| ellislab -- codeigniter | EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | 2020-01-09 | not yet calculated | CVE-2012-1915 BID |
| elog -- electronic_logbook | A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. | 2020-01-10 | not yet calculated | CVE-2019-20376 MISC |
| elog -- electronic_logbook | A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c. | 2020-01-10 | not yet calculated | CVE-2019-20375 MISC |
| employee_records_system -- employee_records_system | uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension. | 2020-01-09 | not yet calculated | CVE-2019-20183 MISC |
| ether -- etherpad-lite | The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | 2020-01-10 | not yet calculated | CVE-2013-7380 MISC MISC |
| fedoraproject -- 389_directory_server | 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | 2020-01-09 | not yet calculated | CVE-2010-3282 OVAL CONFIRM CONFIRM CONFIRM |
| fortinet -- fortiauthenticator_web_ui | An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | 2020-01-07 | not yet calculated | CVE-2019-16154 CONFIRM |
| free -- freebox_os_web_interface | A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code. | 2020-01-06 | not yet calculated | CVE-2014-9405 MISC MISC MISC MISC |
| freedesktop -- poppler | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 2020-01-09 | not yet calculated | CVE-2012-2142 MISC MISC MISC MISC MISC MISC |
| ganglia -- ganglia-web | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. | 2020-01-11 | not yet calculated | CVE-2019-20379 MISC |
| ganglia -- ganglia-web | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. | 2020-01-11 | not yet calculated | CVE-2019-20378 MISC |
| gateway_geomatics -- mapserver_for_windows | Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | 2020-01-09 | not yet calculated | CVE-2012-2950 BID XF |
| genexis -- platinum | An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | 2020-01-08 | not yet calculated | CVE-2020-6170 MISC |
| gnome -- glib | GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. | 2020-01-09 | not yet calculated | CVE-2020-6750 CONFIRM MISC |
| gnu -- libredwg | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | 2020-01-08 | not yet calculated | CVE-2020-6609 MISC |
| google -- android | A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | 2020-01-08 | not yet calculated | CVE-2014-9908 MISC MISC MISC MISC |
| google -- android | In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304 | 2020-01-08 | not yet calculated | CVE-2020-0001 CONFIRM |
| google -- android | In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476 | 2020-01-08 | not yet calculated | CVE-2020-0004 CONFIRM |
| google -- android | In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 | 2020-01-08 | not yet calculated | CVE-2020-0009 MISC CONFIRM |
| google -- android | In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228 | 2020-01-08 | not yet calculated | CVE-2020-0008 CONFIRM |
| google -- android | In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828 | 2020-01-08 | not yet calculated | CVE-2020-0006 CONFIRM |
| google -- android | In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807 | 2020-01-08 | not yet calculated | CVE-2020-0007 CONFIRM |
| google -- chrome | Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2020-01-10 | not yet calculated | CVE-2019-13767 SUSE MISC MISC |
| google -- chrome | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-01-10 | not yet calculated | CVE-2020-6377 SUSE SUSE MISC MISC FEDORA |
| gpac -- gpac | An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c. | 2020-01-09 | not yet calculated | CVE-2020-6631 MISC |
| gpac -- gpac | An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. | 2020-01-09 | not yet calculated | CVE-2020-6630 MISC |
| hashbrown_cms -- hashbrown_cms | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | 2020-01-06 | not yet calculated | CVE-2020-5840 MISC MISC |
| hp -- access_control | A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege. | 2020-01-09 | not yet calculated | CVE-2019-6330 CONFIRM |
| hp -- multiple_deskjet_3630_printers | HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | 2020-01-09 | not yet calculated | CVE-2019-6319 CONFIRM |
| hp -- multiple_deskjet_3630_printers | Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | 2020-01-09 | not yet calculated | CVE-2019-6320 CONFIRM |
| hp -- multiple_inkjet_printers | A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A. | 2020-01-09 | not yet calculated | CVE-2019-6332 CONFIRM |
| huawei -- cloudengine_12800_and_cloudengine_s5700_and_cloudengine_s6700 | Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R008C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC710. | 2020-01-09 | not yet calculated | CVE-2020-1810 CONFIRM |
| huawei -- honer_magic2_phones | Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. | 2020-01-09 | not yet calculated | CVE-2020-1826 CONFIRM |
| huawei -- mate_20_pro_smartphones | HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function. | 2020-01-09 | not yet calculated | CVE-2020-1786 CONFIRM |
| huawei -- mate_20_pro_smartphones | HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user. | 2020-01-09 | not yet calculated | CVE-2020-1787 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. | 2020-01-10 | not yet calculated | CVE-2019-4559 XF CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429. | 2020-01-10 | not yet calculated | CVE-2019-4508 XF CONFIRM |
| ibm -- jazz_reporting_service | IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962. | 2020-01-09 | not yet calculated | CVE-2019-4651 XF CONFIRM |
| imperva -- securesphere_web_application_firewall | Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | 2020-01-08 | not yet calculated | CVE-2011-5266 MISC |
| intelbras -- iwr_3000n_devices | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | 2020-01-05 | not yet calculated | CVE-2019-20004 MISC MISC |
| invisionpower -- invision_power_board | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | 2020-01-09 | not yet calculated | CVE-2012-2226 BID XF |
| jamf -- jamf_pro | An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server. | 2020-01-08 | not yet calculated | CVE-2019-17076 CONFIRM |
| jhead_project -- jhead | jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. | 2020-01-09 | not yet calculated | CVE-2020-6625 MISC |
| jhead_project -- jhead | jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. | 2020-01-09 | not yet calculated | CVE-2020-6624 MISC |
| jinan_usr_iot_technology -- usr-wifi232-s/t/g2/h_device | A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. | 2020-01-06 | not yet calculated | CVE-2019-18842 MISC |
| keepass -- keepass | KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | 2020-01-09 | not yet calculated | CVE-2019-20184 MISC |
| kemp_technologies -- loadmaster | A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | 2020-01-08 | not yet calculated | CVE-2014-5287 MISC MISC CONFIRM |
| koala_framework -- koala_framework | Koala Framework before 2011-11-21 has XSS via the request_uri parameter. | 2020-01-08 | not yet calculated | CVE-2011-5018 MISC CONFIRM MISC |
| kyrol_security_labs -- kyrol_internet_security | An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive. | 2020-01-10 | not yet calculated | CVE-2019-19820 MISC MISC |
| libbsd -- libbsd | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). | 2020-01-08 | not yet calculated | CVE-2019-20367 MISC MISC |
| libming -- libming | Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. | 2020-01-09 | not yet calculated | CVE-2020-6628 MISC |
| libming -- libming | Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. | 2020-01-09 | not yet calculated | CVE-2020-6629 MISC |
| linux -- linux_kernel | An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. | 2020-01-09 | not yet calculated | CVE-2019-19332 MISC CONFIRM MISC MISC |
| linux_terminal_server_project -- ltsp_display_manager | LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | 2020-01-09 | not yet calculated | CVE-2019-20373 MISC MLIST DEBIAN |
| litespeed_technologies -- openlitespeed | The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. | 2020-01-06 | not yet calculated | CVE-2020-5519 MISC MISC |
| mozilla -- firefox | A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. | 2020-01-08 | not yet calculated | CVE-2019-11765 CONFIRM CONFIRM |
| mozilla -- firefox | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. | 2020-01-08 | not yet calculated | CVE-2019-17002 MISC CONFIRM |
| mozilla -- firefox
| After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17023 MISC UBUNTU CONFIRM |
| mozilla -- firefox
| If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17020 MISC UBUNTU CONFIRM |
| mozilla -- firefox | If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17014 MISC CONFIRM |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17025 MISC UBUNTU CONFIRM |
| mozilla -- firefox | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17018 MISC CONFIRM |
| mozilla -- firefox | When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17019 MISC CONFIRM |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17013 MISC CONFIRM |
| mozilla -- firefox | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | 2020-01-08 | not yet calculated | CVE-2019-17001 MISC CONFIRM |
| mozilla -- firefox | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70. | 2020-01-08 | not yet calculated | CVE-2019-17000 MISC CONFIRM |
| mozilla -- firefox_and_firefox_esr | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17022 MISC MLIST BUGTRAQ UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17024 MISC MLIST BUGTRAQ UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17016 MISC MLIST BUGTRAQ UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17015 MISC CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17021 MISC CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 2020-01-08 | not yet calculated | CVE-2019-17017 MISC MLIST BUGTRAQ UBUNTU DEBIAN CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. | 2020-01-08 | not yet calculated | CVE-2019-9812 CONFIRM MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11759 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11760 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17009 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17010 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17012 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17008 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17005 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-17011 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | 2020-01-08 | not yet calculated | CVE-2019-11745 SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11764 MISC CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11763 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11762 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11761 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox_and_firefox_esr_and_thunderbird | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. | 2020-01-08 | not yet calculated | CVE-2019-11758 CONFIRM CONFIRM CONFIRM CONFIRM |
| mruby -- mruby | In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. | 2020-01-11 | not yet calculated | CVE-2020-6839 MISC |
| mruby -- mruby | In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. | 2020-01-11 | not yet calculated | CVE-2020-6840 MISC |
| mruby -- mruby | In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. | 2020-01-11 | not yet calculated | CVE-2020-6838 MISC |
| multiple_vendors -- multiple_cable_modems | Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | 2020-01-09 | not yet calculated | CVE-2019-19494 MISC MISC MISC MISC |
| nasm -- netwide_assembler | In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. | 2020-01-06 | not yet calculated | CVE-2019-20352 MISC |
| network_time_foundation -- network_time_protocol | An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | 2020-01-08 | not yet calculated | CVE-2014-5209 MISC CONFIRM CONFIRM |
| nginx -- nginx | NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | 2020-01-09 | not yet calculated | CVE-2019-20372 MISC MISC MISC MISC CONFIRM |
| nitro_software -- free_pdf_reader | The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. | 2020-01-10 | not yet calculated | CVE-2019-19817 MISC MISC |
| nitro_software -- free_pdf_reader | The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content. | 2020-01-10 | not yet calculated | CVE-2019-19819 MISC MISC |
| node.js -- node.js | grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server. | 2020-01-11 | not yet calculated | CVE-2020-6836 MISC MISC |
| node.js -- node.js | Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | 2020-01-06 | not yet calculated | CVE-2014-3743 MISC MISC MISC MISC |
| oker -- g232v1_devices | OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks. | 2020-01-06 | not yet calculated | CVE-2019-20348 MISC |
| online_tv_database -- online_tv_database | An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. | 2020-01-10 | not yet calculated | CVE-2011-5020 MISC |
| open-xchange -- open-xchange_appsuite | OX App Suite through 7.10.2 has Incorrect Access Control. | 2020-01-06 | not yet calculated | CVE-2019-16716 MISC MISC |
| opentrade -- opentrade | OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | 2020-01-11 | not yet calculated | CVE-2020-6847 MISC MISC |
| opservices -- opmon | An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | 2020-01-07 | not yet calculated | CVE-2020-5841 MISC |
| otrs -- otrs_and_otrs_community_edition | Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | 2020-01-10 | not yet calculated | CVE-2020-1766 CONFIRM |
| otrs -- otrs_and_otrs_community_edition | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | 2020-01-06 | not yet calculated | CVE-2019-18179 MISC MLIST |
| otrs -- otrs_and_otrs_community_edition | Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | 2020-01-10 | not yet calculated | CVE-2020-1767 CONFIRM |
| otrs -- otrs_and_otrs_community_edition | An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | 2020-01-10 | not yet calculated | CVE-2020-1765 CONFIRM |
| parallels -- desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685. | 2020-01-07 | not yet calculated | CVE-2019-17148 N/A |
| phpgurukul -- dairy_farm_shop_management_system | PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | 2020-01-09 | not yet calculated | CVE-2020-5308 MISC MISC MISC |
| phpgurukul -- hospital_management_system | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. | 2020-01-06 | not yet calculated | CVE-2020-5192 MISC MISC |
| phpgurukul -- small_crm | PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | 2020-01-08 | not yet calculated | CVE-2020-5511 EXPLOIT-DB |
| phpmyadmin -- phpmyadmin | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | 2020-01-09 | not yet calculated | CVE-2020-5504 CONFIRM |
| pillow -- pillow | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. | 2020-01-05 | not yet calculated | CVE-2019-19911 CONFIRM |
| pisignage -- pisignage | The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download. | 2020-01-06 | not yet calculated | CVE-2019-20354 MISC MISC MISC |
| pivotal -- ops_manager | Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | 2020-01-09 | not yet calculated | CVE-2019-11292 CONFIRM |
| pivotal -- pivotal_spring_framework | The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. | 2020-01-10 | not yet calculated | CVE-2013-6430 MISC MISC MISC |
| plixer_international -- scrutinizer | Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script. | 2020-01-09 | not yet calculated | CVE-2012-1260 MISC MISC MISC MISC MISC |
| plixer_international -- scrutinizer | Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. | 2020-01-09 | not yet calculated | CVE-2012-1261 MISC MISC MISC MISC MISC |
| plixer_international -- scrutinizer | Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | 2020-01-09 | not yet calculated | CVE-2012-1259 MISC MISC MISC MISC MISC |
| plixer_international -- scrutinizer | cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | 2020-01-09 | not yet calculated | CVE-2012-1258 MISC MISC MISC MISC MISC |
| pow -- pow | In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability. | 2020-01-09 | not yet calculated | CVE-2020-5205 MISC MISC CONFIRM |
| prestashop -- prestashop | In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js. | 2020-01-09 | not yet calculated | CVE-2020-6632 MISC |
| publify -- publify | Publify before 8.0.1 is vulnerable to a Denial of Service attack | 2020-01-09 | not yet calculated | CVE-2014-3211 MISC |
| rasilient -- pixelstor | contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. | 2020-01-09 | not yet calculated | CVE-2020-6757 MISC |
| rasilient -- pixelstor | A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter. | 2020-01-09 | not yet calculated | CVE-2020-6758 MISC |
| rasilient -- pixelstor | languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | 2020-01-09 | not yet calculated | CVE-2020-6756 MISC MISC |
| rconfig -- rconfig | An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | 2020-01-06 | not yet calculated | CVE-2019-19585 MISC MISC |
| rconfig -- rconfig | An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | 2020-01-06 | not yet calculated | CVE-2019-19509 MISC MISC MISC |
| red_hat -- jboss_keycloak | A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'. | 2020-01-07 | not yet calculated | CVE-2019-14837 CONFIRM CONFIRM CONFIRM |
| red_hat -- jboss_keycloak | It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | 2020-01-08 | not yet calculated | CVE-2019-14820 CONFIRM |
| red_hat -- simple_directmedia_layer | A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. | 2020-01-07 | not yet calculated | CVE-2019-14906 CONFIRM |
| red_hat -- wildfly_security_manager | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | 2020-01-07 | not yet calculated | CVE-2019-14843 CONFIRM |
| ricoh -- sp_c250dn_printer | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | 2020-01-10 | not yet calculated | CVE-2019-14301 CONFIRM |
| ricoh -- sp_c250dn_printer | On Ricoh SP C250DN 1.06 devices, a debug port can be used. | 2020-01-10 | not yet calculated | CVE-2019-14302 CONFIRM |
| ricoh -- sp_c250dn_printer | Ricoh SP C250DN 1.06 devices allow CSRF. | 2020-01-10 | not yet calculated | CVE-2019-14304 CONFIRM |
| ricoh -- sp_c250dn_printer | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). | 2020-01-10 | not yet calculated | CVE-2019-14306 CONFIRM |
| samsung -- kies | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | 2020-01-09 | not yet calculated | CVE-2012-3807 MISC BID MISC |
| samsung -- mobile_print_for_android | An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. | 2020-01-09 | not yet calculated | CVE-2019-6331 CONFIRM |
| schneider-electric -- ecostruxure_control_expert_and_unity_pro | An Improper Authorization - CWE-285 vulnerability exists in EcoStruxure? Control Expert V14.0 and all versions of Unity Pro (previously calledEcoStruxure? Control Expert), which could allow a bypass of the authentication process between EcoStruxure Control Expert and the controller. | 2020-01-06 | not yet calculated | CVE-2019-6855 CONFIRM |
| schneider-electric -- ecostruxure_geo_scada_expert | A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. | 2020-01-06 | not yet calculated | CVE-2019-6854 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. | 2020-01-06 | not yet calculated | CVE-2019-6857 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. | 2020-01-06 | not yet calculated | CVE-2019-6856 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. | 2020-01-06 | not yet calculated | CVE-2018-7794 CONFIRM |
| snare -- snare_for_linux | Snare for Linux before 1.7.0 has CSRF in the web interface. | 2020-01-08 | not yet calculated | CVE-2011-5250 MISC MISC |
| snare -- snare_for_linux | Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | 2020-01-08 | not yet calculated | CVE-2011-5247 MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | 2020-01-09 | not yet calculated | CVE-2019-20179 MISC |
| spagobi -- spagobi | SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | 2020-01-10 | not yet calculated | CVE-2013-6231 MISC MISC MISC |
| sparklabs -- viscosity | A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | 2020-01-10 | not yet calculated | CVE-2012-4284 MISC MISC MISC CONFIRM |
| sphider -- sphider_and_sphider-pro_and_sphider-plus | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | 2020-01-10 | not yet calculated | CVE-2014-5081 MISC EXPLOIT-DB |
| status2k -- status2k | Status2k does not remove the install directory allowing credential reset. | 2020-01-10 | not yet calculated | CVE-2014-5093 MISC MISC |
| status2k -- status2k | Status2k allows Remote Command Execution in admin/options/editpl.php. | 2020-01-10 | not yet calculated | CVE-2014-5092 MISC MISC |
| suricata-ids -- suricata | An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. | 2020-01-06 | not yet calculated | CVE-2019-18625 CONFIRM CONFIRM MISC MISC |
| suricata-ids -- suricata | An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet. | 2020-01-06 | not yet calculated | CVE-2019-18792 CONFIRM CONFIRM MISC MISC |
| symantec -- multiple_products | A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | 2020-01-08 | not yet calculated | CVE-2016-6589 MISC CONFIRM MISC |
| symantec -- multiple_products | A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | 2020-01-08 | not yet calculated | CVE-2016-6590 MISC MISC CONFIRM |
| symantec -- multiple_products | A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 2020-01-09 | not yet calculated | CVE-2016-5311 MISC MISC MISC MISC CONFIRM |
| symantec -- norton_app_lock | A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 2020-01-08 | not yet calculated | CVE-2016-6591 MISC CONFIRM |
| symantec -- norton_mobile_security_for_android | A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | 2020-01-08 | not yet calculated | CVE-2016-6585 MISC MISC CONFIRM |
| symantec -- norton_mobile_security_for_android | An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | 2020-01-08 | not yet calculated | CVE-2016-6587 MISC MISC CONFIRM MISC |
| symantec -- norton_mobile_security_for_android | A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | 2020-01-08 | not yet calculated | CVE-2016-6586 MISC MISC CONFIRM |
| symantec -- vip_access_desktop | A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | 2020-01-08 | not yet calculated | CVE-2016-6593 MISC MISC MISC CONFIRM |
| technicolor -- tc7230_steb_device | The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | 2020-01-08 | not yet calculated | CVE-2019-19495 MISC MISC MISC |
| tencent -- wechat | This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302. | 2020-01-07 | not yet calculated | CVE-2019-17151 N/A |
| teradici -- pcoip_agent_and_pcoip_client | In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file. | 2020-01-08 | not yet calculated | CVE-2019-20362 MISC |
| tinywebgallery -- tinywebgallery | PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | 2020-01-09 | not yet calculated | CVE-2012-2931 MISC |
| tophub -- toplist | TopList before 2019-09-03 allows XSS via a title. | 2020-01-11 | not yet calculated | CVE-2019-20377 MISC |
| totalav -- totalav | TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | 2020-01-10 | not yet calculated | CVE-2019-18194 MISC MISC |
| tp-link -- tl-wr841n_routers | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457. | 2020-01-07 | not yet calculated | CVE-2019-17147 N/A N/A |
| typora -- typora | A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment. | 2020-01-09 | not yet calculated | CVE-2019-20374 MISC MISC |
| unify -- openstage_and_openscape_desk_phone_sip_devices | Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | 2020-01-09 | not yet calculated | CVE-2014-2651 MISC MISC |
| unify -- openstage_and_openscape_desk_phone_sip_devices | Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | 2020-01-09 | not yet calculated | CVE-2014-2650 MISC CONFIRM |
| unisys -- clearpath_forward_libra_and_clearpath_mcp_software_series | Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | 2020-01-07 | not yet calculated | CVE-2019-18386 CONFIRM |
| university_of_wisconsin-madison-- htcondor | The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. | 2020-01-09 | not yet calculated | CVE-2012-3490 MISC MISC MISC MISC MISC |
| wago -- pfc100_and_pfc200_devices | An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. | 2020-01-08 | not yet calculated | CVE-2019-5082 CONFIRM |
| wikimedia -- wikibasemediainfo | The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | 2020-01-08 | not yet calculated | CVE-2020-6163 MISC MISC |
| wordpress -- wordpress | Pretty-Link WordPress plugin 1.5.2 has XSS | 2020-01-10 | not yet calculated | CVE-2011-4595 MISC MISC |
| wordpress -- wordpress | The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter. | 2020-01-09 | not yet calculated | CVE-2019-20182 MISC |
| wordpress -- wordpress | The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. | 2020-01-09 | not yet calculated | CVE-2019-20181 MISC |
| wordpress -- wordpress | The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. | 2020-01-09 | not yet calculated | CVE-2019-20180 MISC MISC |
| wordpress -- wordpress | flog plugin 0.1 for WordPress has XSS | 2020-01-10 | not yet calculated | CVE-2014-4530 MISC |
| wordpress -- wordpress | In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. | 2020-01-09 | not yet calculated | CVE-2019-16773 MISC CONFIRM MISC MISC MISC |
| wordpress -- wordpress | The ultimate-weather plugin 1.0 for WordPress has XSS | 2020-01-10 | not yet calculated | CVE-2014-4561 MISC |
| wordpress -- wordpress | In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. | 2020-01-09 | not yet calculated | CVE-2019-16788 MISC CONFIRM MISC MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2. | 2020-01-06 | not yet calculated | CVE-2015-4039 MISC MISC MISC MISC |
| xorus -- lpar2rrd | LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. | 2020-01-10 | not yet calculated | CVE-2014-4982 MISC MISC MISC MISC |
| zoho_manageengine -- applications_manager | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in ?Authenticated Users? group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | 2020-01-10 | not yet calculated | CVE-2019-19475 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.