Vulnerability Summary for the Week of February 3, 2020
Released
Feb 10, 2020
Document ID
SB20-041
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aircrack-ng -- aircrack-ng | Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | 2020-01-31 | 7.5 | CVE-2014-8322 CONFIRM MISC MISC MISC CONFIRM MISC |
| aruba_networks -- instant | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | 2020-01-31 | 7.5 | CVE-2016-2031 MISC MISC MISC MISC |
| changing_information_technology -- servisign | An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | 2020-02-03 | 7.8 | CVE-2020-3926 CONFIRM |
| changing_information_technology -- servisign | An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | 2020-02-03 | 8.5 | CVE-2020-3927 CONFIRM |
| cisco -- multiple_ip_phones | A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-02-05 | 8.3 | CVE-2020-3111 MISC CISCO |
| cisco -- video_surveillance_8000_series_ip_cameras | A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later. | 2020-02-05 | 8.3 | CVE-2020-3110 MISC CISCO |
| coppermine_development_team -- coppermine_gallery | Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. | 2020-02-05 | 7.5 | CVE-2010-4815 MISC MISC MISC |
| curling -- curling | All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | 2020-02-06 | 10 | CVE-2019-10789 MISC MISC |
| django -- django | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. | 2020-02-03 | 7.5 | CVE-2020-7471 MLIST CONFIRM CONFIRM CONFIRM UBUNTU CONFIRM CONFIRM |
| dot-prop -- dot-prop | Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | 2020-02-04 | 7.5 | CVE-2020-8116 MISC |
| dotcms -- dotcms | dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). | 2020-02-05 | 7.5 | CVE-2020-6754 CONFIRM CONFIRM |
| edk2 -- unified_extensible_firmware_interface | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | 2020-01-31 | 7.2 | CVE-2014-4860 MISC |
| edk2 -- unified_extensible_firmware_interface | Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | 2020-01-31 | 7.2 | CVE-2014-4859 MISC |
| eg_innovations -- eg_manager | eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | 2020-02-03 | 7.5 | CVE-2020-8592 MISC |
| eg_innovations -- eg_manager | eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | 2020-02-03 | 7.5 | CVE-2020-8591 MISC |
| fortinet -- fortimanager | A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | 2020-02-04 | 9 | CVE-2015-3611 MISC MISC CONFIRM |
| fortinet -- mortimanager | A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | 2020-02-04 | 7.5 | CVE-2015-3613 MISC MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 2020-02-05 | 7.5 | CVE-2020-8114 CONFIRM MISC MISC |
| hashicorp -- nomad_and_nomad_enterprise | HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | 2020-01-31 | 7.5 | CVE-2020-7956 MISC MISC |
| jobberbase -- jobberbase | Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint. | 2020-02-05 | 7.5 | CVE-2019-20447 MISC MISC |
| klona -- klona | Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | 2020-02-04 | 7.5 | CVE-2020-8125 MISC |
| nanopb -- nanopb | There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4. | 2020-02-04 | 7.5 | CVE-2020-5235 MISC MISC MISC CONFIRM |
| netapp -- oncommand_system_manager | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | 2020-01-31 | 9 | CVE-2013-3322 XF MISC |
| norman -- malware_cleaner | nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. | 2020-02-03 | 7.5 | CVE-2020-8508 MISC |
| phpabook -- phpabook | An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | 2020-02-03 | 7.5 | CVE-2020-8510 MISC MISC |
| phplist -- phplist | phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 2020-02-03 | 7.5 | CVE-2020-8547 MISC |
| playsms -- playsms | PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 2020-02-05 | 7.5 | CVE-2020-8644 MISC MISC |
| ppp -- ppp | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | 2020-02-03 | 7.5 | CVE-2020-8597 MISC MLIST |
| python -- python | Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | 2020-02-04 | 7.1 | CVE-2019-9674 MISC MISC MISC MISC MISC |
| qualcomm -- mdm9206_and_mdm9607_devices | Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 | 2020-02-07 | 7.2 | CVE-2019-14051 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24 | 2020-02-07 | 7.2 | CVE-2019-14046 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24 | 2020-02-07 | 7.2 | CVE-2019-14044 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 7.2 | CVE-2019-14055 CONFIRM |
| qualcomm -- multiple_snapdragon_products | APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 | 2020-02-07 | 7.2 | CVE-2019-14002 CONFIRM |
| qualcomm -- multiple_snapdragon_products | There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 7.2 | CVE-2019-10567 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-02-07 | 9.4 | CVE-2019-14063 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 7.2 | CVE-2019-14060 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 9.4 | CVE-2019-14057 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130 | 2020-02-07 | 7.2 | CVE-2019-14049 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 10 | CVE-2019-10590 CONFIRM |
| sap -- netweaver | SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. | 2020-02-05 | 7.5 | CVE-2011-1517 MISC MISC MISC |
| simplejobscript.com -- simplejobscript.com | controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | 2020-01-31 | 7.5 | CVE-2020-8440 CONFIRM |
| smartbear -- readyapi_and_soapui | An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. | 2020-02-05 | 9.3 | CVE-2019-12180 MISC |
| squid -- squid | An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | 2020-02-04 | 7.5 | CVE-2020-8450 MISC MISC MISC MISC MISC MISC |
| the_update_framework -- tuf | TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | 2020-02-05 | 7.5 | CVE-2020-6174 CONFIRM |
| tp-link -- tg-sg105e_devices | The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | 2020-02-03 | 7.8 | CVE-2019-16893 EXPLOIT-DB |
| zpanel_project -- zpanel | ZPanel 10.0.1 has insufficient entropy for its password reset process. | 2020-02-04 | 7.5 | CVE-2012-5686 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 1up -- oneupuploaderbundle | oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5. | 2020-02-05 | 6.5 | CVE-2020-5237 MISC CONFIRM |
| abrt -- abrt | ABRT might allow attackers to obtain sensitive information from crash reports. | 2020-01-31 | 5 | CVE-2011-4088 MISC MISC |
| aircrack-ng -- aircrack-ng | Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | 2020-01-31 | 4.6 | CVE-2014-8321 CONFIRM MISC MISC CONFIRM MISC |
| alcatel-lucent -- 1830_photonic_service_switch | Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | 2020-01-31 | 4.3 | CVE-2014-3809 MISC |
| apache -- ofbiz | an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 | 2020-02-06 | 5 | CVE-2019-12426 MLIST CONFIRM |
| apple -- bonjour | Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. | 2020-02-05 | 4.9 | CVE-2011-0220 MISC |
| apple -- safari | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | 2020-02-03 | 5 | CVE-2016-4676 MISC MISC MISC CONFIRM MISC |
| aroxsolution -- school_management_software_php/mysql | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | 2020-01-31 | 4.3 | CVE-2020-8505 MISC |
| aroxsolution -- school_management_software_php/mysql | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | 2020-01-31 | 4.3 | CVE-2020-8504 MISC |
| aruba -- airwave_management_platform | A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | 2020-01-31 | 5 | CVE-2016-2032 MISC MISC MISC MISC |
| atlassian -- crowd | The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. | 2020-02-06 | 5 | CVE-2019-20104 N/A |
| atlassian -- jira | The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. | 2020-02-06 | 4 | CVE-2019-20404 N/A |
| atlassian -- jira | The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | 2020-02-06 | 4.4 | CVE-2019-20400 N/A |
| atlassian -- jira | The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. | 2020-02-06 | 4.3 | CVE-2019-20405 N/A |
| atlassian -- jira | Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. | 2020-02-06 | 4.3 | CVE-2019-20401 N/A |
| atlassian -- jira | The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | 2020-02-06 | 5 | CVE-2019-20403 N/A |
| atlassian -- jira | Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | 2020-02-06 | 4 | CVE-2019-20106 N/A |
| atlassian -- jira | Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | 2020-02-06 | 4 | CVE-2019-20402 N/A |
| auth0 -- auth0_lock | Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | 2020-02-03 | 4.3 | CVE-2019-20174 CONFIRM MISC |
| batavi -- batavi | Batavi before 1.0 has CSRF. | 2020-02-05 | 6.8 | CVE-2011-0525 MISC MISC |
| brocade -- fabric_os | Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | 2020-02-05 | 5 | CVE-2019-16204 CONFIRM |
| brocade -- fabric_os | Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | 2020-02-05 | 5 | CVE-2019-16203 CONFIRM |
| brother -- mfc-9970cdw_devices | Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. | 2020-02-03 | 5 | CVE-2013-2674 MISC XF BID |
| brother -- mfc-9970cdw_devices | Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. | 2020-02-03 | 5 | CVE-2013-2672 MISC XF |
| brother -- mfc-9970cdw_devices | Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | 2020-02-03 | 4.6 | CVE-2013-2673 MISC BID |
| c-lightning -- c-lightning | c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds." | 2020-01-31 | 5 | CVE-2019-12998 MISC CONFIRM |
| cisco -- linksys_e4200 | Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. | 2020-02-06 | 5 | CVE-2013-2683 MISC BID XF |
| cisco -- linksys_e4200 | Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | 2020-02-05 | 5 | CVE-2013-2680 MISC BID XF |
| cisco -- linksys_e4200 | Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | 2020-02-04 | 6.8 | CVE-2013-2678 MISC EXPLOIT-DB BID XF |
| cisco -- linksys_e4200 | Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | 2020-02-05 | 4.3 | CVE-2013-2681 MISC BID XF |
| cisco -- linksys_e4200 | Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | 2020-02-05 | 4.3 | CVE-2013-2682 MISC BID XF |
| cisco -- linksys_e4200 | Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-02-06 | 4.3 | CVE-2013-2684 MISC BID XF |
| computer_incident_response_center_luxembourg -- ail-framework | Global.py in AIL framework 2.8 allows path traversal. | 2020-02-03 | 5 | CVE-2020-8545 MISC |
| cysharp -- messagepack_for_c#_and_unity | MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. | 2020-01-31 | 6.8 | CVE-2020-5234 MISC CONFIRM |
| d-link -- dir-100_devices | D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 2020-02-04 | 5 | CVE-2013-7055 MISC MISC MISC |
| d-link -- dir-100_devices | D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 2020-02-04 | 5 | CVE-2013-7052 MISC MISC MISC |
| d-link -- dir-100_devices | D-Link DIR-100 4.03B07: cli.cgi CSRF | 2020-02-04 | 6.8 | CVE-2013-7053 MISC MISC MISC |
| d-link -- dir-100_devices | D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | 2020-02-04 | 6.8 | CVE-2013-7051 MISC MISC MISC MISC |
| d-link -- dir-100_devices | D-Link DIR-100 4.03B07: cli.cgi XSS | 2020-02-04 | 4.3 | CVE-2013-7054 MISC MISC MISC |
| drupal -- drupal | Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | 2020-01-31 | 4.3 | CVE-2014-8338 MISC MISC |
| eclair -- eclair | Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it." | 2020-01-31 | 5 | CVE-2019-13000 MISC MISC CONFIRM |
| ens_domains -- ens | A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. | 2020-01-31 | 4.9 | CVE-2020-5232 MISC CONFIRM |
| eucalyptus -- eucalyptus_management_console | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-31 | 6.8 | CVE-2014-5039 CONFIRM |
| evernote_corporation -- evernote | Evernote prior to 5.5.1 has insecure password change | 2020-01-31 | 6.6 | CVE-2013-5116 MISC MISC MISC |
| f5 -- big-ip | On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. | 2020-02-06 | 5 | CVE-2020-5856 CONFIRM |
| f5 -- big-ip_edge_client_for_windows | When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | 2020-02-06 | 4.6 | CVE-2020-5855 CONFIRM |
| gitlab -- gitlab_enterprise_edition | An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | 2020-02-05 | 5 | CVE-2020-6833 MISC CONFIRM |
| gitlab -- gitlab | GitLab through 12.7.2 allows XSS. | 2020-02-05 | 4.3 | CVE-2020-7973 MISC CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 2020-02-05 | 5 | CVE-2020-7966 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | 2020-02-05 | 5 | CVE-2020-7974 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 2020-02-05 | 4.3 | CVE-2020-7979 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | 2020-02-05 | 4 | CVE-2020-7967 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | 2020-02-05 | 5 | CVE-2020-7976 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | 2020-02-05 | 5 | CVE-2020-7968 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | 2020-02-05 | 5 | CVE-2020-7969 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 11.0 and later through 12.7.2 allows XSS. | 2020-02-05 | 4.3 | CVE-2020-7971 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | 2020-02-05 | 5 | CVE-2020-7978 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | 2020-02-05 | 5 | CVE-2020-7972 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | 2020-02-05 | 4.3 | CVE-2020-7977 MISC CONFIRM |
| google -- android | An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. | 2020-02-05 | 6.8 | CVE-2019-11516 CONFIRM MISC MISC |
| hashicorp -- consul_and_consul_enterprise | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | 2020-01-31 | 5 | CVE-2020-7955 MISC MISC |
| hashicorp -- consul_and_consul_enterprise | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. | 2020-01-31 | 5 | CVE-2020-7219 MISC MISC |
| hashicorp -- nomad_and_nomad_enterprise | HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. | 2020-01-31 | 5 | CVE-2020-7218 MISC MISC |
| htcondor -- mrg_grid | The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | 2020-01-31 | 6.5 | CVE-2014-8126 MISC MISC MISC MISC |
| ibm -- infosphere_information_server | IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 2020-02-05 | 5.8 | CVE-2013-0507 MISC |
| ibm -- planning_analytics | IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. | 2020-02-05 | 6.8 | CVE-2019-4613 XF CONFIRM |
| ibm -- sdk_java_technology | IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. | 2020-02-03 | 6.9 | CVE-2019-4732 XF CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814. | 2020-02-04 | 6.5 | CVE-2019-4541 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. | 2020-02-04 | 6 | CVE-2020-4163 XF CONFIRM |
| ibm -- workflow_for_bluemix | IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2020-02-05 | 5.8 | CVE-2015-0102 MISC CONFIRM CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. | 2020-02-04 | 5 | CVE-2019-4562 XF CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | 2020-02-04 | 4.3 | CVE-2019-4548 XF CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. | 2020-02-04 | 5 | CVE-2019-4551 XF CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952. | 2020-02-04 | 5 | CVE-2019-4550 XF CONFIRM |
| ibm -- security_directory_server | IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. | 2020-02-04 | 5 | CVE-2019-4540 XF CONFIRM |
| ibm -- security_identity_manager | IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. | 2020-02-04 | 4 | CVE-2019-4674 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. | 2020-01-31 | 5 | CVE-2019-4720 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. | 2020-02-05 | 4 | CVE-2019-4670 XF CONFIRM |
| icewarp -- webmail_server | In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | 2020-02-01 | 4.3 | CVE-2020-8512 MISC MISC MISC |
| info-zip -- unzip | Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | 6.8 | CVE-2014-8140 MISC MISC MISC MISC |
| info-zip -- unzip | Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | 6.8 | CVE-2014-8139 MISC MISC MISC MISC |
| info-zip -- unzip | Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | 2020-01-31 | 6.8 | CVE-2014-8141 MISC MISC MISC MISC |
| infoware -- mapsuite_mapapi | Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-01-31 | 4.3 | CVE-2014-2843 MISC MISC MISC |
| ipmitool -- ipmitool | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. | 2020-02-05 | 6.5 | CVE-2020-5208 MISC CONFIRM MLIST |
| jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | 2020-01-31 | 5 | CVE-2020-7914 MISC CONFIRM |
| joomla! -- joomla! | Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | 2020-02-04 | 5 | CVE-2011-4937 MISC MISC MISC MISC |
| joomla! -- joomla! | Joomla! core 1.7.1 allows information disclosure due to weak encryption | 2020-02-04 | 5 | CVE-2011-3629 MISC MISC MISC MISC |
| joomla! -- joomla! | Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | 2020-02-05 | 6.4 | CVE-2011-1151 MISC MISC |
| joomla! -- joomla! | Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | 2020-02-04 | 5 | CVE-2011-4912 MISC MISC |
| joomla! -- joomla! | The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | 2020-02-03 | 4.3 | CVE-2020-5182 CONFIRM |
| kubernetes -- kubernetes | The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | 2020-02-03 | 4.3 | CVE-2019-11251 CONFIRM MLIST |
| libvncserver -- libvncserver | A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | 2020-02-05 | 5 | CVE-2010-5304 MISC MISC MISC MISC MISC MISC |
| lightning_labs -- lightning_network_daemon | Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. | 2020-01-31 | 5 | CVE-2019-12999 MISC MISC CONFIRM |
| logmein -- lastpass | LastPass prior to 2.5.1 allows secure wipe bypass. | 2020-01-31 | 6.6 | CVE-2013-5114 MISC MISC MISC |
| lotus_core -- lotus_core_cms | Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. | 2020-02-05 | 6.5 | CVE-2020-8641 MISC |
| masscode -- masscode | massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | 2020-02-03 | 4.3 | CVE-2020-8548 MISC MISC |
| maxum_development_corporation -- rumpus | An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | 2020-02-02 | 4.3 | CVE-2020-8514 MISC MISC |
| microsoft -- windows_operating_system | The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | 2020-02-06 | 4.4 | CVE-2019-20406 N/A |
| movable_type -- multiple_products | Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. | 2020-02-06 | 4.3 | CVE-2020-5528 MISC MISC |
| nextcloud -- nextcloud_server | Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | 2020-02-04 | 4 | CVE-2020-8117 MISC MISC |
| nextcloud -- nextcloud_server | A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | 2020-02-04 | 4.3 | CVE-2020-8120 MISC MISC |
| nextcloud -- nextcloud_server | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | 2020-02-04 | 5 | CVE-2019-15623 MISC MISC |
| nextcloud -- nextcloud_server | Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 2020-02-04 | 4 | CVE-2020-8119 MISC MISC |
| nextcloud -- talk | Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | 2020-02-04 | 4 | CVE-2019-15620 MISC MISC |
| open-xchange -- ox_app_suite | Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | 2020-01-31 | 5 | CVE-2014-5236 MISC MISC MISC |
| openwall -- openwall | bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. | 2020-02-05 | 4.3 | CVE-2011-1150 MISC |
| perl -- perl | _is_safe in the File::Temp module for Perl does not properly handle symlinks. | 2020-01-31 | 5 | CVE-2011-4116 MISC MISC MISC MISC MISC |
| perl -- perl | The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | 2020-01-31 | 5 | CVE-2011-4117 MISC MISC MISC |
| perl -- perl | Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | 2020-01-31 | 6.4 | CVE-2011-4115 MISC MISC CONFIRM |
| phpshop -- phpshop | PHPShop through 0.8.1 has XSS. | 2020-02-05 | 4.3 | CVE-2011-1069 MISC |
| pmwiki -- pmwiki | PmWiki before 2.2.21 has XSS. | 2020-02-05 | 4.3 | CVE-2010-4662 MISC MISC |
| prototype -- prototype | Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | 2020-02-03 | 4 | CVE-2020-7993 MISC MISC |
| pylons_project -- waitress | Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible. | 2020-02-04 | 6.8 | CVE-2020-5236 MISC CONFIRM |
| qualcomm -- multiple_snapdragon_products | Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130 | 2020-02-07 | 4.6 | CVE-2019-14040 CONFIRM |
| qualcomm -- multiple_snapdragon_products | During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-02-07 | 4.6 | CVE-2019-14041 CONFIRM |
| senior -- rubiweb | Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL. | 2020-01-31 | 5 | CVE-2019-19550 CONFIRM |
| sos -- jobscheduler | A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service. | 2020-02-06 | 6.8 | CVE-2020-6855 MISC |
| sos -- jobscheduler | An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders. | 2020-02-06 | 4 | CVE-2020-6856 MISC |
| squid-cache -- squid | An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. | 2020-02-04 | 5 | CVE-2020-8517 MISC MISC |
| squid-cache -- squid | An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | 2020-02-04 | 5 | CVE-2020-8449 MISC MISC MISC MISC MISC MISC |
| squid-cache -- squid | An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | 2020-02-04 | 5 | CVE-2019-12528 CONFIRM |
| strapi -- strapi | A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | 2020-02-04 | 4 | CVE-2020-8123 MISC |
| suse -- openSUSE_wicked | An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | 2020-02-05 | 5 | CVE-2020-7216 CONFIRM MISC |
| sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih | SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | 2020-02-04 | 5 | CVE-2020-3937 MISC |
| sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. | 2020-02-04 | 5 | CVE-2020-3938 MISC |
| sysjust_syuan-gu-da-shih -- sysjust_syuan-gu-da-shih | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. | 2020-02-04 | 4.3 | CVE-2020-3939 MISC |
| telaen -- telaen | Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. | 2020-02-03 | 5.8 | CVE-2013-2621 BID XF MISC |
| telaen -- telaen | Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. | 2020-02-03 | 5 | CVE-2013-2624 XF MISC |
| telaen -- telaen | Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. | 2020-02-03 | 4.3 | CVE-2013-2623 BID XF MISC |
| the_citytv_video_application -- the_citytv_video_application | The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | 2020-02-05 | 5 | CVE-2020-8507 MISC MISC |
| the_global_tv_application -- the_global_tv_application | The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. | 2020-02-05 | 4 | CVE-2020-8506 MISC MISC |
| tinywebgallery -- tinywebgallery | TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | 2020-02-03 | 5 | CVE-2013-2631 MISC MISC |
| torproject -- tor | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. | 2020-02-02 | 5 | CVE-2020-8516 MISC |
| tp-link -- tl-wr1043nd_v1_120405_devices | TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. | 2020-02-03 | 5 | CVE-2013-2646 BID |
| troglobit -- minisnmpd | An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | 2020-02-04 | 6.4 | CVE-2020-6059 MISC |
| troglobit -- minisnmpd | An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | 2020-02-04 | 6.4 | CVE-2020-6058 MISC |
| typo3 -- typo3 | The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | 2020-02-03 | 5 | CVE-2014-8328 MISC MISC MISC |
| uebimiau -- uebimiau | Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. | 2020-02-03 | 4.3 | CVE-2013-2622 XF MISC |
| unisys -- unisys_stealth | In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled. | 2020-02-03 | 4.3 | CVE-2019-18193 CONFIRM MISC |
| vanilla_forums -- vanilla_forums | Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. | 2020-02-05 | 4.3 | CVE-2011-1009 MISC |
| videolan -- vlc_media_player | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 2020-01-31 | 4.3 | CVE-2013-3565 MISC MISC MISC MISC |
| web2project -- web2project | Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | 2020-01-31 | 6.5 | CVE-2014-3119 MISC MISC MISC |
| wordpress -- wordpress | The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. | 2020-02-06 | 6.8 | CVE-2020-8658 MISC MISC MISC |
| wordpress -- wordpress | Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | 2020-02-03 | 4.3 | CVE-2020-8549 MISC MISC MISC MISC |
| wordpress -- wordpress | The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | 2020-02-05 | 4.3 | CVE-2019-20173 CONFIRM CONFIRM MISC |
| zeuscart -- zeuscart | Multiple SQL injection vulnerabilities in ZeusCart 4.x. | 2020-01-31 | 6.5 | CVE-2014-3868 MISC MISC MISC MISC |
| zoho_manageengine -- remote_access_plus | An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | 2020-01-31 | 4 | CVE-2020-8422 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| biscom -- biscom_secure_file_transfer | Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. | 2020-01-31 | 3.5 | CVE-2020-8503 MISC |
| bromium -- secure_platform | Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. | 2020-02-03 | 3.3 | CVE-2019-18567 MISC CONFIRM |
| cisco -- digital_network_architecture | A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. | 2020-02-05 | 3.5 | CVE-2019-15253 CISCO |
| cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability. | 2020-02-05 | 3.5 | CVE-2020-3149 CISCO |
| cloud-init -- cloud-init | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | 2020-02-05 | 2.1 | CVE-2020-8632 MISC MISC |
| cloud-init -- cloud-init | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | 2020-02-05 | 2.1 | CVE-2020-8631 MISC MISC |
| fortinet -- fortimanager | A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | 2020-02-04 | 3.5 | CVE-2015-3612 MISC MISC MISC |
| ibm -- security_identity_manager | IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493. | 2020-02-04 | 3.5 | CVE-2019-4451 XF CONFIRM |
| ibm -- storediq | IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | 2020-02-03 | 2.1 | CVE-2020-4224 XF CONFIRM |
| linux -- linux_kernel | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | 2020-02-06 | 3.6 | CVE-2020-8649 MISC |
| linux -- linux_kernel | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | 2020-02-06 | 3.6 | CVE-2020-8647 MISC |
| linux -- linux_kernel | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. | 2020-01-31 | 1.9 | CVE-2019-3016 MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | 2020-02-06 | 3.6 | CVE-2020-8648 MISC |
| nextcloud -- nextcloud | Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. | 2020-02-04 | 3.5 | CVE-2019-15618 MISC MISC |
| paessler -- prtg | An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | 2020-02-03 | 2.1 | CVE-2019-19119 MISC MISC MISC MISC |
| pandora_fms -- pandora_fms | PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | 2020-02-04 | 3.5 | CVE-2019-19968 MISC MISC |
| sos -- jobscheduler | A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | 2020-02-05 | 3.5 | CVE-2020-6854 MISC |
| wordpress -- wordpress | A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). | 2020-02-04 | 2.6 | CVE-2020-8615 MISC MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arctic_torrent -- arctic_torrent | A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. | 2020-02-06 | not yet calculated | CVE-2012-6309 MISC |
| atmail -- atmail_webmail_server | Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | 2020-02-06 | not yet calculated | CVE-2012-2593 MISC MISC |
| belkin -- n300_router | An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | 2020-02-07 | not yet calculated | CVE-2013-3091 MISC MISC MISC |
| biscom -- biscom_secure_file_transfer | Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. | 2020-02-07 | not yet calculated | CVE-2020-8796 MISC |
| bludit -- bludit | ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | 2020-02-07 | not yet calculated | CVE-2020-8811 MISC |
| boonex -- dolphin | SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | 2020-02-06 | not yet calculated | CVE-2013-3638 BID XF |
| bosch -- bvms_mobile_video_service | Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed. | 2020-02-07 | not yet calculated | CVE-2020-6770 CONFIRM |
| bosch -- video_management_system | A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | 2020-02-07 | not yet calculated | CVE-2020-6768 CONFIRM |
| bosch -- video_management_system | A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | 2020-02-06 | not yet calculated | CVE-2020-6767 CONFIRM |
| bosch -- video_streaming_gateway | Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. | 2020-02-07 | not yet calculated | CVE-2020-6769 CONFIRM |
| broadcom -- multiple_devices | An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | 2020-02-05 | not yet calculated | CVE-2019-15126 CONFIRM |
| broadcom -- wi_wifi_driver | The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | 2020-02-03 | not yet calculated | CVE-2019-9501 MISC CERT-VN |
| broadcom -- wi_wifi_driver | The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | 2020-02-03 | not yet calculated | CVE-2019-9502 MISC CERT-VN |
| brother -- mfc-9970cdw_device | Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. | 2020-02-04 | not yet calculated | CVE-2013-2676 MISC XF BID |
| brother -- mfc-9970cdw_device | Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | 2020-02-05 | not yet calculated | CVE-2013-2675 MISC XF BID |
| c-more -- touch_panels_ea9_series | It is possible to unmask credentials and other sensitive information on ?unprotected? project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. | 2020-02-05 | not yet calculated | CVE-2020-6969 MISC |
| canonical -- ubuntu | Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling. | 2020-02-08 | not yet calculated | CVE-2019-11485 MISC MISC |
| canonical -- ubuntu | Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. | 2020-02-08 | not yet calculated | CVE-2019-11483 MISC MISC |
| canonical -- ubuntu | Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. | 2020-02-08 | not yet calculated | CVE-2019-11481 MISC MISC |
| canonical -- ubuntu | Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | 2020-02-08 | not yet calculated | CVE-2019-11482 MISC MISC |
| canonical -- ubuntu | Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | 2020-02-08 | not yet calculated | CVE-2019-11484 MISC MISC |
| ceph -- rgw_beast | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | 2020-02-07 | not yet calculated | CVE-2020-1700 SUSE CONFIRM |
| cgilua -- cgilua | The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID. | 2020-02-06 | not yet calculated | CVE-2014-2875 MISC MISC MISC |
| cgilua -- cgilua | The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | 2020-02-06 | not yet calculated | CVE-2014-10400 MISC MISC MISC |
| cgilua -- cgilua | The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | 2020-02-06 | not yet calculated | CVE-2014-10399 MISC MISC MISC |
| chamilo -- chamilo_lms | Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | 2020-02-08 | not yet calculated | CVE-2012-4029 MISC MISC MISC |
| changing_information_technology -- servisign | A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | 2020-02-03 | not yet calculated | CVE-2020-3925 CONFIRM |
| cisco -- application_control_engine | Cisco ACE A2(3.6) allows log retention DoS. | 2020-02-07 | not yet calculated | CVE-2013-1202 MISC |
| cisco -- cisco_discovery_protocol | A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-02-05 | not yet calculated | CVE-2020-3120 MISC CISCO |
| cisco -- cisco_discovery_protocol | A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-02-05 | not yet calculated | CVE-2020-3118 MISC CISCO |
| cisco -- cisco_discovery_protocol | A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2020-02-05 | not yet calculated | CVE-2020-3119 MISC CISCO |
| cisco -- linksys_wrt110 | Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 2020-02-06 | not yet calculated | CVE-2013-3568 EXPLOIT-DB BID XF |
| clamav -- clam_antivirus | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | 2020-02-05 | not yet calculated | CVE-2020-3123 CISCO |
| corsair -- corsair_icue | The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. | 2020-02-07 | not yet calculated | CVE-2020-8808 MISC MISC |
| d-link -- dir865l_devices | D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | 2020-02-07 | not yet calculated | CVE-2013-3096 MISC MISC MISC |
| dd-wrt -- dd-wrt | Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. | 2020-02-06 | not yet calculated | CVE-2012-6297 BUGTRAQ MISC FULLDISC MISC |
| dedicated_micros -- multiple_dvr_products | Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." | 2020-02-06 | not yet calculated | CVE-2015-2909 MISC MISC |
| dell -- dmc_isilon_onefs | Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | 2020-02-06 | not yet calculated | CVE-2020-5318 MISC |
| dell -- emc_ecs | Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | 2020-02-06 | not yet calculated | CVE-2020-5317 MISC |
| dell -- multiple_products | Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence. | 2020-02-06 | not yet calculated | CVE-2020-5319 MISC |
| den_norske_turistforening -- im-metadata | im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. | 2020-02-04 | not yet calculated | CVE-2019-10788 CONFIRM MISC |
| den_norske_turistforening -- im-resize | im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | 2020-02-04 | not yet calculated | CVE-2019-10787 CONFIRM MISC |
| docker -- docker | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | 2020-02-07 | not yet calculated | CVE-2014-5278 MISC MISC MISC |
| drupal -- drupal | The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. | 2020-02-08 | not yet calculated | CVE-2012-5570 MISC MISC MISC CONFIRM |
| eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | 2020-02-06 | not yet calculated | CVE-2020-8657 MISC |
| eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | 2020-02-07 | not yet calculated | CVE-2020-8656 MISC |
| eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. | 2020-02-07 | not yet calculated | CVE-2020-8654 MISC |
| eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. | 2020-02-07 | not yet calculated | CVE-2020-8655 MISC |
| f5 -- big-ip | On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. | 2020-02-06 | not yet calculated | CVE-2020-5854 CONFIRM |
| flowplayer -- flowplayer_flash | Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | 2020-02-08 | not yet calculated | CVE-2011-3642 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| fork_cms -- fork_cms | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | 2020-02-08 | not yet calculated | CVE-2014-9470 MISC MISC MISC MISC MISC MISC |
| fortinet -- forticlient_for_linux | A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | 2020-02-06 | not yet calculated | CVE-2019-16152 MISC CONFIRM |
| fortinet -- forticlient_for_linux | A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | 2020-02-06 | not yet calculated | CVE-2019-17652 MISC CONFIRM |
| fortinet -- forticlient_for_linux | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | 2020-02-06 | not yet calculated | CVE-2019-15711 MISC CONFIRM |
| fortinet -- forticlient_for_linux | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | 2020-02-07 | not yet calculated | CVE-2019-16155 MISC CONFIRM |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773. | 2020-02-08 | not yet calculated | CVE-2019-13333 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776. | 2020-02-08 | not yet calculated | CVE-2019-17136 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774. | 2020-02-08 | not yet calculated | CVE-2019-13334 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775. | 2020-02-08 | not yet calculated | CVE-2019-17135 MISC |
| fujitsu -- multiple_products | The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. | 2020-02-07 | not yet calculated | CVE-2019-13163 CONFIRM |
| gnome -- librsvg | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | 2020-02-02 | not yet calculated | CVE-2019-20446 MISC |
| gnome -- evolution_and_evolution_data_server | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | 2020-02-06 | not yet calculated | CVE-2013-4166 CONFIRM MISC MISC CONFIRM CONFIRM |
| golang -- go | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. | 2020-02-08 | not yet calculated | CVE-2015-5741 MISC MISC MISC MISC MISC MISC MISC |
| google -- android | A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | 2020-02-07 | not yet calculated | CVE-2014-7224 MISC MISC MISC MISC |
| google -- chrome | Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | 2020-02-06 | not yet calculated | CVE-2010-3917 MISC MISC |
| hardcoreview -- hardcoreview | A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. | 2020-02-06 | not yet calculated | CVE-2012-6306 MISC MISC |
| hp -- sitescope | An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. | 2020-02-04 | not yet calculated | CVE-2015-2802 CONFIRM CONFIRM MISC MISC MISC |
| ibm -- cloud_automation_manager | IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. | 2020-02-05 | not yet calculated | CVE-2019-4616 XF CONFIRM |
| ibm -- security_identity_manager | IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. | 2020-02-04 | not yet calculated | CVE-2019-4675 XF CONFIRM |
| imagemagick -- imagemagick | coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2020-02-06 | not yet calculated | CVE-2016-7523 MISC MISC MISC MISC |
| imagemagick -- imagemagick | coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2020-02-06 | not yet calculated | CVE-2016-7524 MISC MISC MISC CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | 2020-02-06 | not yet calculated | CVE-2014-2030 CONFIRM CONFIRM CONFIRM MISC MISC MISC MISC CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | 2020-02-06 | not yet calculated | CVE-2014-1958 CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC MISC |
| ispconfig -- ispconfig | ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution | 2020-02-07 | not yet calculated | CVE-2013-3629 MISC MISC MISC MISC |
| jpegsnoop -- jpegsnoop | A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code | 2020-02-06 | not yet calculated | CVE-2012-6307 MISC MISC |
| kemp -- load_master | A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. | 2020-02-07 | not yet calculated | CVE-2014-5288 MISC MISC |
| konqueror -- konqueror | The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | 2020-02-08 | not yet calculated | CVE-2012-4512 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
linksys -- wrt310n_wireless_router | Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. | 2020-02-07 | not yet calculated | CVE-2013-3067 MISC MISC MISC |
| linuxmint -- linuxmint | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. | 2020-02-07 | not yet calculated | CVE-2012-1567 MISC MISC |
| linuxmint -- linuxmint | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. | 2020-02-07 | not yet calculated | CVE-2012-1566 MISC |
| mariadb -- mariadb | mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. | 2020-02-04 | not yet calculated | CVE-2020-7221 MISC CONFIRM MISC |
| mcabber -- mcabber | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 2020-02-06 | not yet calculated | CVE-2016-9928 CONFIRM MISC MISC MISC CONFIRM CONFIRM CONFIRM MISC |
| mediawiki -- mediawiki | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | 2020-02-08 | not yet calculated | CVE-2012-4381 MISC MISC MISC MISC MISC MISC MISC |
| mediawiki -- mediawiki | The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 2020-02-06 | not yet calculated | CVE-2013-4572 MISC MISC CONFIRM MISC |
| mikrotik -- winbox | MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | 2020-02-06 | not yet calculated | CVE-2020-5720 MISC |
| multiple_vendors -- multiple_products | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. | 2020-02-05 | not yet calculated | CVE-2015-5628 CONFIRM MISC |
| multiple_vendors -- multiple_products | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. | 2020-02-05 | not yet calculated | CVE-2015-5627 CONFIRM MISC |
| multiple_vendors -- multiple_products | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. | 2020-02-05 | not yet calculated | CVE-2015-5626 CONFIRM MISC |
| netcracker -- resource_management_system | Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | 2020-02-08 | not yet calculated | CVE-2015-3423 MISC MISC |
| netcracker -- resource_management_system | Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | 2020-02-08 | not yet calculated | CVE-2015-2207 MISC MISC |
| netgear -- wgr614_wireless_router | An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | 2020-02-06 | not yet calculated | CVE-2012-6340 MISC MISC MISC |
| netgear -- wgr614_wireless_router | An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. | 2020-02-06 | not yet calculated | CVE-2012-6341 MISC MISC |
| netis -- wf2419_router | Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. | 2020-02-07 | not yet calculated | CVE-2019-19356 MISC |
| network-manager -- network-manager | network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | 2020-02-04 | not yet calculated | CVE-2019-10786 MISC |
| nextcloud -- circles | Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | 2020-02-04 | not yet calculated | CVE-2019-15610 MISC MISC |
| nextcloud -- nextcloud_android | A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | 2020-02-04 | not yet calculated | CVE-2019-15615 MISC MISC |
| nextcloud -- nextcloud_android | Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | 2020-02-04 | not yet calculated | CVE-2019-15622 MISC MISC |
| nextcloud -- nextcloud_ios | Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. | 2020-02-04 | not yet calculated | CVE-2019-15611 MISC MISC |
| nextcloud -- nextcloud_ios | Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | 2020-02-04 | not yet calculated | CVE-2019-15614 MISC MISC |
| nextcloud -- nextcloud_server | Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. | 2020-02-04 | not yet calculated | CVE-2019-15621 MISC MISC |
| nextcloud -- nextcloud_server | Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | 2020-02-04 | not yet calculated | CVE-2019-15616 MISC MISC |
| nextcloud -- nextcloud_server | A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 2020-02-04 | not yet calculated | CVE-2019-15612 MISC MISC |
| nextcloud -- nextcloud_server | A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 2020-02-04 | not yet calculated | CVE-2019-15613 MISC MISC |
| nextcloud -- nextcloud_server | A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | 2020-02-04 | not yet calculated | CVE-2019-15617 MISC MISC |
| nextcloud -- nextcloud_server | Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | 2020-02-04 | not yet calculated | CVE-2019-15624 MISC MISC |
| nextcloud -- nextcloud_server_and_talk_and_deck | Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | 2020-02-04 | not yet calculated | CVE-2019-15619 MISC MISC MISC MISC |
| nextcloud -- nextcloud_server | A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | 2020-02-04 | not yet calculated | CVE-2020-8121 MISC MISC |
| nextcloud -- nextcloud_server | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | 2020-02-04 | not yet calculated | CVE-2020-8118 MISC MISC |
| nextcloud -- nextcloud_server | A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | 2020-02-04 | not yet calculated | CVE-2020-8122 MISC MISC |
| nghttp2 -- nghttp2 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | 2020-02-06 | not yet calculated | CVE-2016-1544 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| node.js -- node.js | Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 2020-02-07 | not yet calculated | CVE-2019-15604 MISC CONFIRM |
| node.js -- node.js | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | 2020-02-07 | not yet calculated | CVE-2019-15606 MISC CONFIRM |
| node.js -- node.js | HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | 2020-02-07 | not yet calculated | CVE-2019-15605 MISC FEDORA CONFIRM |
| nuxeo -- nuxeo_platform | RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. | 2020-02-06 | not yet calculated | CVE-2013-4521 CONFIRM MISC CONFIRM |
| nw.js -- nw.js | A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. | 2020-02-07 | not yet calculated | CVE-2014-9530 CONFIRM |
| omniauth-weibo-oauth2_gen_for_ruby_on_rails -- omniauth-weibo-oauth2_gen_for_ruby_on_ra | The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. | 2020-02-07 | not yet calculated | CVE-2019-17268 MISC CONFIRM |
| open-school -- open-school_community_edition | Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | 2020-02-08 | not yet calculated | CVE-2014-9126 MISC |
| open-school -- open-school_community_edition | Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. | 2020-02-08 | not yet calculated | CVE-2014-9127 MISC |
| openfiler -- openfiler | Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. | 2020-02-07 | not yet calculated | CVE-2011-1086 MISC MISC MISC |
| openshift-enterprise -- openshift-enterprise | It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. | 2020-02-07 | not yet calculated | CVE-2020-1708 CONFIRM |
| openvas -- openvas_manager | OpenVAS Manager v2.0.3 allows plugin remote code execution. | 2020-02-06 | not yet calculated | CVE-2011-1597 MISC |
| opopensocialplugin -- opopensocialplugin | opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | 2020-02-07 | not yet calculated | CVE-2013-4335 MISC MISC MISC |
| opservices -- opmon | An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. | 2020-02-06 | not yet calculated | CVE-2020-7954 MISC MISC |
| opservices -- opmon | An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option. | 2020-02-06 | not yet calculated | CVE-2020-7953 MISC MISC |
| opservices -- opservices_opmon | An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . | 2020-02-06 | not yet calculated | CVE-2020-8636 MISC |
| opwebapiplugin -- opwebapiplugin | opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | 2020-02-07 | not yet calculated | CVE-2013-4334 MISC MISC |
| otrs -- otrs | The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions. | 2020-02-07 | not yet calculated | CVE-2020-1768 CONFIRM |
| percona -- percona_monitoring_and_management | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | 2020-02-06 | not yet calculated | CVE-2020-7920 MISC MISC MISC MISC |
| phppgadmin -- phppgadmin | phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. | 2020-02-04 | not yet calculated | CVE-2019-10784 MISC |
| projectpier -- projectpier | ProjectPier 0.8.8 has stored XSS | 2020-02-07 | not yet calculated | CVE-2013-3635 MISC |
| projectpier -- projectpier | ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag | 2020-02-07 | not yet calculated | CVE-2013-3636 MISC MISC MISC |
| projectpier -- projectpier | ProjectPier 0.8.8 does not use the Secure flag for cookies | 2020-02-07 | not yet calculated | CVE-2013-3637 MISC |
| qemu -- qemu | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | 2020-02-06 | not yet calculated | CVE-2020-8608 MISC MISC MISC |
| qualcomm -- multiple_snapdragon_products | Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130 | 2020-02-07 | not yet calculated | CVE-2019-14088 CONFIRM MISC |
| railo -- railo | A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | 2020-02-07 | not yet calculated | CVE-2014-5468 MISC MISC MISC MISC MISC |
| revive -- adserver | A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. | 2020-02-04 | not yet calculated | CVE-2020-8115 MISC MISC |
| samsung -- multiple_mobile_devices | On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. | 2020-02-04 | not yet calculated | CVE-2019-19273 CONFIRM |
| schmid -- zi_620_v400_090_routers | Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | 2020-02-06 | not yet calculated | CVE-2020-6760 MISC |
| simple_machines -- simple_machines_forum | File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | 2020-02-07 | not yet calculated | CVE-2013-0192 MISC MISC MISC |
| simplejobscript.com -- simplejobscript.com | An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. | 2020-02-07 | not yet calculated | CVE-2020-8645 MISC |
| smoothwall -- smoothwall_express | A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. | 2020-02-07 | not yet calculated | CVE-2011-1084 MISC |
| smoothwall -- smoothwall_express | CSRF vulnerability in Smoothwall Express 3. | 2020-02-07 | not yet calculated | CVE-2011-1085 MISC |
| sphider -- sphider_search_engine | A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | 2020-02-07 | not yet calculated | CVE-2014-5087 MISC MISC |
| status2k -- status2k | A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | 2020-02-07 | not yet calculated | CVE-2014-5091 MISC MISC MISC MISC |
| statusnet -- statusnet | statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | 2020-02-07 | not yet calculated | CVE-2010-4658 MISC MISC |
| synaptive -- medical_clearcanvas_imageserver | Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | 2020-02-07 | not yet calculated | CVE-2020-8788 MISC |
| teamviewer -- teamviewer | TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. | 2020-02-07 | not yet calculated | CVE-2019-18988 MISC MISC MISC MISC |
| tianocore -- edk2 | Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | 2020-02-06 | not yet calculated | CVE-2014-8271 MISC MISC |
| troglobit -- minisnmpd | A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. | 2020-02-04 | not yet calculated | CVE-2020-6060 MISC |
| ubiquiti_networks -- unifi_controller | Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | 2020-02-08 | not yet calculated | CVE-2014-2225 MISC MISC |
| ui -- edgeswitch | A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 2020-02-07 | not yet calculated | CVE-2020-8126 MISC |
| unshift -- url-parse | Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | 2020-02-04 | not yet calculated | CVE-2020-8124 MISC |
| ushahidi -- ushahidi | Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | 2020-02-04 | not yet calculated | CVE-2012-5618 MISC MISC |
| videolan -- vlc_media_player | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | 2020-02-06 | not yet calculated | CVE-2013-3564 MISC |
| vtiger -- vtiger_crm | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | 2020-02-06 | not yet calculated | CVE-2015-6000 MISC MISC MISC |
| vtiger -- vtiger_crm | vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | 2020-02-07 | not yet calculated | CVE-2013-3591 MISC MISC MISC MISC |
| watchguard -- firewire_xtm | A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | 2020-02-07 | not yet calculated | CVE-2014-6413 MISC MISC MISC MISC |
| webcalendar -- webcalendar | webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). | 2020-02-04 | not yet calculated | CVE-2013-1422 MISC MISC MISC |
| wordpress -- wordpress | WordPress Super Cache Plugin 1.3 has XSS. | 2020-02-07 | not yet calculated | CVE-2013-2008 MISC MISC MISC |
| wordpress -- wordpress | The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | 2020-02-06 | not yet calculated | CVE-2020-8771 MISC MISC |
| wordpress -- wordpress | Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | 2020-02-08 | not yet calculated | CVE-2014-8739 MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress | WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | 2020-02-07 | not yet calculated | CVE-2013-2009 MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. | 2020-02-06 | not yet calculated | CVE-2020-8772 MISC MISC |
| wordpress -- wordpress | Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | 2020-02-08 | not yet calculated | CVE-2015-2062 MISC MISC MISC MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. | 2020-02-08 | not yet calculated | CVE-2015-1394 MISC MISC MISC MISC MISC |
| zabbix -- zabbix | Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | 2020-02-07 | not yet calculated | CVE-2013-3628 MISC MISC MISC MISC |
| zoho_manageengine -- applications_manager | Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | 2020-02-06 | not yet calculated | CVE-2019-19800 MISC MISC MISC |
| zoho_manageengine -- applications_manager_and_ops_manager | The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | 2020-02-08 | not yet calculated | CVE-2014-7863 MISC MISC MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.