Bulletin (SB20-027)

Vulnerability Summary for the Week of January 20, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
comtech -- stampede_fx-1010_devices Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) 2020-01-20 9 CVE-2020-7242
MISC
comtech -- stampede_fx-1010_devices Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) 2020-01-20 9 CVE-2020-7243
MISC
comtech -- stampede_fx-1010_devices
 
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) 2020-01-20 9 CVE-2020-7244
MISC
eclipse_foundation -- eclipse_memory_analyzer
 
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. 2020-01-17 8.5 CVE-2019-17634
CONFIRM
geutebruck -- g-code_and_g-cam_ip_cameras
 
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. 2020-01-17 9 CVE-2019-10956
MISC
geutebruck -- g-code_and_g-cam_ip_cameras
 
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. 2020-01-17 9 CVE-2019-10958
MISC
impresspages -- impresspages_cms ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) 2020-01-22 7.5 CVE-2011-4943
MISC
jara -- jara
 
Jara 1.6 has a SQL injection vulnerability. 2020-01-21 7.5 CVE-2011-4094
MISC
EXPLOIT-DB
MISC
meinberg -- lantime_m300_and_m1000_devices
 
Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). 2020-01-20 9 CVE-2020-7240
MISC
MISC
pivotal -- pivotal_spring_framework
 
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. 2020-01-17 7.6 CVE-2020-5398
CONFIRM
plone -- plone
 
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. 2020-01-23 7.5 CVE-2020-7941
MLIST
MISC
MISC
MISC
poly -- plantronics_hub
 
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. 2020-01-17 7.2 CVE-2019-15742
MISC
qualcomm -- multiple_snapdragon_products Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-10532
CONFIRM
qualcomm -- multiple_snapdragon_products Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-14017
CONFIRM
qualcomm -- multiple_snapdragon_products Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-10582
CONFIRM
qualcomm -- multiple_snapdragon_products Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-10611
CONFIRM
qualcomm -- multiple_snapdragon_products Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.8 CVE-2019-14003
CONFIRM
qualcomm -- multiple_snapdragon_products Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24 2020-01-21 7.2 CVE-2019-10606
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-14016
CONFIRM
qualcomm -- multiple_snapdragon_products
 
NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 10 CVE-2019-10581
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130 2020-01-21 7.8 CVE-2019-14008
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.8 CVE-2019-10578
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 9.4 CVE-2019-10579
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 2020-01-21 10 CVE-2019-14014
CONFIRM
qualcomm -- multiple_snapdragon_products
 
While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-14013
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 10 CVE-2019-14006
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 10 CVE-2019-14005
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 10 CVE-2019-14004
CONFIRM
qualcomm -- multiple_snapdragon_products
 
While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130 2020-01-21 7.2 CVE-2019-10548
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-2267
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-10583
CONFIRM
qualcomm -- multiple_snapdragon_products
 
The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 7.8 CVE-2019-14010
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 7.2 CVE-2019-14024
CONFIRM
qualcomm -- multiple_snapdragon_products
 
String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-01-21 7.2 CVE-2019-14023
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-14034
CONFIRM
qualcomm -- multiple_snapdragon_products
 
While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-10558
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 2020-01-21 7.2 CVE-2019-10585
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150 2020-01-21 7.2 CVE-2019-10602
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605 2020-01-21 7.2 CVE-2019-14036
CONFIRM
ruckus -- unleashed_devices

 
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. 2020-01-22 7.5 CVE-2019-19843
MISC
MISC
MISC
ruckus -- unleashed_devices

 
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. 2020-01-22 7.5 CVE-2019-19836
MISC
MISC
MISC
ruckus -- unleashed_devices
 
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. 2020-01-23 10 CVE-2019-19839
MISC
MISC
MISC
ruckus -- unleashed_devices
 
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. 2020-01-23 10 CVE-2019-19838
MISC
MISC
MISC
ruckus -- unleashed_devices
 
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests. 2020-01-23 7.8 CVE-2019-19837
MISC
MISC
MISC
webkitgtk -- webkitgtk+
 
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS 2020-01-22 7.5 CVE-2016-4761
MISC
MISC
wordpress -- wordpress
 
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. 2020-01-22 7.5 CVE-2020-7109
MISC
wordpress -- wordpress
 
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability 2020-01-22 7.5 CVE-2012-4919
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apostrophecms -- sanitize-html sanitize-html before 1.4.3 has XSS. 2020-01-23 4.3 CVE-2016-1000237
MISC
MISC
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. 2020-01-23 6.8 CVE-2019-16513
MISC
MISC
MISC
MISC
MISC
eclipse_foundation -- eclipse_memory_analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. 2020-01-17 6.8 CVE-2019-17635
CONFIRM
forcepoint -- web_security
 
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 2020-01-22 4.3 CVE-2019-6146
MISC
huawei -- honor_v30_smartphones
 
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. 2020-01-21 4.3 CVE-2020-1788
MISC
intel -- raid_web_console_3 Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. 2020-01-17 4.6 CVE-2019-14601
CONFIRM
jara -- jara Jara 1.6 has an XSS vulnerability 2020-01-21 4.3 CVE-2011-4095
MISC
MISC
libyang -- libyang A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. 2020-01-22 6.8 CVE-2019-20394
MISC
MISC
MISC
MISC
libyang -- libyang A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. 2020-01-22 6.8 CVE-2019-20397
MISC
MISC
MISC
MISC
libyang -- libyang
 
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. 2020-01-22 4.3 CVE-2019-20392
MISC
MISC
MISC
MISC
libyang -- libyang
 
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. 2020-01-22 4.3 CVE-2019-20391
MISC
MISC
MISC
MISC
libyang -- libyang
 
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. 2020-01-22 6.8 CVE-2019-20393
MISC
MISC
MISC
MISC
libyang -- libyang
 
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. 2020-01-22 4.3 CVE-2019-20395
MISC
MISC
MISC
MISC
libyang -- libyang
 
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. 2020-01-22 4.3 CVE-2019-20396
MISC
MISC
MISC
libyang -- libyang
 
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. 2020-01-22 4.3 CVE-2019-20398
MISC
MISC
MISC
MISC
lifesize -- express_devices
 
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. 2020-01-22 4.3 CVE-2018-17981
MISC
mozilla -- firefox
 
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header 2020-01-21 6.8 CVE-2011-2668
MISC
mozilla -- firefox
 
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. 2020-01-21 4.3 CVE-2011-2669
MISC
parity_technologies -- libsecp256k1
 
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack. 2020-01-23 4.3 CVE-2019-20399
MISC
phorum -- phorum
 
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. 2020-01-22 4.3 CVE-2011-3622
MISC
MISC
plone -- plone Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. 2020-01-23 5 CVE-2020-7940
MLIST
MISC
MISC
MISC
plone -- plone
 
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. 2020-01-23 6.5 CVE-2020-7938
MLIST
MISC
MISC
MISC
plone -- plone
 
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) 2020-01-23 6.5 CVE-2020-7939
MLIST
MISC
MISC
MISC
plone -- plone
 
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. 2020-01-23 5.8 CVE-2020-7936
MLIST
MISC
MISC
MISC
qemu -- qemu
 
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. 2020-01-21 5 CVE-2020-7211
CONFIRM
MISC
DEBIAN
qualcomm -- multiple_snapdragon_products
 
Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 2020-01-21 5 CVE-2019-10561
CONFIRM
ruckus -- unleashed_devices
 
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. 2020-01-22 6.5 CVE-2019-19834
MISC
MISC
MISC
schneider_electric -- msx_configurator A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL. 2020-01-22 4.4 CVE-2019-6858
MISC
serendipity -- serendipity
 
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. 2020-01-22 4.3 CVE-2011-3610
MISC
MISC
MISC
solarwinds -- orion_platform
 
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. 2020-01-17 4.3 CVE-2019-17127
CONFIRM
MISC
solarwinds -- orion_platform
 
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. 2020-01-17 4.3 CVE-2019-17125
CONFIRM
MISC
testlink -- testlink
 
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491. 2020-01-20 4.3 CVE-2019-20381
MISC
MISC
MISC
uhp_networks -- uhp-100_satellite_router
 
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). 2020-01-19 4.3 CVE-2020-7235
MISC
uhp_networks -- uhp-100_satellite_router
 
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). 2020-01-19 4.3 CVE-2020-7236
MISC
usebb -- usebb
 
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. 2020-01-22 6.8 CVE-2011-3612
MISC
MISC
MISC
wordpress -- wordpress The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. 2020-01-17 4.3 CVE-2020-7104
MISC
wordpress -- wordpress
 
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS 2020-01-23 4.3 CVE-2014-7238
MISC
wordpress -- wordpress
 
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. 2020-01-21 4.3 CVE-2020-7239
MISC
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. 2020-01-23 3.5 CVE-2019-16512
MISC
MISC
MISC
MISC
MISC
eaton -- sp_850_devices An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. 2020-01-22 3.5 CVE-2020-7915
MISC
geutebruck -- g-code_and_g-cam_ip_cameras
 
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user?s browser. 2020-01-17 3.5 CVE-2019-10957
MISC
intel -- chipset_device_software_inf_utility
 
Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. 2020-01-17 2.1 CVE-2019-14596
CONFIRM
intel -- data_analytics_acceleration_library
 
Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. 2020-01-17 2.1 CVE-2019-14629
CONFIRM
joomla! -- joomla! Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. 2020-01-22 3.5 CVE-2011-3595
MISC
MISC
MISC
pivotal -- pivotal_spring_framework
 
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. 2020-01-17 2.6 CVE-2020-5397
CONFIRM
plone -- plone
 
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. 2020-01-23 3.5 CVE-2020-7937
MLIST
MISC
MISC
MISC
ruckus -- zoneflex_devices
 
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). 2020-01-19 3.5 CVE-2020-7234
MISC
sonoff -- sonoff_th_10_and_16_devices
 
Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password). 2020-01-21 3.5 CVE-2020-7470
MISC
wordpress -- wordpress
 
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. 2020-01-22 3.5 CVE-2020-7228
MISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions -- codesys_control_and_gatweay_and_hmi CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. 2020-01-24 not yet calculated CVE-2020-7052
CONFIRM
MISC
accusoft -- prizm_content_connect
 
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability 2020-01-21 not yet calculated CVE-2012-5190
MISC
MISC
aef -- advanced_electron_forum A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. 2020-01-22 not yet calculated CVE-2011-3582
MISC
amd -- atidxx64.dll_driver
 
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 not yet calculated CVE-2019-5124
MISC
amd -- atidxx64.dll_driver
 
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 not yet calculated CVE-2019-5146
MISC
amd -- atidxx64.dll_driver
 
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 not yet calculated CVE-2019-5147
MISC
amd -- atidxx64.dll_driver
 
An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 not yet calculated CVE-2019-5183
MISC
apache -- xml-rpc
 
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. 2020-01-23 not yet calculated CVE-2019-17570
MLIST
CONFIRM
CONFIRM

apereo -- jasig_java_cas_client_and_.net_cas_client_and_phpcas

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. 2020-01-24 not yet calculated CVE-2014-4172
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apt-cacher-ng -- apt-cacher-ng apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can. 2020-01-21 not yet calculated CVE-2020-5202
MISC
MLIST
MISC
arm -- mbed_crypto_and_mbed_tls
 
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. 2020-01-23 not yet calculated CVE-2019-18222
MISC
CONFIRM
artifex_software_and_sumatra_pdf -- mupdf_and_sumatra_pdf
 
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. 2020-01-23 not yet calculated CVE-2012-5340
EXPLOIT-DB
atinux -- schema-inpsector
 
In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. 2020-01-22 not yet calculated CVE-2019-10781
CONFIRM
MISC
babygekko -- babygekko
 
BabyGekko before 1.2.4 has SQL injection. 2020-01-23 not yet calculated CVE-2012-5698
MISC
MISC
babygekko -- babygekko
 
BabyGekko before 1.2.4 allows PHP file inclusion. 2020-01-23 not yet calculated CVE-2012-5699
MISC
MISC
bibtex_gem_for_ruby_on_rails -- bibtex_gem_for_ruby_on_rails BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. 2020-01-22 not yet calculated CVE-2019-10780
MISC
big_switch_networks -- multiple_products
 
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation. 2020-01-24 not yet calculated CVE-2019-19631
MISC
MISC
big_switch_networks -- multiple_products
 
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. 2020-01-24 not yet calculated CVE-2019-19632
MISC
MISC
cacti -- cacti Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. 2020-01-21 not yet calculated CVE-2019-17357
MISC
CONFIRM
MISC
cacti -- cacti Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. 2020-01-20 not yet calculated CVE-2020-7237
MISC
carbonftp -- carbonftp
 
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. 2020-01-21 not yet calculated CVE-2020-6857
MISC
MISC
FULLDISC
FULLDISC
MISC
citrix -- xenserver
 
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. 2020-01-23 not yet calculated CVE-2012-4606
BID
codecov -- codecov
 
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. 2020-01-25 not yet calculated CVE-2020-7596
MISC
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. 2020-01-23 not yet calculated CVE-2019-16514
MISC
MISC
MISC
MISC
MISC
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. 2020-01-23 not yet calculated CVE-2019-16515
MISC
MISC
MISC
MISC
MISC
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username. 2020-01-23 not yet calculated CVE-2019-16516
MISC
MISC
MISC
MISC
MISC
connectwise -- connectwise_control
 
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. 2020-01-23 not yet calculated CVE-2019-16517
MISC
MISC
MISC
MISC
MISC
corel -- wordperfect_office_x6
 
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference 2020-01-23 not yet calculated CVE-2012-4900
MISC
MISC
MISC
cryptacular -- cryptacular
 
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. 2020-01-24 not yet calculated CVE-2020-7226
MISC
MISC
ctfd -- ctfd
 
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a username similar to the admin, but with spaces inserted before and after the username. This will register the account with the same username as the admin. After a reset of the password for this new account, CTFd will reset the admin account's password due to the username collision. 2020-01-23 not yet calculated CVE-2020-7245
MISC
MISC
d-link -- dsr-250n_devices D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. 2020-01-25 not yet calculated CVE-2012-6613
EXPLOIT-DB
dimo_software -- yellowbox_crm In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. 2020-01-21 not yet calculated CVE-2019-14767
MISC
MISC
MISC
dimo_software -- yellowbox_crm
 
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. 2020-01-21 not yet calculated CVE-2019-14768
MISC
MISC
dimo_software -- yellowbox_crm
 
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. 2020-01-21 not yet calculated CVE-2019-14765
MISC
MISC
dimo_software -- yellowbox_crm
 
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. 2020-01-21 not yet calculated CVE-2019-14766
MISC
MISC
easytime_studio -- easy_file_manager
 
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass 2020-01-24 not yet calculated CVE-2013-3960
MISC
MISC
evoko -- evoko_home
 
Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL. 2020-01-19 not yet calculated CVE-2020-7232
MISC
evoko -- evoko_home
 
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. 2020-01-19 not yet calculated CVE-2020-7231
MISC
extjs -- extjs
 
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. 2020-01-23 not yet calculated CVE-2007-6758
MISC
MISC
facebook -- whatsapp_desktop A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. 2020-01-21 not yet calculated CVE-2019-18426
CONFIRM
fasttrack_software -- admin_by_request
 
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions. 2020-01-23 not yet calculated CVE-2019-17201
CONFIRM
fasttrack_software -- admin_by_request
 
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. 2020-01-23 not yet calculated CVE-2019-17202
CONFIRM
fluxbb -- fluxbb
 
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. 2020-01-22 not yet calculated CVE-2011-3621
MISC
MISC
fordnn -- fordnn.usersexportimport_module
 
The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. 2020-01-21 not yet calculated CVE-2019-19392
MISC
MISC
fortinet -- fortimail
 
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. 2020-01-23 not yet calculated CVE-2019-15707
MISC
fortinet -- fortimail
 
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. 2020-01-23 not yet calculated CVE-2019-15712
MISC
fortinet -- fortios
 
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. 2020-01-23 not yet calculated CVE-2019-5593
MISC
fortinet -- fortisiem A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. 2020-01-23 not yet calculated CVE-2019-16153
CONFIRM
freeciv -- freeciv
 
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. 2020-01-23 not yet calculated CVE-2012-6083
MISC
MISC
gallagher -- command_centre_server
 
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. 2020-01-20 not yet calculated CVE-2020-7215
MISC
general_electric -- d20me_devices
 
General Electric D20ME devices are not properly configured and reveal plaintext passwords. 2020-01-23 not yet calculated CVE-2012-6663
MISC
general_electric -- multiple_products In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. 2020-01-24 not yet calculated CVE-2020-6961
MISC
general_electric -- multiple_products
 
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network. 2020-01-24 not yet calculated CVE-2020-6966
MISC
general_electric -- multiple_products
 
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package. 2020-01-24 not yet calculated CVE-2020-6965
MISC
general_electric -- multiple_products
 
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution. 2020-01-24 not yet calculated CVE-2020-6962
MISC
general_electric -- multiple_products
 
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. 2020-01-24 not yet calculated CVE-2020-6964
MISC
general_electric -- multiple_products
 
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. 2020-01-24 not yet calculated CVE-2020-6963
MISC
gentoo -- portage
 
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. 2020-01-21 not yet calculated CVE-2019-20384
MLIST
MISC
geocoder -- geocoder
 
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. 2020-01-25 not yet calculated CVE-2020-7981
MISC
MISC
gnu -- gnu_coreutils
 
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. 2020-01-24 not yet calculated CVE-2015-4042
MISC
MISC
gnu -- gnu_coreutils
 
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. 2020-01-24 not yet calculated CVE-2015-4041
MISC
MISC
MISC
google -- android audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. 2020-01-24 not yet calculated CVE-2015-1525
MISC
google -- android
 
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. 2020-01-24 not yet calculated CVE-2015-1530
MISC
google -- android
 
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability 2020-01-23 not yet calculated CVE-2013-6792
MISC
hashicorp -- vault_enterprise
 
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. 2020-01-23 not yet calculated CVE-2020-7220
CONFIRM
MISC
honeywell -- maxpro_vms_and_nvr The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. 2020-01-22 not yet calculated CVE-2020-6960
MISC
honeywell -- maxpro_vms_and_nvr
 
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. 2020-01-22 not yet calculated CVE-2020-6959
MISC
ht_editor -- ht_editor
 
HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability 2020-01-23 not yet calculated CVE-2012-5867
MISC
MISC
huawei -- mate_20_smart_phones
 
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) 2020-01-21 not yet calculated CVE-2020-1840
MISC
huawei -- multiple_products
 
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. 2020-01-21 not yet calculated CVE-2019-19414
MISC
huawei -- multiple_products
 
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. 2020-01-21 not yet calculated CVE-2019-19413
MISC
huawei -- usg9500_devices
 
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. 2020-01-21 not yet calculated CVE-2019-19411
MISC
ibm -- websphere_mq
 
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability 2020-01-23 not yet calculated CVE-2012-4863
MISC
MISC
intellian_technologies -- aptus_web
 
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. 2020-01-25 not yet calculated CVE-2020-7980
MISC
iris -- citations_management_tool IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. 2020-01-25 not yet calculated CVE-2013-1744
MISC
ispconfig -- ispconfig ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. 2020-01-23 not yet calculated CVE-2012-2087
MISC
MISC
MISC
MISC
ixp_data -- easyinstall In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. 2020-01-23 not yet calculated CVE-2019-19898
MISC
ixp_data -- easyinstall
 
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. 2020-01-23 not yet calculated CVE-2019-19893
MISC
ixp_data -- easyinstall
 
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function. 2020-01-23 not yet calculated CVE-2019-19897
MISC
ixp_data -- easyinstall
 
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. 2020-01-23 not yet calculated CVE-2019-19896
MISC
ixp_data -- easyinstall
 
In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. 2020-01-23 not yet calculated CVE-2019-19895
MISC
ixp_data -- easyinstall
 
In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. 2020-01-23 not yet calculated CVE-2019-19894
MISC
jama_software -- jama_connect Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting 2020-01-21 not yet calculated CVE-2019-19592
MISC
jazzband -- django-user-sessions
 
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. 2020-01-24 not yet calculated CVE-2020-5224
CONFIRM
MISC
jfrog -- artifactory
 
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. 2020-01-23 not yet calculated CVE-2020-7931
MISC
MISC
kms_controls -- bac-a1616bc_bacnet_devices
 
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. 2020-01-19 not yet calculated CVE-2020-7233
MISC
koha -- koha
 
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. 2020-01-24 not yet calculated CVE-2014-1924
MISC
MISC
MISC
MISC
koha -- koha
 
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. 2020-01-24 not yet calculated CVE-2014-1923
MISC
MISC
MISC
MISC
MISC
koha -- koha
 
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. 2020-01-24 not yet calculated CVE-2014-1925
MISC
MISC
MISC
MISC
koha -- koha
 
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. 2020-01-24 not yet calculated CVE-2014-1922
MISC
MISC
MISC
MISC
libressl -- libressl
 
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. 2020-01-23 not yet calculated CVE-2015-5334
MISC
MISC
MISC
MISC
MISC
libressl -- libressl
 
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. 2020-01-23 not yet calculated CVE-2015-5333
CONFIRM
MISC
MISC
MISC
logaritmo -- aware_callmanager_2012_devices
 
The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI. 2020-01-21 not yet calculated CVE-2019-20385
MISC
lorex_technology -- lnc116_and_lnc104_ip_cameras Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability 2020-01-24 not yet calculated CVE-2012-6451
MISC
MISC
meinberg -- syncbox/ptp/ptpv2_devices
 
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. 2020-01-21 not yet calculated CVE-2019-17584
MISC
CONFIRM
micro_focus -- novell_zenworks_configuration_management
 
Novell ZENworks Configuration Management before 11.2.4 allows XSS. 2020-01-25 not yet calculated CVE-2012-6344
MISC
micro_focus -- novell_zenworks_configuration_management
 
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. 2020-01-25 not yet calculated CVE-2012-6345
MISC
microsoft -- activex
 
NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request. 2020-01-23 not yet calculated CVE-2012-5389
MISC
MISC
microsoft -- microsoft_dynamics_365
 
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. 2020-01-24 not yet calculated CVE-2018-8654
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. 2020-01-24 not yet calculated CVE-2019-1454
MISC
microsoft -- outlook_for_android
 
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. 2020-01-24 not yet calculated CVE-2019-1460
MISC
microsoft -- visual_studio_2017_and_2019 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. 2020-01-24 not yet calculated CVE-2019-1352
MISC
microsoft -- visual_studio_2017_and_2019 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. 2020-01-24 not yet calculated CVE-2019-1354
MISC
microsoft -- visual_studio_2017_and_2019
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. 2020-01-24 not yet calculated CVE-2019-1349
MISC
microsoft -- visual_studio_2017_and_2019
 
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. 2020-01-24 not yet calculated CVE-2019-1351
MISC
microsoft -- visual_studio_2017_and_2019
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. 2020-01-24 not yet calculated CVE-2019-1350
MISC
microsoft -- visual_studio_code
 
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'. 2020-01-24 not yet calculated CVE-2019-1414
MISC
mimblewimble -- grin
 
Grin through 2.1.1 has Insufficient Validation. 2020-01-21 not yet calculated CVE-2020-6638
MISC
CONFIRM
mirc -- mirc
 
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. 2020-01-21 not yet calculated CVE-2011-5282
MISC
mirc -- mirc
 
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. 2020-01-23 not yet calculated CVE-2008-7314
CONFIRM
CONFIRM
mirumee -- saleor
 
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). 2020-01-24 not yet calculated CVE-2020-7964
MISC
MISC
multitech_conduit -- mtcdt-lvw2-24xx_devices
 
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. 2020-01-21 not yet calculated CVE-2020-7594
MISC
mysecureshell -- mysecureshell
 
MySecureShell 1.31 has a Local Denial of Service Vulnerability 2020-01-23 not yet calculated CVE-2013-4175
MISC
MISC
mysecureshell -- mysecureshell
 
mysecureshell 1.31: Local Information Disclosure Vulnerability 2020-01-23 not yet calculated CVE-2013-4176
MISC
MISC
openpne -- openpne_3
 
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability 2020-01-24 not yet calculated CVE-2013-4333
MISC
MISC
MISC
owncloud -- owncloud_server
 
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. 2020-01-23 not yet calculated CVE-2014-2050
MISC
CONFIRM
MISC
papercrop_gem_for_ruby_on_rails -- papercrop_gem_for_ruby_on_rails
 
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. 2020-01-21 not yet calculated CVE-2015-2784
CONFIRM
CONFIRM
parallels -- parallels
 
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. 2020-01-21 not yet calculated CVE-2020-7213
MISC
MISC
MISC
peerigon -- angular-expressions
 
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. 2020-01-24 not yet calculated CVE-2020-5219
MISC
MISC
CONFIRM
philips -- hue_bridge
 
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. 2020-01-23 not yet calculated CVE-2020-6007
MISC
postfix-mta-sts-resolver -- postfix-mta-sts-resolver
 
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. 2020-01-22 not yet calculated CVE-2019-16791
MISC
CONFIRM
prestashop -- prestashop
 
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. 2020-01-23 not yet calculated CVE-2013-6358
MISC
privatebin -- privatebin
 
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users. 2020-01-23 not yet calculated CVE-2020-5223
MISC
MISC
CONFIRM
MISC
pylons_project -- waitress
 
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0. 2020-01-22 not yet calculated CVE-2019-16792
MISC
MISC
CONFIRM
qdpm -- qdpm
 
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. 2020-01-21 not yet calculated CVE-2020-7246
MISC
MISC
qemu -- qemu
 
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. 2020-01-23 not yet calculated CVE-2015-5745
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qemu -- qemu
 
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. 2020-01-23 not yet calculated CVE-2015-5278
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qemu -- qemu
 
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. 2020-01-23 not yet calculated CVE-2015-5239
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
qt -- qt Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. 2020-01-24 not yet calculated CVE-2015-9541
MISC
rapid7 -- appspider
 
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215. 2020-01-22 not yet calculated CVE-2019-5647
CONFIRM
rapid7 -- nexpose
 
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access. 2020-01-25 not yet calculated CVE-2012-6494
BID
XF
red_hat -- jboss_enterprise_application_platform_vault
 
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. 2020-01-23 not yet calculated CVE-2019-14885
CONFIRM
red_hat -- multiple_jboss_products
 
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. 2020-01-23 not yet calculated CVE-2012-5626
CONFIRM
CONFIRM
red_hat -- quay
 
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. 2020-01-21 not yet calculated CVE-2019-3864
CONFIRM
ricoh -- multiple_devices
 
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version 2020-01-24 not yet calculated CVE-2019-19363
MISC
FULLDISC
CONFIRM
ruckus -- unleashed_devices
 
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. 2020-01-23 not yet calculated CVE-2019-19835
MISC
MISC
MISC
ruckus -- unleashed_devices
 
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. 2020-01-22 not yet calculated CVE-2019-19840
MISC
MISC
MISC
ruckus -- unleashed_devices
 
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. 2020-01-22 not yet calculated CVE-2019-19842
MISC
MISC
MISC
ruckus -- unleashed_devices
 
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. 2020-01-22 not yet calculated CVE-2019-19841
MISC
MISC
MISC
saltstack -- salt
 
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. 2020-01-17 not yet calculated CVE-2019-17361
CONFIRM
MISC
samba -- samba
 
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). 2020-01-21 not yet calculated CVE-2019-14907
CONFIRM
CONFIRM
MISC
CONFIRM
samba -- samba
 
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. 2020-01-21 not yet calculated CVE-2019-14902
CONFIRM
CONFIRM
MISC
CONFIRM
samba -- samba
 
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. 2020-01-21 not yet calculated CVE-2019-19344
CONFIRM
CONFIRM
MISC
CONFIRM

samsung -- galaxy_gear_devices

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16269
MISC
MISC
samsung -- galaxy_gear_devices The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16271
MISC
MISC
samsung -- galaxy_gear_devices
 
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. 2020-01-22 not yet calculated CVE-2018-16270
MISC
MISC
samsung -- galaxy_gear_devices
 
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16272
MISC
MISC
sap -- message_server
 
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. 2020-01-23 not yet calculated CVE-2013-1592
MISC
MISC
MISC
MISC
MISC
MISC
sap -- netweaver_2004s
 
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. 2020-01-23 not yet calculated CVE-2013-1593
MISC
MISC
MISC
MISC
MISC
sarg -- squid_analysis_report_generator
 
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. 2020-01-21 not yet calculated CVE-2019-18932
MISC
MISC
MLIST
MISC
secure_headers_gem_for_ruby_on_rails -- secure_headers_gem_for_ruby_on_rails
 
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. 2020-01-23 not yet calculated CVE-2020-5216
MISC
CONFIRM
secure_headers_gem_for_ruby_on_rails -- secure_headers_gem_for_ruby_on_rails
 
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0. 2020-01-23 not yet calculated CVE-2020-5217
MISC
MISC
MISC
CONFIRM
simple_machines -- simple_machines_forum
 
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links. 2020-01-22 not yet calculated CVE-2019-12490
MISC
MISC
simplejobscript.com -- simplejobscript.com
 
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. 2020-01-21 not yet calculated CVE-2020-7229
MISC
MISC
simplesamlphp -- simplesamlphp
 
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field. 2020-01-24 not yet calculated CVE-2020-5226
CONFIRM
MISC
simplesamlphp -- simplesamlphp
 
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. 2020-01-24 not yet calculated CVE-2020-5225
CONFIRM
MISC
smc -- d3g08042w_3.5.2.5-lat_ga_devices
 
SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). 2020-01-21 not yet calculated CVE-2020-7249
MISC
soapbox -- soapbox
 
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. 2020-01-24 not yet calculated CVE-2012-6302
MISC
splunk -- splunk
 
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges 2020-01-23 not yet calculated CVE-2013-6773
MISC
splunk -- splunk
 
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking 2020-01-23 not yet calculated CVE-2013-6772
MISC
storebackup -- storebackup
 
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) 2020-01-21 not yet calculated CVE-2020-7040
MISC
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
supermicro -- intelligent_management_platform_interface
 
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. 2020-01-23 not yet calculated CVE-2013-6785
MISC
suse -- libsolv
 
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. 2020-01-21 not yet calculated CVE-2019-20387
MISC
MISC
suse -- linux_enterprise_server
 
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. 2020-01-24 not yet calculated CVE-2019-3687
CONFIRM

suse -- linux_enterprise_server_15_and_opensuse_factory

A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. 2020-01-23 not yet calculated CVE-2019-3691
CONFIRM
suse -- linux_enterprise_server_15_sp1
 
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. 2020-01-23 not yet calculated CVE-2019-18898
CONFIRM

suse -- multiple_products

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. 2020-01-24 not yet calculated CVE-2019-3692
CONFIRM
suse -- multiple_products
 
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. 2020-01-24 not yet calculated CVE-2019-3694
CONFIRM
suse -- multiple_products
 
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. 2020-01-24 not yet calculated CVE-2019-3693
CONFIRM
suse -- multiple_products
 
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. 2020-01-24 not yet calculated CVE-2019-18900
CONFIRM
suse -- opensuse_leap The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. 2020-01-23 not yet calculated CVE-2019-18899
CONFIRM
suse -- opensuse_leap
 
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. 2020-01-24 not yet calculated CVE-2019-3697
CONFIRM

suse -- opensuse_leap_and_opensuse_factory
 

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. 2020-01-24 not yet calculated CVE-2019-3699
CONFIRM
systemd -- systemd
 
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. 2020-01-21 not yet calculated CVE-2019-20386
MISC
tizen -- tizen The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16267
MISC
MISC
MISC
tizen -- tizen The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16263
MISC
MISC
MISC
tizen -- tizen
 
The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16262
MISC
MISC
MISC
tizen -- tizen
 
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16264
MISC
MISC
MISC
tizen -- tizen
 
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16265
MISC
MISC
MISC
MISC
tizen -- tizen
 
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16266
MISC
MISC
MISC
tizen -- tizen
 
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. 2020-01-22 not yet calculated CVE-2018-16268
MISC
MISC
MISC
tornadoweb -- tornado
 
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. 2020-01-24 not yet calculated CVE-2014-9720
MISC
MISC
MISC
MISC
MISC
torproject -- tor Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24 not yet calculated CVE-2015-2689
MISC
MISC
torproject -- tor
 
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. 2020-01-24 not yet calculated CVE-2015-2929
MISC
MISC
torproject -- tor
 
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. 2020-01-24 not yet calculated CVE-2015-2928
MLIST
CONFIRM
torproject -- tor
 
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24 not yet calculated CVE-2015-2688
MISC
MISC
toshiba -- configfree
 
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability 2020-01-23 not yet calculated CVE-2012-4981
MISC
MISC
troglobit -- uftpd
 
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 2020-01-22 not yet calculated CVE-2020-5221
MISC
CONFIRM
trustwave -- modsecurity
 
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. 2020-01-21 not yet calculated CVE-2019-19886
CONFIRM
umbraco -- umbraco
 
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. 2020-01-23 not yet calculated CVE-2020-7210
MISC
FULLDISC
MISC
MISC
BUGTRAQ
undertow -- http_server
 
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. 2020-01-23 not yet calculated CVE-2019-14888
CONFIRM
usebb -- usebb
 
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. 2020-01-22 not yet calculated CVE-2011-3611
MISC
MISC
MISC
vanilla_forums -- vanilla
 
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. 2020-01-22 not yet calculated CVE-2011-3613
MISC
MISC
vanilla_forums -- vanilla
 
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. 2020-01-22 not yet calculated CVE-2011-3614
MISC
MISC
videolan -- vlc_media_player
 
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. 2020-01-24 not yet calculated CVE-2014-9630
MISC
MISC
CONFIRM
videolan -- vlc_media_player
 
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. 2020-01-24 not yet calculated CVE-2014-9629
MISC
MISC
CONFIRM
videolan -- vlc_media_player
 
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. 2020-01-24 not yet calculated CVE-2014-9628
MISC
MISC
CONFIRM
videolan -- vlc_media_player
 
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. 2020-01-24 not yet calculated CVE-2014-9627
MISC
MISC
CONFIRM
videolan -- vlc_media_player
 
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. 2020-01-24 not yet calculated CVE-2014-9626
MISC
MISC
CONFIRM
videolan -- vlc_media_player
 
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. 2020-01-24 not yet calculated CVE-2014-9625
MISC
MISC
CONFIRM
vivotek -- pt7135_ip_cameras
 
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. 2020-01-24 not yet calculated CVE-2013-1595
MISC
MISC
MISC
MISC
MISC
vivotek -- pt7135_ip_cameras
 
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. 2020-01-24 not yet calculated CVE-2013-1594
MISC
MISC
MISC
MISC
MISC
MISC
vivotek -- pt7135_ip_cameras
 
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. 2020-01-24 not yet calculated CVE-2013-1598
MISC
MISC
MISC
MISC
MISC
vivotek -- pt7135_ip_cameras
 
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. 2020-01-24 not yet calculated CVE-2013-1596
MISC
MISC
MISC
MISC
MISC
vivotek -- pt7135_ip_cameras
 
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. 2020-01-24 not yet calculated CVE-2013-1597
MISC
MISC
MISC
MISC
MISC
websitebaker -- websitebaker
 
websitebaker prior to and including 2.8.1 has an authentication error in backup module. 2020-01-21 not yet calculated CVE-2011-4322
MISC
wordpress -- wordpress
 
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. 2020-01-20 not yet calculated CVE-2020-7241
MISC
MISC
wordpress -- wordpress
 
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. 2020-01-23 not yet calculated CVE-2012-6649
MISC
BID
wordpress -- wordpress
 
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). 2020-01-21 not yet calculated CVE-2016-11018
MISC
MISC
MISC
wordpress -- wordpress
 
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. 2020-01-21 not yet calculated CVE-2020-6849
MISC
MISC
MISC
xmind -- xmind
 
The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. 2020-01-21 not yet calculated CVE-2014-2680
MISC
xmlsoft -- libxml2
 
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. 2020-01-21 not yet calculated CVE-2019-20388
MISC
xmlsoft -- libxml2
 
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. 2020-01-21 not yet calculated CVE-2020-7595
MISC
yast -- yast2-security
 
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. 2020-01-24 not yet calculated CVE-2019-3700
CONFIRM
zoho_manageengine -- servicedesk_plus
 
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. 2020-01-23 not yet calculated CVE-2020-6843
MISC
FULLDISC
MISC
BUGTRAQ
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No