Bulletin (SB20-041)

Vulnerability Summary for the Week of February 3, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
aircrack-ng -- aircrack-ng
 
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. 2020-01-31 7.5 CVE-2014-8322
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
aruba_networks -- instant
 
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. 2020-01-31 7.5 CVE-2016-2031
MISC
MISC
MISC
MISC
changing_information_technology -- servisign
 
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. 2020-02-03 7.8 CVE-2020-3926
CONFIRM
changing_information_technology -- servisign
 
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. 2020-02-03 8.5 CVE-2020-3927
CONFIRM
cisco -- multiple_ip_phones
 
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-02-05 8.3 CVE-2020-3111
MISC
CISCO
cisco -- video_surveillance_8000_series_ip_cameras
 
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later. 2020-02-05 8.3 CVE-2020-3110
MISC
CISCO
coppermine_development_team -- coppermine_gallery
 
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. 2020-02-05 7.5 CVE-2010-4815
MISC
MISC
MISC
curling -- curling
 
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. 2020-02-06 10 CVE-2019-10789
MISC
MISC
django -- django
 
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. 2020-02-03 7.5 CVE-2020-7471
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
CONFIRM
CONFIRM
dot-prop -- dot-prop Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. 2020-02-04 7.5 CVE-2020-8116
MISC
dotcms -- dotcms
 
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). 2020-02-05 7.5 CVE-2020-6754
CONFIRM
CONFIRM
edk2 -- unified_extensible_firmware_interface
 
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. 2020-01-31 7.2 CVE-2014-4860
MISC
edk2 -- unified_extensible_firmware_interface
 
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. 2020-01-31 7.2 CVE-2014-4859
MISC
eg_innovations -- eg_manager
 
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). 2020-02-03 7.5 CVE-2020-8592
MISC
eg_innovations -- eg_manager
 
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. 2020-02-03 7.5 CVE-2020-8591
MISC
fortinet -- fortimanager A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. 2020-02-04 9 CVE-2015-3611
MISC
MISC
CONFIRM
fortinet -- mortimanager
 
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page 2020-02-04 7.5 CVE-2015-3613
MISC
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission 2020-02-05 7.5 CVE-2020-8114
CONFIRM
MISC
MISC
hashicorp -- nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. 2020-01-31 7.5 CVE-2020-7956
MISC
MISC
jobberbase -- jobberbase
 
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint. 2020-02-05 7.5 CVE-2019-20447
MISC
MISC
klona -- klona Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. 2020-02-04 7.5 CVE-2020-8125
MISC
nanopb -- nanopb
 
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4. 2020-02-04 7.5 CVE-2020-5235
MISC
MISC
MISC
CONFIRM
netapp -- oncommand_system_manager NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. 2020-01-31 9 CVE-2013-3322
XF
MISC
norman -- malware_cleaner nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. 2020-02-03 7.5 CVE-2020-8508
MISC
phpabook -- phpabook
 
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. 2020-02-03 7.5 CVE-2020-8510
MISC
MISC
phplist -- phplist
 
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. 2020-02-03 7.5 CVE-2020-8547
MISC
playsms -- playsms
 
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. 2020-02-05 7.5 CVE-2020-8644
MISC
MISC
ppp -- ppp
 
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. 2020-02-03 7.5 CVE-2020-8597
MISC
MLIST
python -- python
 
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. 2020-02-04 7.1 CVE-2019-9674
MISC
MISC
MISC
MISC
MISC
qualcomm -- mdm9206_and_mdm9607_devices
 
Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 2020-02-07 7.2 CVE-2019-14051
CONFIRM
qualcomm -- multiple_snapdragon_products Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24 2020-02-07 7.2 CVE-2019-14046
CONFIRM
qualcomm -- multiple_snapdragon_products Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24 2020-02-07 7.2 CVE-2019-14044
CONFIRM
qualcomm -- multiple_snapdragon_products Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14055
CONFIRM
qualcomm -- multiple_snapdragon_products APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 2020-02-07 7.2 CVE-2019-14002
CONFIRM
qualcomm -- multiple_snapdragon_products
 
There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-10567
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 2020-02-07 9.4 CVE-2019-14063
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 7.2 CVE-2019-14060
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 9.4 CVE-2019-14057
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130 2020-02-07 7.2 CVE-2019-14049
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 10 CVE-2019-10590
CONFIRM
sap -- netweaver
 
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. 2020-02-05 7.5 CVE-2011-1517
MISC
MISC
MISC
simplejobscript.com -- simplejobscript.com controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. 2020-01-31 7.5 CVE-2020-8440
CONFIRM
smartbear -- readyapi_and_soapui An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. 2020-02-05 9.3 CVE-2019-12180
MISC
squid -- squid
 
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. 2020-02-04 7.5 CVE-2020-8450
MISC
MISC
MISC
MISC
MISC
MISC
the_update_framework -- tuf TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. 2020-02-05 7.5 CVE-2020-6174
CONFIRM
tp-link -- tg-sg105e_devices The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. 2020-02-03 7.8 CVE-2019-16893
EXPLOIT-DB
zpanel_project -- zpanel
 
ZPanel 10.0.1 has insufficient entropy for its password reset process. 2020-02-04 7.5 CVE-2012-5686
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
1up -- oneupuploaderbundle
 
oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5. 2020-02-05 6.5 CVE-2020-5237
MISC
CONFIRM
abrt -- abrt
 
ABRT might allow attackers to obtain sensitive information from crash reports. 2020-01-31 5 CVE-2011-4088
MISC
MISC
aircrack-ng -- aircrack-ng
 
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. 2020-01-31 4.6 CVE-2014-8321
CONFIRM
MISC
MISC
CONFIRM
MISC
alcatel-lucent -- 1830_photonic_service_switch
 
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. 2020-01-31 4.3 CVE-2014-3809
MISC
apache -- ofbiz
 
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 2020-02-06 5 CVE-2019-12426
MLIST
CONFIRM
apple -- bonjour
 
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. 2020-02-05 4.9 CVE-2011-0220
MISC
apple -- safari
 
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. 2020-02-03 5 CVE-2016-4676
MISC
MISC
MISC
CONFIRM
MISC
aroxsolution -- school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. 2020-01-31 4.3 CVE-2020-8505
MISC
aroxsolution -- school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. 2020-01-31 4.3 CVE-2020-8504
MISC
aruba -- airwave_management_platform
 
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 2020-01-31 5 CVE-2016-2032
MISC
MISC
MISC
MISC
atlassian -- crowd
 
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. 2020-02-06 5 CVE-2019-20104
N/A
atlassian -- jira
 
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. 2020-02-06 4 CVE-2019-20404
N/A
atlassian -- jira
 
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. 2020-02-06 4.4 CVE-2019-20400
N/A
atlassian -- jira
 
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. 2020-02-06 4.3 CVE-2019-20405
N/A
atlassian -- jira
 
Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. 2020-02-06 4.3 CVE-2019-20401
N/A
atlassian -- jira
 
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. 2020-02-06 5 CVE-2019-20403
N/A
atlassian -- jira
 
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. 2020-02-06 4 CVE-2019-20106
N/A
atlassian -- jira
 
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. 2020-02-06 4 CVE-2019-20402
N/A
auth0 -- auth0_lock
 
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. 2020-02-03 4.3 CVE-2019-20174
CONFIRM
MISC
batavi -- batavi
 
Batavi before 1.0 has CSRF. 2020-02-05 6.8 CVE-2011-0525
MISC
MISC
brocade -- fabric_os
 
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. 2020-02-05 5 CVE-2019-16204
CONFIRM
brocade -- fabric_os
 
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. 2020-02-05 5 CVE-2019-16203
CONFIRM
brother -- mfc-9970cdw_devices
 
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. 2020-02-03 5 CVE-2013-2674
MISC
XF
BID
brother -- mfc-9970cdw_devices
 
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. 2020-02-03 5 CVE-2013-2672
MISC
XF
brother -- mfc-9970cdw_devices
 
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. 2020-02-03 4.6 CVE-2013-2673
MISC
BID
c-lightning -- c-lightning
 
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds." 2020-01-31 5 CVE-2019-12998
MISC
CONFIRM
cisco -- linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. 2020-02-06 5 CVE-2013-2683
MISC
BID
XF
cisco -- linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. 2020-02-05 5 CVE-2013-2680
MISC
BID
XF
cisco -- linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. 2020-02-04 6.8 CVE-2013-2678
MISC
EXPLOIT-DB
BID
XF
cisco -- linksys_e4200 Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. 2020-02-05 4.3 CVE-2013-2681
MISC
BID
XF
cisco -- linksys_e4200
 
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. 2020-02-05 4.3 CVE-2013-2682
MISC
BID
XF
cisco -- linksys_e4200
 
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-02-06 4.3 CVE-2013-2684
MISC
BID
XF
computer_incident_response_center_luxembourg -- ail-framework Global.py in AIL framework 2.8 allows path traversal. 2020-02-03 5 CVE-2020-8545
MISC
cysharp -- messagepack_for_c#_and_unity
 
MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. 2020-01-31 6.8 CVE-2020-5234
MISC
CONFIRM
d-link -- dir-100_devices
 
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure 2020-02-04 5 CVE-2013-7055
MISC
MISC
MISC
d-link -- dir-100_devices
 
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script 2020-02-04 5 CVE-2013-7052
MISC
MISC
MISC
d-link -- dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi CSRF 2020-02-04 6.8 CVE-2013-7053
MISC
MISC
MISC
d-link -- dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters 2020-02-04 6.8 CVE-2013-7051
MISC
MISC
MISC
MISC
d-link -- dir-100_devices
 
D-Link DIR-100 4.03B07: cli.cgi XSS 2020-02-04 4.3 CVE-2013-7054
MISC
MISC
MISC
drupal -- drupal
 
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. 2020-01-31 4.3 CVE-2014-8338
MISC
MISC
eclair -- eclair
 
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it." 2020-01-31 5 CVE-2019-13000
MISC
MISC
CONFIRM
ens_domains -- ens
 
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. 2020-01-31 4.9 CVE-2020-5232
MISC
CONFIRM
eucalyptus -- eucalyptus_management_console
 
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 6.8 CVE-2014-5039
CONFIRM
evernote_corporation -- evernote
 
Evernote prior to 5.5.1 has insecure password change 2020-01-31 6.6 CVE-2013-5116
MISC
MISC
MISC
f5 -- big-ip
 
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. 2020-02-06 5 CVE-2020-5856
CONFIRM
f5 -- big-ip_edge_client_for_windows
 
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. 2020-02-06 4.6 CVE-2020-5855
CONFIRM
gitlab -- gitlab_enterprise_edition
 
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. 2020-02-05 5 CVE-2020-6833
MISC
CONFIRM
gitlab -- gitlab
 
GitLab through 12.7.2 allows XSS. 2020-02-05 4.3 CVE-2020-7973
MISC
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. 2020-02-05 5 CVE-2020-7966
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition GitLab EE 10.1 through 12.7.2 allows Information Disclosure. 2020-02-05 5 CVE-2020-7974
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission 2020-02-05 4.3 CVE-2020-7979
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). 2020-02-05 4 CVE-2020-7967
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. 2020-02-05 5 CVE-2020-7976
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. 2020-02-05 5 CVE-2020-7968
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. 2020-02-05 5 CVE-2020-7969
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 11.0 and later through 12.7.2 allows XSS. 2020-02-05 4.3 CVE-2020-7971
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. 2020-02-05 5 CVE-2020-7978
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). 2020-02-05 5 CVE-2020-7972
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. 2020-02-05 4.3 CVE-2020-7977
MISC
CONFIRM
google -- android
 
An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. 2020-02-05 6.8 CVE-2019-11516
CONFIRM
MISC
MISC
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. 2020-01-31 5 CVE-2020-7955
MISC
MISC
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. 2020-01-31 5 CVE-2020-7219
MISC
MISC
hashicorp -- nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. 2020-01-31 5 CVE-2020-7218
MISC
MISC
htcondor -- mrg_grid
 
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. 2020-01-31 6.5 CVE-2014-8126
MISC
MISC
MISC
MISC
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability 2020-02-05 5.8 CVE-2013-0507
MISC
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. 2020-02-05 6.8 CVE-2019-4613
XF
CONFIRM
ibm -- sdk_java_technology
 
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. 2020-02-03 6.9 CVE-2019-4732
XF
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814. 2020-02-04 6.5 CVE-2019-4541
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. 2020-02-04 6 CVE-2020-4163
XF
CONFIRM
ibm -- workflow_for_bluemix
 
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2020-02-05 5.8 CVE-2015-0102
MISC
CONFIRM
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. 2020-02-04 5 CVE-2019-4562
XF
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. 2020-02-04 4.3 CVE-2019-4548
XF
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. 2020-02-04 5 CVE-2019-4551
XF
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952. 2020-02-04 5 CVE-2019-4550
XF
CONFIRM
ibm -- security_directory_server
 
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. 2020-02-04 5 CVE-2019-4540
XF
CONFIRM
ibm -- security_identity_manager
 
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. 2020-02-04 4 CVE-2019-4674
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. 2020-01-31 5 CVE-2019-4720
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. 2020-02-05 4 CVE-2019-4670
XF
CONFIRM
icewarp -- webmail_server
 
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. 2020-02-01 4.3 CVE-2020-8512
MISC
MISC
MISC
info-zip -- unzip
 
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8140
MISC
MISC
MISC
MISC
info-zip -- unzip
 
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8139
MISC
MISC
MISC
MISC
info-zip -- unzip
 
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 6.8 CVE-2014-8141
MISC
MISC
MISC
MISC
infoware -- mapsuite_mapapi
 
Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 4.3 CVE-2014-2843
MISC
MISC
MISC
ipmitool -- ipmitool
 
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. 2020-02-05 6.5 CVE-2020-5208
MISC
CONFIRM
MLIST
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. 2020-01-31 5 CVE-2020-7914
MISC
CONFIRM
joomla! -- joomla! Joomla! 1.7.1 has core information disclosure due to inadequate error checking. 2020-02-04 5 CVE-2011-4937
MISC
MISC
MISC
MISC
joomla! -- joomla!
 
Joomla! core 1.7.1 allows information disclosure due to weak encryption 2020-02-04 5 CVE-2011-3629
MISC
MISC
MISC
MISC
joomla! -- joomla!
 
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. 2020-02-05 6.4 CVE-2011-1151
MISC
MISC
joomla! -- joomla!
 
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. 2020-02-04 5 CVE-2011-4912
MISC
MISC
joomla! -- joomla!
 
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). 2020-02-03 4.3 CVE-2020-5182
CONFIRM
kubernetes -- kubernetes
 
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. 2020-02-03 4.3 CVE-2019-11251
CONFIRM
MLIST
libvncserver -- libvncserver
 
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. 2020-02-05 5 CVE-2010-5304
MISC
MISC
MISC
MISC
MISC
MISC
lightning_labs -- lightning_network_daemon
 
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. 2020-01-31 5 CVE-2019-12999
MISC
MISC
CONFIRM
logmein -- lastpass
 
LastPass prior to 2.5.1 allows secure wipe bypass. 2020-01-31 6.6 CVE-2013-5114
MISC
MISC
MISC
lotus_core -- lotus_core_cms
 
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. 2020-02-05 6.5 CVE-2020-8641
MISC
masscode -- masscode
 
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). 2020-02-03 4.3 CVE-2020-8548
MISC
MISC
maxum_development_corporation -- rumpus
 
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. 2020-02-02 4.3 CVE-2020-8514
MISC
MISC
microsoft -- windows_operating_system
 
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. 2020-02-06 4.4 CVE-2019-20406
N/A
movable_type -- multiple_products
 
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. 2020-02-06 4.3 CVE-2020-5528
MISC
MISC
nextcloud -- nextcloud_server
 
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. 2020-02-04 4 CVE-2020-8117
MISC
MISC
nextcloud -- nextcloud_server
 
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. 2020-02-04 4.3 CVE-2020-8120
MISC
MISC
nextcloud -- nextcloud_server
 
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. 2020-02-04 5 CVE-2019-15623
MISC
MISC
nextcloud -- nextcloud_server
 
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. 2020-02-04 4 CVE-2020-8119
MISC
MISC
nextcloud -- talk
 
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. 2020-02-04 4 CVE-2019-15620
MISC
MISC
open-xchange -- ox_app_suite
 
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. 2020-01-31 5 CVE-2014-5236
MISC
MISC
MISC
openwall -- openwall
 
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. 2020-02-05 4.3 CVE-2011-1150
MISC
perl -- perl
 
_is_safe in the File::Temp module for Perl does not properly handle symlinks. 2020-01-31 5 CVE-2011-4116
MISC
MISC
MISC
MISC
MISC
perl -- perl
 
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. 2020-01-31 5 CVE-2011-4117
MISC
MISC
MISC
perl -- perl
 
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. 2020-01-31 6.4 CVE-2011-4115
MISC
MISC
CONFIRM
phpshop -- phpshop
 
PHPShop through 0.8.1 has XSS. 2020-02-05 4.3 CVE-2011-1069
MISC
pmwiki -- pmwiki
 
PmWiki before 2.2.21 has XSS. 2020-02-05 4.3 CVE-2010-4662
MISC
MISC
prototype -- prototype
 
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. 2020-02-03 4 CVE-2020-7993
MISC
MISC
pylons_project -- waitress
 
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible. 2020-02-04 6.8 CVE-2020-5236
MISC
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130 2020-02-07 4.6 CVE-2019-14040
CONFIRM
qualcomm -- multiple_snapdragon_products
 
During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2020-02-07 4.6 CVE-2019-14041
CONFIRM
senior -- rubiweb
 
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL. 2020-01-31 5 CVE-2019-19550
CONFIRM
sos -- jobscheduler
 
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service. 2020-02-06 6.8 CVE-2020-6855
MISC
sos -- jobscheduler
 
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders. 2020-02-06 4 CVE-2020-6856
MISC
squid-cache -- squid
 
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. 2020-02-04 5 CVE-2020-8517
MISC
MISC
squid-cache -- squid
 
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. 2020-02-04 5 CVE-2020-8449
MISC
MISC
MISC
MISC
MISC
MISC
squid-cache -- squid
 
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. 2020-02-04 5 CVE-2019-12528
CONFIRM
strapi -- strapi
 
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. 2020-02-04 4 CVE-2020-8123
MISC
suse -- openSUSE_wicked
 
An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. 2020-02-05 5 CVE-2020-7216
CONFIRM
MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih
 
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. 2020-02-04 5 CVE-2020-3937
MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih
 
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. 2020-02-04 5 CVE-2020-3938
MISC
sysjust_syuan-gu-da-shih -- sysjust_syuan-gu-da-shih
 
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. 2020-02-04 4.3 CVE-2020-3939
MISC
telaen -- telaen
 
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. 2020-02-03 5.8 CVE-2013-2621
BID
XF
MISC
telaen -- telaen
 
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. 2020-02-03 5 CVE-2013-2624
XF
MISC
telaen -- telaen
 
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. 2020-02-03 4.3 CVE-2013-2623
BID
XF
MISC
the_citytv_video_application -- the_citytv_video_application
 
The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. 2020-02-05 5 CVE-2020-8507
MISC
MISC
the_global_tv_application -- the_global_tv_application
 
The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. 2020-02-05 4 CVE-2020-8506
MISC
MISC
tinywebgallery -- tinywebgallery
 
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. 2020-02-03 5 CVE-2013-2631
MISC
MISC
torproject -- tor
 
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. 2020-02-02 5 CVE-2020-8516
MISC
tp-link -- tl-wr1043nd_v1_120405_devices
 
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. 2020-02-03 5 CVE-2013-2646
BID
troglobit -- minisnmpd
 
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. 2020-02-04 6.4 CVE-2020-6059
MISC
troglobit -- minisnmpd
 
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. 2020-02-04 6.4 CVE-2020-6058
MISC
typo3 -- typo3
 
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. 2020-02-03 5 CVE-2014-8328
MISC
MISC
MISC
uebimiau -- uebimiau
 
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. 2020-02-03 4.3 CVE-2013-2622
XF
MISC
unisys -- unisys_stealth
 
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled. 2020-02-03 4.3 CVE-2019-18193
CONFIRM
MISC
vanilla_forums -- vanilla_forums
 
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. 2020-02-05 4.3 CVE-2011-1009
MISC
videolan -- vlc_media_player
 
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. 2020-01-31 4.3 CVE-2013-3565
MISC
MISC
MISC
MISC
web2project -- web2project
 
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. 2020-01-31 6.5 CVE-2014-3119
MISC
MISC
MISC
wordpress -- wordpress
 
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. 2020-02-06 6.8 CVE-2020-8658
MISC
MISC
MISC
wordpress -- wordpress
 
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. 2020-02-03 4.3 CVE-2020-8549
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. 2020-02-05 4.3 CVE-2019-20173
CONFIRM
CONFIRM
MISC
zeuscart -- zeuscart
 
Multiple SQL injection vulnerabilities in ZeusCart 4.x. 2020-01-31 6.5 CVE-2014-3868
MISC
MISC
MISC
MISC
zoho_manageengine -- remote_access_plus
 
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). 2020-01-31 4 CVE-2020-8422
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
biscom -- biscom_secure_file_transfer
 
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. 2020-01-31 3.5 CVE-2020-8503
MISC
bromium -- secure_platform
 
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. 2020-02-03 3.3 CVE-2019-18567
MISC
CONFIRM
cisco -- digital_network_architecture
 
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. 2020-02-05 3.5 CVE-2019-15253
CISCO
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability. 2020-02-05 3.5 CVE-2020-3149
CISCO
cloud-init -- cloud-init In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. 2020-02-05 2.1 CVE-2020-8632
MISC
MISC
cloud-init -- cloud-init
 
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. 2020-02-05 2.1 CVE-2020-8631
MISC
MISC
fortinet -- fortimanager
 
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. 2020-02-04 3.5 CVE-2015-3612
MISC
MISC
MISC
ibm -- security_identity_manager
 
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493. 2020-02-04 3.5 CVE-2019-4451
XF
CONFIRM
ibm -- storediq
 
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. 2020-02-03 2.1 CVE-2020-4224
XF
CONFIRM
linux -- linux_kernel There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. 2020-02-06 3.6 CVE-2020-8649
MISC
linux -- linux_kernel
 
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. 2020-02-06 3.6 CVE-2020-8647
MISC
linux -- linux_kernel
 
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. 2020-01-31 1.9 CVE-2019-3016
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. 2020-02-06 3.6 CVE-2020-8648
MISC
nextcloud -- nextcloud
 
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. 2020-02-04 3.5 CVE-2019-15618
MISC
MISC
paessler -- prtg
 
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. 2020-02-03 2.1 CVE-2019-19119
MISC
MISC
MISC
MISC
pandora_fms -- pandora_fms
 
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. 2020-02-04 3.5 CVE-2019-19968
MISC
MISC
sos -- jobscheduler
 
A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. 2020-02-05 3.5 CVE-2020-6854
MISC
wordpress -- wordpress A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). 2020-02-04 2.6 CVE-2020-8615
MISC
MISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arctic_torrent -- arctic_torrent
 
A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. 2020-02-06 not yet calculated CVE-2012-6309
MISC
atmail -- atmail_webmail_server
 
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. 2020-02-06 not yet calculated CVE-2012-2593
MISC
MISC
belkin -- n300_router
 
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." 2020-02-07 not yet calculated CVE-2013-3091
MISC
MISC
MISC
biscom -- biscom_secure_file_transfer
 
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. 2020-02-07 not yet calculated CVE-2020-8796
MISC
bludit -- bludit
 
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. 2020-02-07 not yet calculated CVE-2020-8811
MISC
boonex -- dolphin
 
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. 2020-02-06 not yet calculated CVE-2013-3638
BID
XF
bosch -- bvms_mobile_video_service
 
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed. 2020-02-07 not yet calculated CVE-2020-6770
CONFIRM
bosch -- video_management_system
 
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. 2020-02-07 not yet calculated CVE-2020-6768
CONFIRM
bosch -- video_management_system
 
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. 2020-02-06 not yet calculated CVE-2020-6767
CONFIRM
bosch -- video_streaming_gateway
 
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. 2020-02-07 not yet calculated CVE-2020-6769
CONFIRM
broadcom -- multiple_devices
 
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. 2020-02-05 not yet calculated CVE-2019-15126
CONFIRM
broadcom -- wi_wifi_driver
 
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. 2020-02-03 not yet calculated CVE-2019-9501
MISC
CERT-VN
broadcom -- wi_wifi_driver
 
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. 2020-02-03 not yet calculated CVE-2019-9502
MISC
CERT-VN
brother -- mfc-9970cdw_device Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. 2020-02-04 not yet calculated CVE-2013-2676
MISC
XF
BID
brother -- mfc-9970cdw_device
 
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. 2020-02-05 not yet calculated CVE-2013-2675
MISC
XF
BID
c-more -- touch_panels_ea9_series
 
It is possible to unmask credentials and other sensitive information on ?unprotected? project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. 2020-02-05 not yet calculated CVE-2020-6969
MISC
canonical -- ubuntu Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling. 2020-02-08 not yet calculated CVE-2019-11485
MISC
MISC
canonical -- ubuntu Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. 2020-02-08 not yet calculated CVE-2019-11483
MISC
MISC
canonical -- ubuntu Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. 2020-02-08 not yet calculated CVE-2019-11481
MISC
MISC
canonical -- ubuntu
 
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. 2020-02-08 not yet calculated CVE-2019-11482
MISC
MISC
canonical -- ubuntu
 
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. 2020-02-08 not yet calculated CVE-2019-11484
MISC
MISC
ceph -- rgw_beast
 
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. 2020-02-07 not yet calculated CVE-2020-1700
SUSE
CONFIRM
cgilua -- cgilua
 
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID. 2020-02-06 not yet calculated CVE-2014-2875
MISC
MISC
MISC
cgilua -- cgilua
 
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. 2020-02-06 not yet calculated CVE-2014-10400
MISC
MISC
MISC
cgilua -- cgilua
 
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. 2020-02-06 not yet calculated CVE-2014-10399
MISC
MISC
MISC
chamilo -- chamilo_lms
 
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. 2020-02-08 not yet calculated CVE-2012-4029
MISC
MISC
MISC
changing_information_technology -- servisign
 
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. 2020-02-03 not yet calculated CVE-2020-3925
CONFIRM
cisco -- application_control_engine
 
Cisco ACE A2(3.6) allows log retention DoS. 2020-02-07 not yet calculated CVE-2013-1202
MISC
cisco -- cisco_discovery_protocol
 
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-02-05 not yet calculated CVE-2020-3120
MISC
CISCO
cisco -- cisco_discovery_protocol
 
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-02-05 not yet calculated CVE-2020-3118
MISC
CISCO
cisco -- cisco_discovery_protocol
 
A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2020-02-05 not yet calculated CVE-2020-3119
MISC
CISCO
cisco -- linksys_wrt110
 
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. 2020-02-06 not yet calculated CVE-2013-3568
EXPLOIT-DB
BID
XF
clamav -- clam_antivirus
 
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-02-05 not yet calculated CVE-2020-3123
CISCO
corsair -- corsair_icue
 
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. 2020-02-07 not yet calculated CVE-2020-8808
MISC
MISC
d-link -- dir865l_devices
 
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. 2020-02-07 not yet calculated CVE-2013-3096
MISC
MISC
MISC
dd-wrt -- dd-wrt
 
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. 2020-02-06 not yet calculated CVE-2012-6297
BUGTRAQ
MISC
FULLDISC
MISC
dedicated_micros -- multiple_dvr_products Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." 2020-02-06 not yet calculated CVE-2015-2909
MISC
MISC
dell -- dmc_isilon_onefs
 
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. 2020-02-06 not yet calculated CVE-2020-5318
MISC
dell -- emc_ecs
 
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. 2020-02-06 not yet calculated CVE-2020-5317
MISC
dell -- multiple_products
 
Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence. 2020-02-06 not yet calculated CVE-2020-5319
MISC
den_norske_turistforening -- im-metadata im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. 2020-02-04 not yet calculated CVE-2019-10788
CONFIRM
MISC
den_norske_turistforening -- im-resize
 
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. 2020-02-04 not yet calculated CVE-2019-10787
CONFIRM
MISC
docker -- docker
 
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. 2020-02-07 not yet calculated CVE-2014-5278
MISC
MISC
MISC
drupal -- drupal
 
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. 2020-02-08 not yet calculated CVE-2012-5570
MISC
MISC
MISC
CONFIRM
eyesofnetwork -- eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. 2020-02-06 not yet calculated CVE-2020-8657
MISC
eyesofnetwork -- eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. 2020-02-07 not yet calculated CVE-2020-8656
MISC
eyesofnetwork -- eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. 2020-02-07 not yet calculated CVE-2020-8654
MISC
eyesofnetwork -- eyesofnetwork
 
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. 2020-02-07 not yet calculated CVE-2020-8655
MISC
f5 -- big-ip
 
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. 2020-02-06 not yet calculated CVE-2020-5854
CONFIRM
flowplayer -- flowplayer_flash
 
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. 2020-02-08 not yet calculated CVE-2011-3642
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
fork_cms -- fork_cms
 
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. 2020-02-08 not yet calculated CVE-2014-9470
MISC
MISC
MISC
MISC
MISC
MISC
fortinet -- forticlient_for_linux A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. 2020-02-06 not yet calculated CVE-2019-16152
MISC
CONFIRM
fortinet -- forticlient_for_linux
 
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. 2020-02-06 not yet calculated CVE-2019-17652
MISC
CONFIRM
fortinet -- forticlient_for_linux
 
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. 2020-02-06 not yet calculated CVE-2019-15711
MISC
CONFIRM
fortinet -- forticlient_for_linux
 
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. 2020-02-07 not yet calculated CVE-2019-16155
MISC
CONFIRM
foxit -- phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773. 2020-02-08 not yet calculated CVE-2019-13333
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776. 2020-02-08 not yet calculated CVE-2019-17136
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774. 2020-02-08 not yet calculated CVE-2019-13334
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775. 2020-02-08 not yet calculated CVE-2019-17135
MISC
fujitsu -- multiple_products The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. 2020-02-07 not yet calculated CVE-2019-13163
CONFIRM
gnome -- librsvg In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. 2020-02-02 not yet calculated CVE-2019-20446
MISC
gnome -- evolution_and_evolution_data_server
 
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. 2020-02-06 not yet calculated CVE-2013-4166
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
golang -- go
 
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. 2020-02-08 not yet calculated CVE-2015-5741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
google -- android
 
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. 2020-02-07 not yet calculated CVE-2014-7224
MISC
MISC
MISC
MISC
google -- chrome
 
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. 2020-02-06 not yet calculated CVE-2010-3917
MISC
MISC
hardcoreview -- hardcoreview
 
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. 2020-02-06 not yet calculated CVE-2012-6306
MISC
MISC
hp -- sitescope
 
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. 2020-02-04 not yet calculated CVE-2015-2802
CONFIRM
CONFIRM
MISC
MISC
MISC
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. 2020-02-05 not yet calculated CVE-2019-4616
XF
CONFIRM
ibm -- security_identity_manager
 
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. 2020-02-04 not yet calculated CVE-2019-4675
XF
CONFIRM
imagemagick -- imagemagick
 
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2020-02-06 not yet calculated CVE-2016-7523
MISC
MISC
MISC
MISC
imagemagick -- imagemagick
 
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2020-02-06 not yet calculated CVE-2016-7524
MISC
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
imagemagick -- imagemagick
 
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. 2020-02-06 not yet calculated CVE-2014-2030
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
CONFIRM
imagemagick -- imagemagick
 
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. 2020-02-06 not yet calculated CVE-2014-1958
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
ispconfig -- ispconfig
 
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution 2020-02-07 not yet calculated CVE-2013-3629
MISC
MISC
MISC
MISC
jpegsnoop -- jpegsnoop
 
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code 2020-02-06 not yet calculated CVE-2012-6307
MISC
MISC
kemp -- load_master
 
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. 2020-02-07 not yet calculated CVE-2014-5288
MISC
MISC
konqueror -- konqueror
 
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." 2020-02-08 not yet calculated CVE-2012-4512
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

linksys -- wrt310n_wireless_router

Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. 2020-02-07 not yet calculated CVE-2013-3067
MISC
MISC
MISC
linuxmint -- linuxmint
 
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. 2020-02-07 not yet calculated CVE-2012-1567
MISC
MISC
linuxmint -- linuxmint
 
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. 2020-02-07 not yet calculated CVE-2012-1566
MISC
mariadb -- mariadb
 
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. 2020-02-04 not yet calculated CVE-2020-7221
MISC
CONFIRM
MISC
mcabber -- mcabber
 
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. 2020-02-06 not yet calculated CVE-2016-9928
CONFIRM
MISC
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
mediawiki -- mediawiki
 
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. 2020-02-08 not yet calculated CVE-2012-4381
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mediawiki -- mediawiki
 
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. 2020-02-06 not yet calculated CVE-2013-4572
MISC
MISC
CONFIRM
MISC
mikrotik -- winbox
 
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. 2020-02-06 not yet calculated CVE-2020-5720
MISC
multiple_vendors -- multiple_products
 
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. 2020-02-05 not yet calculated CVE-2015-5628
CONFIRM
MISC
multiple_vendors -- multiple_products
 
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. 2020-02-05 not yet calculated CVE-2015-5627
CONFIRM
MISC
multiple_vendors -- multiple_products
 
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. 2020-02-05 not yet calculated CVE-2015-5626
CONFIRM
MISC
netcracker -- resource_management_system
 
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. 2020-02-08 not yet calculated CVE-2015-3423
MISC
MISC
netcracker -- resource_management_system
 
Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. 2020-02-08 not yet calculated CVE-2015-2207
MISC
MISC
netgear -- wgr614_wireless_router
 
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. 2020-02-06 not yet calculated CVE-2012-6340
MISC
MISC
MISC
netgear -- wgr614_wireless_router
 
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. 2020-02-06 not yet calculated CVE-2012-6341
MISC
MISC
netis -- wf2419_router Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. 2020-02-07 not yet calculated CVE-2019-19356
MISC
network-manager -- network-manager network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. 2020-02-04 not yet calculated CVE-2019-10786
MISC
nextcloud -- circles
 
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. 2020-02-04 not yet calculated CVE-2019-15610
MISC
MISC
nextcloud -- nextcloud_android
 
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. 2020-02-04 not yet calculated CVE-2019-15615
MISC
MISC
nextcloud -- nextcloud_android
 
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. 2020-02-04 not yet calculated CVE-2019-15622
MISC
MISC
nextcloud -- nextcloud_ios
 
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. 2020-02-04 not yet calculated CVE-2019-15611
MISC
MISC
nextcloud -- nextcloud_ios
 
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. 2020-02-04 not yet calculated CVE-2019-15614
MISC
MISC
nextcloud -- nextcloud_server Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. 2020-02-04 not yet calculated CVE-2019-15621
MISC
MISC
nextcloud -- nextcloud_server
 
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. 2020-02-04 not yet calculated CVE-2019-15616
MISC
MISC
nextcloud -- nextcloud_server
 
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. 2020-02-04 not yet calculated CVE-2019-15612
MISC
MISC
nextcloud -- nextcloud_server
 
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. 2020-02-04 not yet calculated CVE-2019-15613
MISC
MISC
nextcloud -- nextcloud_server
 
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. 2020-02-04 not yet calculated CVE-2019-15617
MISC
MISC
nextcloud -- nextcloud_server
 
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. 2020-02-04 not yet calculated CVE-2019-15624
MISC
MISC
nextcloud -- nextcloud_server_and_talk_and_deck
 
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. 2020-02-04 not yet calculated CVE-2019-15619
MISC
MISC
MISC
MISC
nextcloud -- nextcloud_server A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. 2020-02-04 not yet calculated CVE-2020-8121
MISC
MISC
nextcloud -- nextcloud_server
 
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. 2020-02-04 not yet calculated CVE-2020-8118
MISC
MISC
nextcloud -- nextcloud_server
 
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. 2020-02-04 not yet calculated CVE-2020-8122
MISC
MISC
nghttp2 -- nghttp2
 
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). 2020-02-06 not yet calculated CVE-2016-1544
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
node.js -- node.js
 
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate 2020-02-07 not yet calculated CVE-2019-15604
MISC
CONFIRM
node.js -- node.js
 
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons 2020-02-07 not yet calculated CVE-2019-15606
MISC
CONFIRM
node.js -- node.js
 
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed 2020-02-07 not yet calculated CVE-2019-15605
MISC
FEDORA
CONFIRM
nuxeo -- nuxeo_platform
 
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. 2020-02-06 not yet calculated CVE-2013-4521
CONFIRM
MISC
CONFIRM
nw.js -- nw.js
 
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. 2020-02-07 not yet calculated CVE-2014-9530
CONFIRM
omniauth-weibo-oauth2_gen_for_ruby_on_rails -- omniauth-weibo-oauth2_gen_for_ruby_on_ra
 
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. 2020-02-07 not yet calculated CVE-2019-17268
MISC
CONFIRM
open-school -- open-school_community_edition
 
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. 2020-02-08 not yet calculated CVE-2014-9126
MISC
open-school -- open-school_community_edition
 
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. 2020-02-08 not yet calculated CVE-2014-9127
MISC
openfiler -- openfiler
 
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. 2020-02-07 not yet calculated CVE-2011-1086
MISC
MISC
MISC
openshift-enterprise -- openshift-enterprise
 
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. 2020-02-07 not yet calculated CVE-2020-1708
CONFIRM
openvas -- openvas_manager
 
OpenVAS Manager v2.0.3 allows plugin remote code execution. 2020-02-06 not yet calculated CVE-2011-1597
MISC
opopensocialplugin -- opopensocialplugin
 
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities 2020-02-07 not yet calculated CVE-2013-4335
MISC
MISC
MISC
opservices -- opmon
 
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. 2020-02-06 not yet calculated CVE-2020-7954
MISC
MISC
opservices -- opmon
 
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option. 2020-02-06 not yet calculated CVE-2020-7953
MISC
MISC
opservices -- opservices_opmon
 
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . 2020-02-06 not yet calculated CVE-2020-8636
MISC
opwebapiplugin -- opwebapiplugin
 
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities 2020-02-07 not yet calculated CVE-2013-4334
MISC
MISC
otrs -- otrs
 
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions. 2020-02-07 not yet calculated CVE-2020-1768
CONFIRM
percona -- percona_monitoring_and_management
 
pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. 2020-02-06 not yet calculated CVE-2020-7920
MISC
MISC
MISC
MISC
phppgadmin -- phppgadmin
 
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. 2020-02-04 not yet calculated CVE-2019-10784
MISC
projectpier -- projectpier
 
ProjectPier 0.8.8 has stored XSS 2020-02-07 not yet calculated CVE-2013-3635
MISC
projectpier -- projectpier
 
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag 2020-02-07 not yet calculated CVE-2013-3636
MISC
MISC
MISC
projectpier -- projectpier
 
ProjectPier 0.8.8 does not use the Secure flag for cookies 2020-02-07 not yet calculated CVE-2013-3637
MISC
qemu -- qemu
 
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. 2020-02-06 not yet calculated CVE-2020-8608
MISC
MISC
MISC
qualcomm -- multiple_snapdragon_products
 
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130 2020-02-07 not yet calculated CVE-2019-14088
CONFIRM
MISC
railo -- railo
 
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. 2020-02-07 not yet calculated CVE-2014-5468
MISC
MISC
MISC
MISC
MISC
revive -- adserver
 
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. 2020-02-04 not yet calculated CVE-2020-8115
MISC
MISC
samsung -- multiple_mobile_devices
 
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. 2020-02-04 not yet calculated CVE-2019-19273
CONFIRM
schmid -- zi_620_v400_090_routers
 
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. 2020-02-06 not yet calculated CVE-2020-6760
MISC
simple_machines -- simple_machines_forum
 
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. 2020-02-07 not yet calculated CVE-2013-0192
MISC
MISC
MISC
simplejobscript.com -- simplejobscript.com
 
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. 2020-02-07 not yet calculated CVE-2020-8645
MISC
smoothwall -- smoothwall_express
 
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. 2020-02-07 not yet calculated CVE-2011-1084
MISC
smoothwall -- smoothwall_express
 
CSRF vulnerability in Smoothwall Express 3. 2020-02-07 not yet calculated CVE-2011-1085
MISC
sphider -- sphider_search_engine
 
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. 2020-02-07 not yet calculated CVE-2014-5087
MISC
MISC
status2k -- status2k A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. 2020-02-07 not yet calculated CVE-2014-5091
MISC
MISC
MISC
MISC
statusnet -- statusnet
 
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. 2020-02-07 not yet calculated CVE-2010-4658
MISC
MISC
synaptive -- medical_clearcanvas_imageserver
 
Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. 2020-02-07 not yet calculated CVE-2020-8788
MISC
teamviewer -- teamviewer
 
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. 2020-02-07 not yet calculated CVE-2019-18988
MISC
MISC
MISC
MISC
tianocore -- edk2
 
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. 2020-02-06 not yet calculated CVE-2014-8271
MISC
MISC
troglobit -- minisnmpd A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. 2020-02-04 not yet calculated CVE-2020-6060
MISC
ubiquiti_networks -- unifi_controller
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. 2020-02-08 not yet calculated CVE-2014-2225
MISC
MISC
ui -- edgeswitch
 
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). 2020-02-07 not yet calculated CVE-2020-8126
MISC
unshift -- url-parse
 
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. 2020-02-04 not yet calculated CVE-2020-8124
MISC
ushahidi -- ushahidi
 
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. 2020-02-04 not yet calculated CVE-2012-5618
MISC
MISC
videolan -- vlc_media_player
 
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. 2020-02-06 not yet calculated CVE-2013-3564
MISC
vtiger -- vtiger_crm
 
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. 2020-02-06 not yet calculated CVE-2015-6000
MISC
MISC
MISC
vtiger -- vtiger_crm
 
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability 2020-02-07 not yet calculated CVE-2013-3591
MISC
MISC
MISC
MISC
watchguard -- firewire_xtm 
 
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. 2020-02-07 not yet calculated CVE-2014-6413
MISC
MISC
MISC
MISC
webcalendar -- webcalendar
 
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). 2020-02-04 not yet calculated CVE-2013-1422
MISC
MISC
MISC
wordpress -- wordpress
 
WordPress Super Cache Plugin 1.3 has XSS. 2020-02-07 not yet calculated CVE-2013-2008
MISC
MISC
MISC
wordpress -- wordpress
 
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. 2020-02-06 not yet calculated CVE-2020-8771
MISC
MISC
wordpress -- wordpress
 
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. 2020-02-08 not yet calculated CVE-2014-8739
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution 2020-02-07 not yet calculated CVE-2013-2009
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. 2020-02-06 not yet calculated CVE-2020-8772
MISC
MISC
wordpress -- wordpress
 
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. 2020-02-08 not yet calculated CVE-2015-2062
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. 2020-02-08 not yet calculated CVE-2015-1394
MISC
MISC
MISC
MISC
MISC
zabbix -- zabbix
 
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability 2020-02-07 not yet calculated CVE-2013-3628
MISC
MISC
MISC
MISC
zoho_manageengine -- applications_manager
 
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. 2020-02-06 not yet calculated CVE-2019-19800
MISC
MISC
MISC
zoho_manageengine -- applications_manager_and_ops_manager
 
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. 2020-02-08 not yet calculated CVE-2014-7863
MISC
MISC
MISC
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No