Bulletin (SB20-055)

Vulnerability Summary for the Week of February 17, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- macos_x Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. 2020-02-21 7.5 CVE-2016-4606
MISC
MISC
MISC
berkeley --  berkeley_open_infrastructure_for_network_computing Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2020-02-20 7.5 CVE-2013-2018
MISC
MISC
broadcom -- ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. 2020-02-18 10 CVE-2020-8010
CONFIRM
broadcom -- ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. 2020-02-18 7.5 CVE-2020-8012
CONFIRM
eltex -- ntp-rg-1402g_router
 
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. 2020-02-17 10 CVE-2020-9026
MISC
eltex -- ntp-rg-1402g_router
 
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. 2020-02-17 10 CVE-2020-9027
MISC
hcl -- appscan_standard_edition
 
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. 2020-02-14 10 CVE-2019-4392
MISC
horde -- groupware_webmail_edition
 
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. 2020-02-17 7.5 CVE-2020-8518
FEDORA
FEDORA
CONFIRM
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960. 2020-02-19 7.2 CVE-2020-4204
XF
CONFIRM
iteris -- vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. 2020-02-17 10 CVE-2020-9020
MISC
iteris -- vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. 2020-02-17 7.5 CVE-2020-9023
MISC
iteris -- vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. 2020-02-17 10 CVE-2020-9024
MISC
jsreport -- jsreport
 
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. 2020-02-14 7.5 CVE-2020-8128
MISC
jsreport -- script-manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. 2020-02-14 7.5 CVE-2020-8129
MISC
moxa -- mgate_5105-mb-eip_series_protocol_gateways
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. 2020-02-14 9 CVE-2020-8858
MISC
MISC
nec -- multiple_aterm_series_devices
 
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. 2020-02-21 8.3 CVE-2020-5524
MISC
MISC
MISC
nec -- multiple_aterm_series_devices
 
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. 2020-02-21 7.7 CVE-2020-5525
MISC
MISC
nec -- multiple_aterm_series_devices
 
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. 2020-02-21 7.7 CVE-2020-5534
MISC
MISC
netsweeper -- netsweeper Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. 2020-02-19 7.5 CVE-2014-9613
MISC
netsweeper -- netsweeper The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. 2020-02-19 7.5 CVE-2014-9614
MISC
netsweeper -- netsweeper SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. 2020-02-19 7.5 CVE-2014-9612
MISC
openx -- openx_ad_server A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code 2020-02-14 7.5 CVE-2013-4211
MISC
MISC
MISC
MISC
MISC
post_oak_traffic_systems -- awam_bluetooth_multiple_field_devices Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. 2020-02-17 10 CVE-2020-9021
MISC
prestashop -- prestashop PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module 2020-02-18 7.5 CVE-2013-6295
MISC
MISC
proftpd -- proftpd
 
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. 2020-02-20 9 CVE-2020-9273
CONFIRM
CONFIRM
MLIST
promise-probe -- promise-probe promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. 2020-02-18 7.5 CVE-2019-10791
MISC
MISC
soplanning -- simple_online_planning SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. 2020-02-18 9 CVE-2020-9269
MISC
spacewalk_project -- spacewalk
 
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. 2020-02-17 7.5 CVE-2020-1693
CONFIRM
MISC
MISC
wordpress -- wordpress
 
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. 2020-02-17 9 CVE-2020-9043
MISC
MISC
MISC
wordpress -- wordpress
 
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) 2020-02-17 7.5 CVE-2020-9006
MISC
MISC
MISC
MISC
xorus -- lpar2rrd
 
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. 2020-02-17 10 CVE-2014-4981
MISC
MISC
MISC
MISC
BID
XF
yeager -- yeager_cms SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. 2020-02-18 7.5 CVE-2015-7567
MISC
MISC
MISC
MISC
zabbix -- zabbix
 
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. 2020-02-17 7.5 CVE-2013-3738
MISC
zend_framework -- zend_framework SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. 2020-02-17 7.5 CVE-2014-8089
MISC
MISC
BID
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abb -- asset_suite
 
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. 2020-02-17 5.5 CVE-2019-18998
CONFIRM
accusoft -- imagegear An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 6.8 CVE-2019-5187
MISC
accusoft -- imagegear An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2020-02-14 6.8 CVE-2020-6068
MISC
ai -- risknet_acquirer RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. 2020-02-14 5 CVE-2013-5687
XF
aishu_technology -- anyshare_cloud AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. 2020-02-16 4 CVE-2020-8996
MISC
arvato -- skillpipe
 
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. 2020-02-16 4 CVE-2020-9013
MISC
MISC
atos -- unify_openscape_uc_web_client Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload. 2020-02-21 4.3 CVE-2019-19865
MISC
MISC
broadcom -- ca_unified_infrastructure_management
 
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. 2020-02-18 5 CVE-2020-8011
CONFIRM
cisco -- finesse
 
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-02-19 4.3 CVE-2020-3159
CISCO
cisco -- unified_communications_manager
 
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. 2020-02-19 4.3 CVE-2015-0749
MISC
codecov -- codecov-node
 
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. 2020-02-17 6.5 CVE-2020-7597
MISC
MISC
combodo -- itop iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version. 2020-02-14 5 CVE-2019-13967
MISC
MISC
combodo -- itop In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title). 2020-02-14 4.3 CVE-2019-13966
MISC
MISC
combodo -- itop In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. 2020-02-14 6.8 CVE-2019-11215
MISC
MISC
combodo -- itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. 2020-02-14 4.3 CVE-2019-13965
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640. 2020-02-14 6.8 CVE-2020-8856
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358. 2020-02-14 6.8 CVE-2020-8845
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400. 2020-02-14 6.8 CVE-2020-8846
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591. 2020-02-14 6.8 CVE-2020-8853
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606. 2020-02-14 6.8 CVE-2020-8854
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560. 2020-02-14 6.8 CVE-2020-8855
MISC
MISC
foxit -- reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413. 2020-02-14 6.8 CVE-2020-8849
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862. 2020-02-14 6.8 CVE-2020-8857
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415. 2020-02-14 6.8 CVE-2020-8850
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406. 2020-02-14 6.8 CVE-2020-8851
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. 2020-02-14 6.8 CVE-2020-8844
CONFIRM
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9414. 2020-02-14 6.8 CVE-2020-8847
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407. 2020-02-14 6.8 CVE-2020-8848
MISC
MISC
foxit -- reader
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416. 2020-02-14 4.3 CVE-2020-8852
MISC
MISC
gitlab -- gitlab GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. 2020-02-14 4 CVE-2019-15592
MISC
MISC
gitlab -- gitlab
 
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. 2020-02-14 4 CVE-2019-15594
MISC
MISC
gitlab -- gitlab_enterprise_edition In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. 2020-02-17 5 CVE-2020-8795
CONFIRM
MISC
gluu -- identity_configuration A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. 2020-02-16 4.3 CVE-2020-9012
MISC
huawei -- cloudlink_board
 
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. 2020-02-17 5 CVE-2020-1841
CONFIRM
huawei -- gaussdb_200 GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. 2020-02-17 4 CVE-2020-1853
CONFIRM
huawei -- gaussdb_200
 
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. 2020-02-18 6.5 CVE-2020-1790
CONFIRM
huawei -- gaussdb_200
 
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. 2020-02-18 6.5 CVE-2020-1811
CONFIRM
huawei -- hege-60_and_multiple_osca_products Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. 2020-02-18 4.6 CVE-2020-1843
CONFIRM
huawei -- hege-60_and_multiple_osca_products
 
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. 2020-02-18 4.6 CVE-2020-1842
CONFIRM
huawei -- multiple_osca_products
 
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. 2020-02-18 4.6 CVE-2020-1789
CONFIRM
huawei -- multiple_products Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service. 2020-02-17 5 CVE-2020-1858
CONFIRM
CONFIRM
huawei -- multiple_products Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. 2020-02-17 5 CVE-2020-1856
CONFIRM
huawei -- multiple_products

 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. 2020-02-18 4.3 CVE-2020-1816
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. 2020-02-18 4.3 CVE-2020-1815
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. 2020-02-17 5 CVE-2020-1827
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. 2020-02-17 5 CVE-2020-1828
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. 2020-02-17 5 CVE-2020-1829
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service. 2020-02-18 5 CVE-2020-1830
CONFIRM
huawei -- p30_smartphones HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. 2020-02-18 6.8 CVE-2020-1812
CONFIRM
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. 2020-02-19 5 CVE-2020-4135
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341. 2020-02-19 4 CVE-2020-4161
XF
CONFIRM

ibm -- emptoris_spend_analysis_and_emptoris_strategic_supply_management_platform

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348. 2020-02-20 6.5 CVE-2019-4752
XF
CONFIRM
CONFIRM
ibm -- jazz_foundation IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654. 2020-02-19 4 CVE-2019-4457
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. 2020-02-20 4 CVE-2019-4583
XF
CONFIRM
ibm -- maximo_asset_management
 
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. 2020-02-18 6.8 CVE-2013-3323
MISC
MISC
CONFIRM
icehrm -- icehrm ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. 2020-02-18 4.3 CVE-2020-9271
MISC
icehrm -- icehrm
 
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. 2020-02-18 6.8 CVE-2020-9270
MISC
imagemagick -- imagemagick Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. 2020-02-17 6.8 CVE-2014-1947
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ipsilon_project -- ipsilon
 
The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response. 2020-02-17 4.3 CVE-2015-5216
MISC
MISC
MISC
istio -- istio An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. 2020-02-14 5.8 CVE-2020-8843
MISC
MISC
CONFIRM
iteris -- vantage_velocity_field_unit_devices
 
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. 2020-02-17 4.3 CVE-2020-9025
MISC
jasper -- jasper Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. 2020-02-17 6.8 CVE-2015-8751
MISC
MISC
MISC
BID
MISC
joplin -- joplin Joplin through 1.0.184 allows Arbitrary File Read via XSS. 2020-02-17 4.3 CVE-2020-9038
MISC
MISC
lenovo -- xclarity_administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. 2020-02-14 4.3 CVE-2019-6194
CONFIRM
linux -- linux_kernel
 
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. 2020-02-14 4.9 CVE-2020-8992
MISC
lvm2 -- lvm2 vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. 2020-02-14 5 CVE-2020-8991
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. 2020-02-17 6.4 CVE-2020-9029
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). 2020-02-17 4.3 CVE-2020-9028
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. 2020-02-17 6.4 CVE-2020-9030
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. 2020-02-17 6.4 CVE-2020-9031
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. 2020-02-17 6.4 CVE-2020-9032
MISC
microsemi -- symmetricom_syncserver_devices Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. 2020-02-17 6.4 CVE-2020-9033
MISC
moodle -- moodle Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. 2020-02-17 4 CVE-2020-1692
CONFIRM
nec -- aterm_wg2600hs_device Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-02-21 4.3 CVE-2020-5533
MISC
MISC
netsurf -- libnsbmp libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. 2020-02-18 5 CVE-2015-7507
MISC
MISC
netsweeper -- netsweeper
 
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2020-02-19 4.3 CVE-2014-9607
MISC
netsweeper -- netsweeper
 
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. 2020-02-19 5 CVE-2014-9609
MISC
netsweeper -- netsweeper
 
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2020-02-19 5.8 CVE-2014-9617
MISC
netsweeper -- netsweeper
 
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. 2020-02-19 4.3 CVE-2014-9615
MISC
netsweeper -- netsweeper
 
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2020-02-19 4.3 CVE-2014-9608
MISC
netsweeper -- netsweeper
 
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. 2020-02-19 4.3 CVE-2014-9606
MISC
opensips -- opensips
 
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. 2020-02-17 5 CVE-2013-3722
MISC
proftpd -- proftpd
 
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. 2020-02-20 5 CVE-2020-9272
CONFIRM
CONFIRM
progress -- moveit_transfer In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. 2020-02-14 6 CVE-2020-8612
MISC
CONFIRM
CONFIRM
CONFIRM
progress -- moveit_transfer
 
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. 2020-02-14 6.5 CVE-2020-8611
MISC
CONFIRM
CONFIRM
CONFIRM
silverstripe -- silverstripe SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. 2020-02-19 4.3 CVE-2019-12246
MISC
MISC
CONFIRM
silverstripe -- silverstripe SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. 2020-02-17 4.3 CVE-2019-19325
CONFIRM
silverstripe -- silverstripe In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, 2020-02-19 6.8 CVE-2019-12437
MISC
MISC
CONFIRM
soplanning -- simple_online_planning SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. 2020-02-18 4.3 CVE-2020-9266
MISC
soplanning -- simple_online_planning SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. 2020-02-18 4.3 CVE-2020-9267
MISC
soplanning -- simple_online_planning
 
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. 2020-02-18 5 CVE-2020-9268
MISC
twiki -- twiki
 
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. 2020-02-17 6.4 CVE-2014-7236
MISC
MISC
BID
MISC
western_digital -- mycloud.com Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. 2020-02-20 4.3 CVE-2020-8960
MISC
MISC
wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-02-18 6.8 CVE-2020-5530
MISC
MISC
MISC
wordpress -- wordpress
 
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities 2020-02-18 6.4 CVE-2013-4454
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. 2020-02-17 4.3 CVE-2020-6850
MISC
MISC
MISC
xirrus -- multiple_wireless_arrays An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. 2020-02-17 4.3 CVE-2020-9022
MISC
zoho_manageengine -- remote_access_plus An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. 2020-02-17 4 CVE-2019-20474
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
codologic -- codofurm Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. 2020-02-15 3.5 CVE-2020-7050
CONFIRM
MISC
codologic -- codofurm
 
Codoforum 4.8.8 allows self-XSS via the title of a new topic. 2020-02-16 3.5 CVE-2020-9007
MISC
dolibarr -- dolibarr Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. 2020-02-16 3.5 CVE-2020-9016
MISC
huawei -- hege-60_and_hege-570_and_multiple_osca_products Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. 2020-02-18 3.6 CVE-2020-1855
CONFIRM
huawei -- mate_20_smartphones
 
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. 2020-02-18 2.1 CVE-2020-1791
CONFIRM
huawei -- multiple_products Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. 2020-02-18 3.5 CVE-2020-1814
CONFIRM
huawei -- multiple_products
 
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. 2020-02-17 2.1 CVE-2020-1857
CONFIRM
huawei -- multiple_smartphones
 
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. 2020-02-18 2.1 CVE-2020-1882
CONFIRM
prestashop -- prestashop PrestaShop before 1.4.11 allows logout CSRF. 2020-02-14 3.5 CVE-2013-4792
MISC
prestashop -- prestashop
 
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. 2020-02-14 3.5 CVE-2013-4791
MISC
wolf_cms -- wolf_cms A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. 2020-02-19 3.5 CVE-2012-1932
MISC
wordpress -- wordpress
 
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. 2020-02-14 3.5 CVE-2020-8594
MISC
CONFIRM
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abbott -- freestyle_libre_sensors
 
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018). 2020-02-16 not yet calculated CVE-2020-8997
MISC
adobe -- after_effects
 
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-02-20 not yet calculated CVE-2020-3765
CONFIRM
adobe -- media_encoder
 
Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-02-20 not yet calculated CVE-2020-3764
CONFIRM
ansible -- ansible The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. 2020-02-20 not yet calculated CVE-2014-4678
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ansible -- ansible
 
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. 2020-02-18 not yet calculated CVE-2014-4967
MISC
CONFIRM
ansible -- ansible
 
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. 2020-02-18 not yet calculated CVE-2014-4966
MISC
CONFIRM
ansible -- ansible
 
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. 2020-02-20 not yet calculated CVE-2014-4658
CONFIRM
BID
ansible -- ansible
 
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. 2020-02-20 not yet calculated CVE-2014-4657
CONFIRM
BID
ansible -- ansible
 
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. 2020-02-20 not yet calculated CVE-2014-4660
MISC
MISC
MISC
MISC
MISC
ansible -- ansible
 
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. 2020-02-20 not yet calculated CVE-2014-4659
CONFIRM
BID
apache -- jclouds
 
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. 2020-02-18 not yet calculated CVE-2014-4651
MISC
MISC
apple -- macos_x
 
The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5366
MISC
BID
atos -- unify_openscape_uc_web_client Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. 2020-02-21 not yet calculated CVE-2019-19866
MISC
MISC
audiofile -- audiofile
 
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. 2020-02-19 not yet calculated CVE-2015-7747
MISC
MISC
MISC
MISC
MISC
MISC
auieo -- candid_applicant_tracking_system
 
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. 2020-02-22 not yet calculated CVE-2020-9341
MISC
avira -- antivirus_engine
 
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. 2020-02-20 not yet calculated CVE-2020-9320
MISC
MISC
MISC
axous -- axous Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. 2020-02-20 not yet calculated CVE-2012-2629
MISC
MISC
bodymen -- bodymen
 
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10792
MISC
MISC
bosch -- security_systems_nbn-498_dinion2x_ip_cameras The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. 2020-02-18 not yet calculated CVE-2015-6970
MISC
cacti -- cacti
 
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. 2020-02-22 not yet calculated CVE-2020-8813
MISC
MISC
MISC
MISC
cisco -- adaptive_security_appliance
 
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. 2020-02-19 not yet calculated CVE-2011-2054
CISCO
cisco -- anyconnect_secure_mobility_client_for_windows
 
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. 2020-02-19 not yet calculated CVE-2020-3153
CISCO
cisco -- asyncos_software_for_cisco_email_security_appliance A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. 2020-02-19 not yet calculated CVE-2020-3132
CISCO
cisco -- cloud_web_security A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database. 2020-02-19 not yet calculated CVE-2020-3154
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2020-02-19 not yet calculated CVE-2020-3113
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. 2020-02-19 not yet calculated CVE-2020-3114
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. 2020-02-19 not yet calculated CVE-2020-3112
CISCO
cisco -- enterprise_nfv_infrastructure_software
 
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device. 2020-02-19 not yet calculated CVE-2020-3138
CISCO
cisco -- identity_services_engine A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2020-02-19 not yet calculated CVE-2020-3156
CISCO
cisco -- ios_xe_sd-wan_software
 
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. 2020-02-19 not yet calculated CVE-2019-1950
CONFIRM
cisco -- linksys_e4200_router
 
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi. 2020-02-18 not yet calculated CVE-2013-2679
MISC
MISC
MISC
MISC
MISC
cisco -- meeting_server
 
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. 2020-02-19 not yet calculated CVE-2020-3160
CISCO
cisco -- smart_software_manager_on-prem A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. 2020-02-19 not yet calculated CVE-2020-3158
CISCO
cisco -- unified_contact_center_enterprise
 
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. 2020-02-19 not yet calculated CVE-2020-3163
CISCO
compenent -- flatten.js All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10794
CONFIRM
coturn -- coturn
 
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. 2020-02-19 not yet calculated CVE-2020-6061
MISC
coturn -- coturn
 
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. 2020-02-19 not yet calculated CVE-2020-6062
MISC
couchbase -- couchbase_server Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access). 2020-02-22 not yet calculated CVE-2020-9039
CONFIRM
d-link -- dap-1330_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. 2020-02-22 not yet calculated CVE-2020-8861
N/A
N/A
d-link -- dap-6210_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. 2020-02-22 not yet calculated CVE-2020-8862
N/A
N/A
d-link -- dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. 2020-02-21 not yet calculated CVE-2020-6842
MISC
CONFIRM
d-link -- dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. 2020-02-21 not yet calculated CVE-2020-6841
MISC
CONFIRM
d-link -- dsr-250n_devices
 
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. 2020-02-19 not yet calculated CVE-2012-6614
CONFIRM
MISC
MISC
debian -- x11-common
 
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. 2020-02-21 not yet calculated CVE-2012-1093
MISC
MISC
MISC
MISC
MISC
dell -- client_consumer_and_commericial_platforms Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. 2020-02-21 not yet calculated CVE-2020-5324
MISC
dell -- client_platforms
 
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. 2020-02-21 not yet calculated CVE-2020-5326
MISC
dot-object -- dot-object dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10793
MISC
MISC
drupal -- drupal The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. 2020-02-18 not yet calculated CVE-2013-4228
MISC
MISC
MISC
MISC
MISC
drupal -- drupal
 
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. 2020-02-18 not yet calculated CVE-2013-4226
MISC
MISC
MISC
drupal -- drupal
 
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. 2020-02-18 not yet calculated CVE-2013-4227
MISC
MISC
MISC
MISC
election -- election fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. 2020-02-22 not yet calculated CVE-2020-9340
MISC
election -- election
 
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. 2020-02-22 not yet calculated CVE-2020-9336
MISC
electronic_arts -- origin
 
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. 2020-02-20 not yet calculated CVE-2019-19741
MISC
emerson -- openenterprise_scada_server A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. 2020-02-19 not yet calculated CVE-2020-6970
MISC
eset -- multiple_products
 
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. 2020-02-18 not yet calculated CVE-2020-9264
FULLDISC
MISC
MISC
f-secure -- multiple_products The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. 2020-02-22 not yet calculated CVE-2020-9342
MISC
facebook -- hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000004
CONFIRM
CONFIRM
facebook -- hhvm mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000005
CONFIRM
CONFIRM
facebook -- hhvm HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). 2020-02-19 not yet calculated CVE-2016-1000109
CONFIRM
MISC
CONFIRM
freebsd -- freebsd The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. 2020-02-20 not yet calculated CVE-2015-2923
MISC
MISC
MISC
MISC
freebsd -- freebsd In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. 2020-02-18 not yet calculated CVE-2020-7450
MISC
freebsd -- freebsd In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. 2020-02-18 not yet calculated CVE-2019-5613
MISC
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. 2020-02-18 not yet calculated CVE-2019-15875
MISC
general_electric -- ultrasound_products
 
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 2020-02-20 not yet calculated CVE-2020-6977
MISC
gitlab -- gitlab_enterprise_edition
 
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. 2020-02-17 not yet calculated CVE-2019-12825
MISC
CONFIRM
gogs -- gogs Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. 2020-02-21 not yet calculated CVE-2020-9329
MISC
golang -- go golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. 2020-02-20 not yet calculated CVE-2020-9283
CONFIRM
google -- android
 
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. 2020-02-21 not yet calculated CVE-2014-7914
MISC
google -- android
 
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. 2020-02-20 not yet calculated CVE-2014-7951
MISC
MISC
MISC
MISC
MISC
goverlan -- reach_console_ and_reach_server_and_client_agent Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. 2020-02-16 not yet calculated CVE-2019-20456
MISC
hitron -- coda-4582u-devices
 
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. 2020-02-19 not yet calculated CVE-2020-8824
MISC
honeywell -- inncom_inncontrol_3_device Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. 2020-02-20 not yet calculated CVE-2020-6968
MISC
hp -- forfity_sca The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. 2020-02-19 not yet calculated CVE-2014-2228
CONFIRM
huawei -- p10_plus_smartphones
 
Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. 2020-02-18 not yet calculated CVE-2020-1872
CONFIRM
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. 2020-02-19 not yet calculated CVE-2020-4230
XF
CONFIRM
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914. 2020-02-19 not yet calculated CVE-2020-4200
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. 2020-02-19 not yet calculated CVE-2019-4429
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. 2020-02-19 not yet calculated CVE-2019-4640
XF
CONFIRM
ibm -- tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. 2020-02-18 not yet calculated CVE-2012-0718
MISC
jackweb -- gecko_cms
 
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities 2020-02-18 not yet calculated CVE-2015-1425
MISC
jetbrains -- scala_plugin In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. 2020-02-21 not yet calculated CVE-2020-7907
MISC
MISC
jyaml -- jyaml
 
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. 2020-02-19 not yet calculated CVE-2020-8441
MISC
MISC
MISC
MISC
kaseya -- traverse Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data. 2020-02-17 not yet calculated CVE-2020-8427
CONFIRM
kaseya -- virtual_system_administrator
 
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. 2020-02-17 not yet calculated CVE-2015-6922
MISC
MISC
MISC
MISC
MISC
labvantage_solutions -- labvantage_laboratory_information_management
 
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist. 2020-02-17 not yet calculated CVE-2020-7959
MISC
EXPLOIT-DB
libarchive -- libarchive
 
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. 2020-02-20 not yet calculated CVE-2020-9308
MISC
MISC
MISC
libnsfig -- libnsfig Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file. 2020-02-18 not yet calculated CVE-2015-7505
MISC
MISC
libnsfig -- libnsfig The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file. 2020-02-18 not yet calculated CVE-2015-7506
MISC
linux -- linux_kernel OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. 2020-02-19 not yet calculated CVE-2012-0055
MLIST
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
linux -- linux_kernel fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. 2020-02-20 not yet calculated CVE-2011-4915
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. 2020-02-20 not yet calculated CVE-2011-0699
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. 2020-02-20 not yet calculated CVE-2011-2498
MISC
MISC
MISC
MISC
MISC
longtail_video -- jw_player
 
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. 2020-02-20 not yet calculated CVE-2012-3351
MISC
MISC
MISC
MISC
MISC
MISC
mcafee -- data_exchange_layer_framework Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. 2020-02-17 not yet calculated CVE-2020-7252
CONFIRM
microsemi -- symmetricom_syncserver Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. 2020-02-17 not yet calculated CVE-2020-9034
MISC
microsoft -- windows_7
 
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5364
MISC
BID
mitsubishi_electric -- multiple_controller_modules
 
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. 2020-02-17 not yet calculated CVE-2020-5531
MISC
MISC
moped_gem_for_ruby_on_rails -- moped_gem_for_ruby_on_rails The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. 2020-02-20 not yet calculated CVE-2015-4411
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moped_gem_for_ruby_on_rails -- moped_gem_for_ruby_on_rails
 
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. 2020-02-20 not yet calculated CVE-2015-4410
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox
 
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding 2020-02-18 not yet calculated CVE-2013-5594
MISC
MISC
multiple_vendors -- multiple_products The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. 2020-02-20 not yet calculated CVE-2012-5362
MISC
BID
multiple_vendors -- multiple_products
 
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. 2020-02-20 not yet calculated CVE-2012-5363
MISC
BID
multiple_vendors -- multiple_products
 
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." 2020-02-21 not yet calculated CVE-2012-6277
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
multiple_vendors -- multiple_products
 
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices allow attackers to bypass intended TACACS+ shell restrictions via a | character. 2020-02-20 not yet calculated CVE-2020-9015
MISC
MISC
multiple_vendors -- multiple_products
 
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. 2020-02-20 not yet calculated CVE-2012-5365
MISC
BID
musl -- libc Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. 2020-02-20 not yet calculated CVE-2014-3484
MISC
MISC
netsurf -- netsurf Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. 2020-02-21 not yet calculated CVE-2012-0844
MISC
MISC
MISC
BID
nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails Nokogiri before 1.5.4 is vulnerable to XXE attacks 2020-02-19 not yet calculated CVE-2012-6685
MISC
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuite OX App Suite through 7.10.2 allows SSRF. 2020-02-21 not yet calculated CVE-2019-18846
MISC
open_dynamics -- collabtive Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. 2020-02-17 not yet calculated CVE-2015-0258
MISC
MISC
open_networking_foundation -- open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16302
MISC
open_networking_foundation -- open_network_operating_system Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy. 2020-02-20 not yet calculated CVE-2019-11189
MISC
open_networking_foundation -- open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16299
MISC
open_networking_foundation -- open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16300
MISC
open_networking_foundation -- open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16301
MISC
open_networking_foundation -- open_network_operating_system An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16298
MISC
open_networking_foundation -- open_network_operating_system
 
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. 2020-02-20 not yet calculated CVE-2019-16297
MISC
openhab -- openhab openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. 2020-02-20 not yet calculated CVE-2020-5242
MISC
CONFIRM
openjpeg -- openjpeg
 
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. 2020-02-20 not yet calculated CVE-2016-3182
MISC
MISC
MISC
CONFIRM
openpam -- nummularia
 
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. 2020-02-18 not yet calculated CVE-2014-3879
MISC
CONFIRM
BID
MISC
openshift -- servicemesh An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-02-17 not yet calculated CVE-2020-1704
CONFIRM
openstack -- nova
 
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. 2020-02-19 not yet calculated CVE-2015-9543
MLIST
MISC
MISC
CONFIRM
openstack -- swift
 
OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE 2020-02-20 not yet calculated CVE-2013-7109
MISC
MISC
MISC
MISC
MISC
MISC
MISC
otrs -- otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 not yet calculated CVE-2013-4088
MISC
MISC
MISC
MISC
otrs -- otrs_itsm Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 not yet calculated CVE-2013-3551
MISC
MISC
owncloud -- owncloud_server The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. 2020-02-17 not yet calculated CVE-2015-4715
MISC
MISC
CONFIRM
MISC
patriot -- viper_rgb A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. 2020-02-21 not yet calculated CVE-2019-19452
MISC
MISC
phoenix_contact -- axl_f_bk_pn_and_axl_f_bk_eth_and_axl_f_bk_xc_devices An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices. Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. 2020-02-18 not yet calculated CVE-2018-16994
CONFIRM
phoenix_contact -- emalytics_controller_ilc
 
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. 2020-02-17 not yet calculated CVE-2020-8768
MISC
phoenix_contact -- fl_nat_2208_and_fl_nat_2304-2gc-2sfp_devices Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. 2020-02-18 not yet calculated CVE-2019-18352
MISC
php_group -- hypertext_preprocessor
 
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. 2020-02-19 not yet calculated CVE-2014-3622
MISC
MISC
MISC
phpmychat-plus -- phpmychat-plus phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. 2020-02-18 not yet calculated CVE-2020-9265
MISC
puppet -- puppet_and_puppet_agent
 
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. 2020-02-19 not yet calculated CVE-2020-7942
CONFIRM
python -- python The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. 2020-02-20 not yet calculated CVE-2014-4650
MISC
MISC
REDHAT
red_gate_software -- sql_monitor Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15. 2020-02-20 not yet calculated CVE-2020-9318
MISC
samsung -- galaxy_s10_devices
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. 2020-02-22 not yet calculated CVE-2020-8860
N/A
N/A
solarwinds -- network_performance_monitor SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. 2020-02-17 not yet calculated CVE-2019-12954
MISC
soplanning -- simple_online_planning SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. 2020-02-22 not yet calculated CVE-2020-9338
MISC
soplanning -- simple_online_planning
 
SOPlanning 1.45 allows XSS via the Name or Comment to status.php. 2020-02-22 not yet calculated CVE-2020-9339
MISC
sqlite -- sqlite In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. 2020-02-21 not yet calculated CVE-2020-9327
MISC
MISC
MISC
synacor -- zimbra_collaboration_suite An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. 2020-02-18 not yet calculated CVE-2020-8633
CONFIRM
synacor -- zimbra_collaboration_suite Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. 2020-02-18 not yet calculated CVE-2020-7796
CONFIRM
taffy -- taffy
 
taffy through 2.6.2 allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. 2020-02-17 not yet calculated CVE-2019-10790
MISC
tibco_software -- ebx
 
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. 2020-02-19 not yet calculated CVE-2019-17333
CONFIRM
CONFIRM
topmanage -- olk_2020
 
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. 2020-02-18 not yet calculated CVE-2020-6844
MISC
EXPLOIT-DB
topmanage -- olk_2020
 
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. 2020-02-18 not yet calculated CVE-2020-6845
MISC
EXPLOIT-DB
trend_micro -- multiple_products
 
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. 2020-02-20 not yet calculated CVE-2019-14688
MISC
trend_micro -- security_2019
 
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.. 2020-02-20 not yet calculated CVE-2019-19694
MISC
MISC
MISC
MISC
trend_micro -- vulnerability_protection
 
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. 2020-02-20 not yet calculated CVE-2020-8601
MISC
trustwave -- mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. 2020-02-19 not yet calculated CVE-2014-2727
MISC
tucan -- tucan
 
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. 2020-02-21 not yet calculated CVE-2012-0063
MLIST
MISC
MISC
MISC
ua-parser -- ua-core
 
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. 2020-02-21 not yet calculated CVE-2020-5243
MISC
CONFIRM
undefsafe -- undefsafe
 
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 2020-02-18 not yet calculated CVE-2019-10795
MISC
MISC
valve -- dota_2
 
meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled. 2020-02-17 not yet calculated CVE-2020-9005
MISC
vmware -- vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. 2020-02-19 not yet calculated CVE-2020-3943
CONFIRM
vmware -- vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. 2020-02-19 not yet calculated CVE-2020-3944
CONFIRM
vmware -- vrealize_operations_for_horizon_adapter
 
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information 2020-02-19 not yet calculated CVE-2020-3945
CONFIRM
webkit-gtk -- webkit-gtk
 
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. 2020-02-17 not yet calculated CVE-2013-7324
MISC
MISC
MISC
western_digital -- multiple_products
 
Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. 2020-02-19 not yet calculated CVE-2020-8959
MISC
MISC
western_digital -- my_cloud_home Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. 2020-02-20 not yet calculated CVE-2020-8990
MISC
MISC
wordpress -- wordpress
 
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. 2020-02-20 not yet calculated CVE-2020-9003
MISC
MISC
MISC
MISC
world_wide_web_consortium -- hypertext_transfer_protocol_secure The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. 2020-02-21 not yet calculated CVE-2013-3587
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wso2 -- transport-http Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. 2020-02-19 not yet calculated CVE-2019-10797
CONFIRM
xchat-wdk -- xchat-wdk
 
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). 2020-02-21 not yet calculated CVE-2012-0828
MISC
MISC
MISC
MISC
xerox -- workcentre_printers
 
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices. 2020-02-21 not yet calculated CVE-2020-9330
MISC
MISC
yaml_project -- pyyaml PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. 2020-02-19 not yet calculated CVE-2019-20477
MISC
MISC
yaml_project -- ruamel.yaml
 
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. 2020-02-19 not yet calculated CVE-2019-20478
MISC
zmartzone -- mod_auth_openidc A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. 2020-02-20 not yet calculated CVE-2019-20479
MISC
MISC
zte -- zxv10_w300_router ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. 2020-02-20 not yet calculated CVE-2014-4019
MISC
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No