Bulletin (SB20-062)

Vulnerability Summary for the Week of February 24, 2020

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- jsery_protocol
 
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. 2020-02-24 7.5 CVE-2020-1938
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
cacti -- cacti
 
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. 2020-02-22 9.3 CVE-2020-8813
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
cisco -- fxos_software A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. 2020-02-26 7.2 CVE-2020-3169
CISCO
compile-sass -- compile-sass
 
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. 2020-02-24 7.5 CVE-2019-10799
MISC
MISC
couchbase -- couchbase_server Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access). 2020-02-22 7.5 CVE-2020-9039
CONFIRM
d-link -- dap-1330_devices This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. 2020-02-22 8.3 CVE-2020-8861
N/A
N/A
d-link -- dap-2610_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. 2020-02-22 8.3 CVE-2020-8862
N/A
N/A
d-link -- dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. 2020-02-21 10 CVE-2020-6841
MISC
CONFIRM
d-link -- dch-m225_devices
 
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. 2020-02-21 9 CVE-2020-6842
MISC
CONFIRM
druva -- insync_macos_client Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. 2020-02-25 7.2 CVE-2019-4000
MISC
druva -- insync_windows_client Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. 2020-02-25 7.2 CVE-2019-3999
MISC
gnu -- screen
 
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. 2020-02-24 7.5 CVE-2020-9366
MLIST
MISC
MISC
ibl_software_engineering -- online_weather IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. 2020-02-26 7.5 CVE-2020-9406
MISC
ibm -- spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. 2020-02-24 10 CVE-2020-4212
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. 2020-02-24 10 CVE-2020-4211
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. 2020-02-24 10 CVE-2020-4222
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020. 2020-02-24 10 CVE-2020-4210
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. 2020-02-24 10 CVE-2020-4213
XF
CONFIRM
moxa -- awk-3131a_devices An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 9 CVE-2019-5138
MISC
moxa -- awk-3131a_devices
 
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 9 CVE-2019-5136
MISC
moxa -- awk-3131a_devices
 
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. 2020-02-25 9 CVE-2019-5142
MISC
moxa -- awk-3131a_devices
 
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 9 CVE-2019-5162
MISC
netapp -- oncommand_cloud_manager OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. 2020-02-26 7.5 CVE-2019-17275
CONFIRM
netgear -- nighthawk_x10-r900_devices
 
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. 2020-02-24 9.3 CVE-2019-12511
MISC
networkmanager-ssh -- networkmanager-ssh danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. 2020-02-23 7.5 CVE-2020-9355
MISC
MISC
MISC
opensmtpd -- opensmtpd OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. 2020-02-25 10 CVE-2020-8794
FULLDISC
MLIST
MLIST
MLIST
DEBIAN
MISC
MISC
patriot -- viper_rgb
 
A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. 2020-02-21 7.2 CVE-2019-19452
MISC
MISC
ruby -- rake There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. 2020-02-24 9.3 CVE-2020-8130
MISC
MLIST
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php. 2020-02-26 10 CVE-2019-19994
MISC
MISC
MISC
smartclient -- smartclient An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. 2020-02-23 7.5 CVE-2020-9352
MISC
tp-link -- tl-wr849n_devices
 
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. 2020-02-24 7.5 CVE-2020-9374
MISC
MISC
yarn -- yarn
 
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. 2020-02-24 7.5 CVE-2020-8131
CONFIRM
MISC
zsh -- zsh
 
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). 2020-02-24 7.2 CVE-2019-20044
MISC
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- kylin
 
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. 2020-02-24 4 CVE-2020-1937
MLIST
apache -- struts
 
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. 2020-02-27 4.3 CVE-2015-2992
MISC
MISC
MISC
atos -- unify_openscape_uc_application
 
Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload. 2020-02-21 4.3 CVE-2019-19865
MISC
MISC
atos -- unify_openscape_uc_web_client
 
Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. 2020-02-21 5 CVE-2019-19866
MISC
MISC
auieo -- candid_applicant_tracking_system CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. 2020-02-22 6.8 CVE-2020-9341
MISC
buddypress -- buddypress
 
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. 2020-02-24 5 CVE-2020-5244
MISC
MISC
CONFIRM
centreon -- centreon_web
 
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. 2020-02-24 6.5 CVE-2019-15299
MISC
MISC
MISC
dnn_software -- dnn
 
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. 2020-02-24 4 CVE-2020-5188
MISC
MISC
MISC
dnn_software -- dnn
 
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). 2020-02-24 6.5 CVE-2020-5187
MISC
MISC
MISC
election -- election fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. 2020-02-22 6.5 CVE-2020-9340
MISC
fiserv -- accurate_reconciliation
 
Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp timeOut parameter. 2020-02-26 4.3 CVE-2020-8952
MISC
freeradius -- pam_radius
 
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. 2020-02-24 5 CVE-2015-9542
CONFIRM
MISC
MLIST
gogs -- gogs Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. 2020-02-21 4.3 CVE-2020-9329
MISC
golfbuddy -- course_manager
 
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. 2020-02-26 4 CVE-2020-9337
MISC
MISC
google -- android
 
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. 2020-02-21 5.8 CVE-2014-7914
MISC
google -- chrome
 
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-27 6.8 CVE-2020-6407
MISC
MISC
google -- chrome
 
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-27 6.8 CVE-2020-6386
MISC
MISC
google -- chrome
 
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-27 6.8 CVE-2020-6384
MISC
MISC
google -- chrome
 
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-27 4.3 CVE-2020-6418
MISC
MISC
google -- chrome
 
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-02-27 6.8 CVE-2020-6383
MISC
MISC
gurux -- gxdlms_director
 
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. 2020-02-25 6.8 CVE-2020-8809
MISC
MISC
ibl_software_engineering -- online_weather
 
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. 2020-02-26 5 CVE-2020-9407
MISC
ibl_software_engineering -- online_weather
 
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. 2020-02-26 4.3 CVE-2020-9405
MISC
ibm -- business_process_manager_and_business_automation_workflow
 
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254. 2020-02-27 6.5 CVE-2019-4669
XF
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. 2020-02-24 4 CVE-2019-4745
XF
CONFIRM
ibm -- qrader_advisor
 
IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206. 2020-02-25 5 CVE-2019-4557
XF
CONFIRM
ibm -- qrader_advisor
 
IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438. 2020-02-25 5 CVE-2019-4672
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878. 2020-02-24 5.8 CVE-2019-4595
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. 2020-02-26 4.3 CVE-2019-4726
XF
CONFIRM
ibm -- sterling_brb_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881. 2020-02-26 6.5 CVE-2019-4598
XF
CONFIRM
ibm -- sterling_brb_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880. 2020-02-26 6.5 CVE-2019-4597
XF
CONFIRM
ibm -- websphere_service_registry_and_repository
 
IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593. 2020-02-26 5 CVE-2019-4537
XF
CONFIRM
jetbrains -- scala_plugin
 
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. 2020-02-21 5 CVE-2020-7907
MISC
MISC
kunena -- kunena
 
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. 2020-02-25 4.3 CVE-2016-11020
MISC
MISC
MISC
litecart -- litecart
 
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. 2020-02-25 5 CVE-2020-9018
MISC
MISC
litecart -- litecart
 
LiteCart through 2.2.1 allows CSV injection via a customer's profile. 2020-02-25 6 CVE-2020-9017
MISC
MISC
lua-openssl -- lua-openssl
 
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. 2020-02-27 6.4 CVE-2020-9432
MISC
lua-openssl -- lua-openssl
 
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. 2020-02-27 6.4 CVE-2020-9433
MISC
lua-openssl -- lua-openssl
 
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. 2020-02-27 6.4 CVE-2020-9434
MISC
mcafee -- web_advisor
 
Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. 2020-02-24 4.3 CVE-2019-3670
CONFIRM
miele -- xgw_3000_zigbee_gateway
 
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. 2020-02-24 6.8 CVE-2019-20480
MISC
miele -- xgw_300_zigbee_gateway
 
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. 2020-02-24 5 CVE-2019-20481
MISC
moxa -- awk-3131a_devices
 
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. 2020-02-25 5 CVE-2019-5137
MISC
moxa -- awk-3131a_devices
 
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. 2020-02-25 5 CVE-2019-5148
MISC
moxa -- awk-3131a_devices
 
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 6.5 CVE-2019-5140
MISC
moxa -- awk-3131a_devices
 
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 6.5 CVE-2019-5143
MISC
moxa -- awk-3131a_devices
 
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 6.5 CVE-2019-5141
MISC
moxa -- awk-3131a_devices
 
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2020-02-25 6.5 CVE-2019-5153
MISC
moxa -- awk-3131a_devices
 
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. 2020-02-25 6.5 CVE-2019-5165
MISC
netgear -- nighthawk_x10-r900_devices
 
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. 2020-02-24 6.4 CVE-2019-12510
MISC
netgear -- nighthawk_x10-r900_devices
 
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible. 2020-02-24 4.3 CVE-2019-12513
MISC
netgear -- nighthawk_x10-r900_devices
 
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag. 2020-02-24 4.3 CVE-2019-12512
MISC
open-xchange -- ox_app_suite_and_ox_documents OX App Suite through 7.10.2 allows SSRF. 2020-02-21 4 CVE-2019-18846
MISC
opensmtpd -- opensmtpd
 
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. 2020-02-25 4.7 CVE-2020-8793
FULLDISC
MLIST
MISC
otrs -- open_ticket_request_system

 
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 4 CVE-2013-3551
MISC
MISC
otrs -- open_ticket_request_system
 
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. 2020-02-21 4 CVE-2013-4088
MISC
MISC
MISC
MISC
pacman -- pacman
 
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. 2020-02-24 6.8 CVE-2019-18183
MISC
MISC
MISC
pacman -- pacman
 
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package. 2020-02-24 6.8 CVE-2019-18182
MISC
MISC
CONFIRM
php -- php
 
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. 2020-02-27 6.4 CVE-2020-7061
MISC
php -- php
 
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. 2020-02-27 4.3 CVE-2020-7062
MISC
php -- php
 
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. 2020-02-27 5 CVE-2020-7063
MISC
pure-ftpd -- pure-ftpd
 
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. 2020-02-24 5 CVE-2020-9365
MISC
rpi -- rpi
 
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. 2020-02-24 6.8 CVE-2019-10796
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem. 2020-02-26 4 CVE-2019-19992
MISC
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. 2020-02-26 5 CVE-2019-19993
MISC
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on. 2020-02-26 4.3 CVE-2019-19987
MISC
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization. 2020-02-26 5 CVE-2019-19989
MISC
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content. 2020-02-26 6.5 CVE-2019-19988
MISC
MISC
MISC
selesta -- visual_access_manager
 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database). 2020-02-26 5 CVE-2019-19986
MISC
MISC
MISC
smartclient -- smartclient
 
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal. 2020-02-23 6.4 CVE-2020-9354
MISC
smartclient -- smartclient
 
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. 2020-02-23 5 CVE-2020-9353
MISC
smartclient -- smartclient
 
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). 2020-02-23 5 CVE-2020-9351
MISC
sqlite -- sqlite
 
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. 2020-02-21 5 CVE-2020-9327
MISC
MISC
MISC
sympa-community -- sympa
 
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. 2020-02-24 5 CVE-2020-9369
MISC
MISC
total.js -- cms
 
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. 2020-02-24 5 CVE-2020-9381
MISC
MISC
tucan -- tucan
 
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. 2020-02-21 6.8 CVE-2012-0063
MLIST
MISC
MISC
MISC
ua-parser -- uap-core
 
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. 2020-02-21 5 CVE-2020-5243
MISC
CONFIRM
wireshark -- wireshark
 
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. 2020-02-27 5 CVE-2020-9428
MISC
MISC
MISC
wireshark -- wireshark
 
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. 2020-02-27 5 CVE-2020-9431
MISC
MISC
MISC
wireshark -- wireshark
 
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. 2020-02-27 5 CVE-2020-9429
MISC
MISC
MISC
MISC
wireshark -- wireshark
 
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. 2020-02-27 5 CVE-2020-9430
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks. 2020-02-26 4.3 CVE-2019-19134
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. 2020-02-24 4.3 CVE-2019-17229
MISC
MISC
MISC
wordpress -- wordpress
 
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. 2020-02-25 4.3 CVE-2020-9019
MISC
MISC
wordpress -- wordpress
 
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. 2020-02-25 4.3 CVE-2020-9393
MISC
wordpress -- wordpress
 
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. 2020-02-25 6.8 CVE-2020-9394
MISC
wordpress -- wordpress
 
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. 2020-02-24 6.4 CVE-2019-17228
MISC
MISC
MISC
zint -- zint
 
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. 2020-02-25 5 CVE-2020-9385
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
blackboard -- learn Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. 2020-02-25 3.5 CVE-2020-9008
MISC
MISC
dnn_software -- dnn
 
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). 2020-02-24 3.5 CVE-2020-5186
MISC
MISC
MISC
election -- election fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. 2020-02-22 3.5 CVE-2020-9336
MISC
fiserv -- accurate_reconciliation Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. 2020-02-26 3.5 CVE-2020-8951
MISC
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. 2020-02-24 2.9 CVE-2019-4703
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879. 2020-02-26 3.5 CVE-2019-4596
XF
CONFIRM
moxa -- awk_3131A_devices An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. 2020-02-25 3.6 CVE-2019-5139
MISC
netsurf -- netsurf
 
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. 2020-02-21 2.1 CVE-2012-0844
MISC
MISC
MISC
BID
sas -- visual_analytics Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. 2020-02-23 3.5 CVE-2020-9350
MISC
selesta -- visual_access_manager An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php. 2020-02-26 3.5 CVE-2019-19990
MISC
MISC
MISC
selesta -- visual_access_manager An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php. 2020-02-26 3.5 CVE-2019-19991
MISC
MISC
MISC
soplanning -- simple_online_planning SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. 2020-02-22 3.5 CVE-2020-9338
MISC
soplanning -- simple_online_planning SOPlanning 1.45 allows XSS via the Name or Comment to status.php. 2020-02-22 3.5 CVE-2020-9339
MISC
wordpress -- wordpress A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. 2020-02-25 3.5 CVE-2020-9334
MISC
MISC
wordpress -- wordpress Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. 2020-02-25 3.5 CVE-2020-9335
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- tomcat
 
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. 2020-02-24 not yet calculated CVE-2019-17569
MLIST
apache -- tomcat
 
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. 2020-02-24 not yet calculated CVE-2020-1935
MLIST
apple -- ios_and_ipados An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera. 2020-02-27 not yet calculated CVE-2020-3869
MISC
apple -- ios_and_ipados This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews. 2020-02-27 not yet calculated CVE-2020-3873
MISC
apple -- ios_and_ipados A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. 2020-02-27 not yet calculated CVE-2020-3828
MISC
apple -- ios_and_ipados A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3831
MISC
apple -- ios_and_ipados An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. 2020-02-27 not yet calculated CVE-2020-3859
MISC
apple -- ios_and_ipados A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3858
MISC
apple -- ios_and_ipados This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state. 2020-02-27 not yet calculated CVE-2020-3844
MISC
apple -- ios_and_ipados
 
An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content. 2020-02-27 not yet calculated CVE-2020-3874
MISC
apple -- ios_and_ipados_and_watchos A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3860
MISC
MISC
apple -- itunes_for_windows The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system. 2020-02-27 not yet calculated CVE-2020-3861
MISC
apple -- macos_catalina A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3871
MISC
apple -- macos_catalina A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. 2020-02-27 not yet calculated CVE-2020-3845
MISC
apple -- macos_catalina A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. 2020-02-27 not yet calculated CVE-2020-3843
MISC
apple -- macos_catalina A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory. 2020-02-27 not yet calculated CVE-2020-3839
MISC
apple -- macos_catalina This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper. 2020-02-27 not yet calculated CVE-2020-3866
MISC
apple -- macos_catalina A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. 2020-02-27 not yet calculated CVE-2020-3854
MISC
apple -- macos_catalina A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. 2020-02-27 not yet calculated CVE-2020-3830
MISC
apple -- macos_catalina A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3827
MISC
apple -- macos_catalina A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. 2020-02-27 not yet calculated CVE-2020-3835
MISC
apple -- macos_catalina_and_watchos
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3877
MISC
MISC
apple -- multiple_iphones
 
A denial of service issue was addressed with improved input validation. 2020-02-28 not yet calculated CVE-2019-8741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3842
MISC
MISC
MISC
MISC
apple -- multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3878
MISC
MISC
MISC
MISC
apple -- multiple_products An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout. 2020-02-27 not yet calculated CVE-2020-3836
MISC
MISC
MISC
MISC
apple -- multiple_products An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3840
MISC
MISC
MISC
apple -- multiple_products A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. 2020-02-27 not yet calculated CVE-2020-3875
MISC
MISC
MISC
MISC
apple -- multiple_products The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. 2020-02-27 not yet calculated CVE-2020-3841
MISC
MISC
apple -- multiple_products A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3846
MISC
MISC
apple -- multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption. 2020-02-27 not yet calculated CVE-2020-3856
MISC
MISC
MISC
MISC
apple -- multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. 2020-02-27 not yet calculated CVE-2020-3867
SUSE
MISC
MISC
apple -- multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3868
SUSE
MISC
MISC
MISC
apple -- multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3870
MISC
MISC
MISC
MISC
apple -- multiple_products A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges. 2020-02-27 not yet calculated CVE-2020-3853
MISC
MISC
MISC
MISC
apple -- multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3865
SUSE
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges. 2020-02-27 not yet calculated CVE-2020-3829
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3837
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. 2020-02-27 not yet calculated CVE-2020-3862
SUSE
MISC
MISC
apple -- multiple_products
 
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. 2020-02-27 not yet calculated CVE-2020-3872
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3826
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. 2020-02-27 not yet calculated CVE-2020-3857
MISC
MISC
MISC
MISC
apple -- multiple_products
 
The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. 2020-02-27 not yet calculated CVE-2020-3838
MISC
MISC
MISC
MISC
apple -- multiple_products
 
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-02-27 not yet calculated CVE-2020-3825
MISC
MISC
apple -- safari An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing. 2020-02-27 not yet calculated CVE-2020-3833
MISC
apple -- watchos A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. 2020-02-27 not yet calculated CVE-2020-3834
MISC
aruba_networks -- airwave_management_platform An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. 2020-02-27 not yet calculated CVE-2019-5326
CONFIRM
aruba_networks -- airwave_management_platform There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. 2020-02-27 not yet calculated CVE-2019-5323
CONFIRM
asus -- multiple_devices Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. 2020-02-27 not yet calculated CVE-2018-8878
MISC
asus -- multiple_devices
 
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. 2020-02-27 not yet calculated CVE-2018-8877
MISC
avast -- multiple_products The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux. 2020-02-28 not yet calculated CVE-2020-9399
MISC
MISC
avaya -- aura_conferencing A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. 2020-02-28 not yet calculated CVE-2019-7007
CONFIRM
blab -- multiple_products An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. 2020-02-28 not yet calculated CVE-2020-9449
MISC
centreon -- centreon Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. 2020-02-28 not yet calculated CVE-2020-9463
MISC
cisco -- fxos_software
 
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. 2020-02-26 not yet calculated CVE-2020-3166
CISCO

cisco -- fxos_software_and_nx-os_software

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. 2020-02-26 not yet calculated CVE-2020-3172
CISCO

cisco -- fxos_software_and_unified_computing_system_manager

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. 2020-02-26 not yet calculated CVE-2020-3167
CISCO

cisco -- fxos_software_and_unified_computing_system_manager_software

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. 2020-02-26 not yet calculated CVE-2020-3171
CISCO
cisco -- nexus_1000v_for_vmware_vsphere
 
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. 2020-02-26 not yet calculated CVE-2020-3168
CISCO
cisco -- nx-os_software A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions. 2020-02-26 not yet calculated CVE-2020-3174
CISCO
cisco -- nx-os_software A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. 2020-02-26 not yet calculated CVE-2020-3170
CISCO
cisco -- nx-os_software
 
A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system&rsquo;s trusted network. 2020-02-26 not yet calculated CVE-2020-3165
CISCO
cisco -- nx-os_software_for_mds_9000_series_multilayer_switches
 
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. 2020-02-26 not yet calculated CVE-2020-3175
CISCO
cisco -- unified_computing_system_manager_software A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. 2020-02-26 not yet calculated CVE-2020-3173
CISCO
cloud_foundry -- cloud_controller
 
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. 2020-02-27 not yet calculated CVE-2020-5400
CONFIRM
cloud_foundry -- routing_release Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. 2020-02-27 not yet calculated CVE-2020-5401
CONFIRM
cloud_foundry -- uaa
 
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. 2020-02-27 not yet calculated CVE-2020-5402
CONFIRM
drobo -- 5n2_devices In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself. 2020-02-24 not yet calculated CVE-2018-14705
MISC
MISC
dropwizard -- dropwizard Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2. 2020-02-24 not yet calculated CVE-2020-5245
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
enpeem -- enpeem
 
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. 2020-02-28 not yet calculated CVE-2019-10801
MISC
MISC
eyesofnetwork -- eonweb An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. 2020-02-28 not yet calculated CVE-2020-9465
MISC
MISC
google -- native_client NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. 2020-02-25 not yet calculated CVE-2015-0565
MISC
MISC
MISC
gurux -- gxdlms_director
 
An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed. 2020-02-25 not yet calculated CVE-2020-8810
MISC
MISC
gwtupload -- gwtupload The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename. 2020-02-28 not yet calculated CVE-2020-9447
MISC
hostapd -- hostapd
 
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. 2020-02-28 not yet calculated CVE-2019-10064
MISC
FULLDISC
MLIST
MLIST
MISC
huawei -- cloudengine_12800
 
CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. 2020-02-28 not yet calculated CVE-2020-1861
MISC
huawei -- honor_v10_smartphones
 
Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot. 2020-02-28 not yet calculated CVE-2020-1792
MISC
huawei -- multiple_products NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. 2020-02-28 not yet calculated CVE-2020-1860
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. 2020-02-28 not yet calculated CVE-2020-1874
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500. 2020-02-28 not yet calculated CVE-2020-1875
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. 2020-02-28 not yet calculated CVE-2020-1876
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot. 2020-02-28 not yet calculated CVE-2020-1873
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. 2020-02-28 not yet calculated CVE-2020-1881
MISC
huawei -- multiple_products
 
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot. 2020-02-28 not yet calculated CVE-2020-1877
MISC
huawei -- pcmanager
 
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. 2020-02-28 not yet calculated CVE-2020-1844
MISC
hunesion -- i-onenet
 
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. 2020-02-27 not yet calculated CVE-2017-16900
MISC
MISC
MISC
ibm -- bigfix_self-service_application BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. 2020-02-28 not yet calculated CVE-2019-4301
CONFIRM
ispconfig -- ispconfig ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. 2020-02-25 not yet calculated CVE-2020-9398
MISC
jenkins -- multiple_products
 
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." 2020-02-24 not yet calculated CVE-2012-0785
MLIST
MISC
CONFIRM
MISC
CONFIRM
juniper -- junos
 
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.​ Note that the ftps-extensions option is not enabled by default. 2020-02-28 not yet calculated CVE-2015-5361
CONFIRM
juniper -- qfx3500_and_qfx3600_devices On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. 2020-02-28 not yet calculated CVE-2015-3006
CONFIRM
kill-port-process -- kill-port-process The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. 2020-02-28 not yet calculated CVE-2019-15609
MISC
linux -- linux_kernel An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. 2020-02-25 not yet calculated CVE-2020-9391
MLIST
MISC
MISC
FEDORA
linux -- linux_kernel An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. 2020-02-25 not yet calculated CVE-2020-9383
MISC
magento -- magento
 
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. 2020-02-25 not yet calculated CVE-2020-8818
MISC
MISC
MISC
mangoraft -- giting
 
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. 2020-02-28 not yet calculated CVE-2019-10802
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function. 2020-02-24 not yet calculated CVE-2020-9382
MISC
MISC
mitel -- micontact_center_business The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. 2020-02-25 not yet calculated CVE-2020-9379
MISC
CONFIRM
moxa -- multiple_devices
 
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. 2020-02-26 not yet calculated CVE-2019-18238
MISC
mozilla -- gateway An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. 2020-02-28 not yet calculated CVE-2020-6803
MISC
mozilla -- gateway A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. 2020-02-28 not yet calculated CVE-2020-6804
MISC

netapp -- fas_8300/8700_and_aff_a400_baseboard_management_controller_devices

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. 2020-02-26 not yet calculated CVE-2019-17274
CONFIRM
openssl -- openssl An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). 2020-02-27 not yet calculated CVE-2020-7042
MISC
MISC
openssl -- openssl An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. 2020-02-27 not yet calculated CVE-2020-7043
MISC
MISC
openssl -- openssl
 
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. 2020-02-27 not yet calculated CVE-2020-7041
MISC
MISC
openvpn -- connect OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. 2020-02-28 not yet calculated CVE-2020-9442
MISC
pablo_software_solutions -- quick_n_easy_web_server The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. 2020-02-28 not yet calculated CVE-2019-19943
EXPLOIT-DB
pdf-image -- pdf-image Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. 2020-02-28 not yet calculated CVE-2020-8132
MISC
puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails In Puma (RubyGem) before 4.3.2 and 3.12.2, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. 2020-02-28 not yet calculated CVE-2020-5247
CONFIRM
MISC
MISC
puppet -- puppet_enterprise_console Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. 2020-02-27 not yet calculated CVE-2015-5686
CONFIRM
pure-ftpd -- pure-ftpd An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. 2020-02-26 not yet calculated CVE-2020-9274
MISC
MLIST
MISC
push-dir -- push-dire
 
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. 2020-02-28 not yet calculated CVE-2019-10803
MISC
MISC
qt -- qt
 
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). 2020-02-28 not yet calculated CVE-2018-21035
MISC
MISC
quick_heal -- quick_heal The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android. 2020-02-24 not yet calculated CVE-2020-9362
MISC
rdf-ext -- rdf-graph-array rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype. 2020-02-24 not yet calculated CVE-2019-10798
MISC
MISC
red_hat -- red_hat_enterprise_virtualization
 
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. 2020-02-25 not yet calculated CVE-2015-5201
CONFIRM
MISC
MISC
MISC
reveal.js -- reveal.js Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. 2020-02-28 not yet calculated CVE-2020-8127
MISC
serial-number -- serial-number serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. 2020-02-28 not yet calculated CVE-2019-10804
MISC
MISC
solarwinds -- orion_platform SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. 2020-02-25 not yet calculated CVE-2019-12863
MISC
MISC
sophos -- multiple_products The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. 2020-02-24 not yet calculated CVE-2020-9363
MISC

suse -- linux_enterprise_server_11_and_12_and_opensuse_factory

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. 2020-02-28 not yet calculated CVE-2019-3698
CONFIRM
synchronet -- bbs Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header. 2020-02-27 not yet calculated CVE-2017-6371
MISC
EXPLOIT-DB
tonnet -- tat-76_and_tat-77_series_devices DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. 2020-02-27 not yet calculated CVE-2020-3924
CONFIRM
CONFIRM
tonnet -- tat-76_and_tat-77_series_devices DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. 2020-02-27 not yet calculated CVE-2020-3923
CONFIRM
CONFIRM
totolink -- a3002ru_devices In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. 2020-02-24 not yet calculated CVE-2018-13313
MISC
MISC
valib -- valib valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks. 2020-02-28 not yet calculated CVE-2019-10805
MISC
MISC
woocommerce -- woocommerce An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. 2020-02-25 not yet calculated CVE-2020-8819
MISC
MISC
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. 2020-02-28 not yet calculated CVE-2020-9459
MISC
MISC
wordpress -- wordpress
 
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. 2020-02-28 not yet calculated CVE-2020-9466
MISC
MISC
MISC
zte -- e8820v3_router
 
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. 2020-02-27 not yet calculated CVE-2020-6864
CONFIRM
zte -- e8820v3_router
 
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. 2020-02-27 not yet calculated CVE-2020-6863
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No