Vulnerability Summary for the Week of March 30, 2020

Original release date: April 6, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accenture — mercury
 
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. 2020-03-27 7.5 CVE-2020-10990
MISC
MISC
alienform2 — alienform2
 
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests. 2020-04-01 10 CVE-2020-10948
MISC
apache — http_server
 
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. 2020-04-01 7.5 CVE-2020-1934
CONFIRM
MLIST
MLIST
apple — macos_catalina
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. 2020-04-01 9.3 CVE-2020-3903
MISC
apple — macos_catalina
 
Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim. 2020-04-01 7.5 CVE-2020-9769
MISC

apple — macos_catalina_and_mojave_and_high_sierra

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. 2020-04-01 10 CVE-2020-3847
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-3892
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-3893
MISC

apple — macos_catalina_and_mojave_and_high_sierra

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-3904
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2020-04-01 7.5 CVE-2020-3849
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-3905
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2020-04-01 7.5 CVE-2020-3850
MISC

apple — macos_catalina_and_mojave_and_high_sierra

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2020-04-01 7.5 CVE-2020-3848
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. 2020-04-01 7.5 CVE-2020-3911
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. 2020-04-01 7.5 CVE-2020-3910
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. 2020-04-01 7.5 CVE-2020-3909
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-9785
MISC
MISC
MISC
MISC
apple — multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges. 2020-04-01 9.3 CVE-2020-9768
MISC
MISC
MISC
apple — multiple_products
 
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. 2020-04-01 9.3 CVE-2020-3919
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-04-01 9.3 CVE-2020-3895
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. 2020-04-01 9.3 CVE-2020-3899
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. 2020-04-01 9.3 CVE-2020-3897
MISC
MISC
MISC
MISC
MISC
MISC
MISC

avast — avast_antivirus

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. 2020-04-01 7.5 CVE-2020-10867
MISC
MISC
MISC
azkaban — azkaban
 
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. 2020-03-27 7.5 CVE-2020-10992
MISC
bubblewrap — bubblewrap
 
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap –userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. 2020-03-31 8.5 CVE-2020-5291
MISC
CONFIRM
buildah — buildah
 
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user’s system anywhere that the user has permissions. 2020-03-31 9.3 CVE-2020-10696
MISC
CONFIRM
MISC
cacagoo — tv-288zd-2mp_devices
 
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. 2020-04-02 10 CVE-2020-6852
MISC
MISC
dell — emc_idrac_devices
 
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. 2020-03-31 10 CVE-2020-5344
MISC
effect — effect
 
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. 2020-04-02 7.5 CVE-2020-7624
MISC
MISC
elastic — elasticsearch
 
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. 2020-03-31 7.5 CVE-2020-7009
N/A
CONFIRM
N/A
f5 — nginx_controller
 
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. 2020-03-27 7.5 CVE-2020-5863
MISC
git-add-remote — git-add-remote
 
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. 2020-04-02 7.5 CVE-2020-7630
MISC
MISC
gitlab — gitlab
 
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. 2020-03-27 7.5 CVE-2020-10956
CONFIRM
MISC
hiproxy — op-broswer
 
op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. 2020-04-02 7.5 CVE-2020-7625
MISC
MISC
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. 2020-03-31 9 CVE-2020-4206
XF
CONFIRM
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. 2020-03-31 7.5 CVE-2020-4208
XF
CONFIRM
ibm — spectrum_protect_plus_and_spectrum_scale
 
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. 2020-03-31 9 CVE-2020-4241
XF
CONFIRM
ibm — spectrum_protect_plus_and_spectrum_scale
 
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. 2020-03-31 9 CVE-2020-4242
XF
CONFIRM
install-package — install-package
 
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. 2020-04-02 7.5 CVE-2020-7629
MISC
MISC
install-package — install-package
 
install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function. 2020-04-02 7.5 CVE-2020-7628
MISC
MISC
karma-mojo — karma-mojo
 
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. 2020-04-02 7.5 CVE-2020-7626
MISC
MISC
ksh — ksh
 
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. 2020-04-02 7.2 CVE-2019-14868
CONFIRM
MISC
laminar_research — x-plane
 
X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution. 2020-03-30 7.5 CVE-2019-19605
MISC
laminar_research — x-plane
 
X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system. 2020-03-30 10 CVE-2019-19606
MISC
lenovo — multiple_notebooks
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. 2020-03-27 10 CVE-2015-5684
MISC
lenovo — multiple_products MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 7.2 CVE-2015-7334
MISC
lenovo — multiple_products
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 7.2 CVE-2015-7333
MISC
lenovo — solution_center
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 7.2 CVE-2015-8534
MISC
lenovo — solution_center
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 7.2 CVE-2015-8535
MISC
march_networks — command_client
 
The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects. 2020-04-01 7.5 CVE-2019-9163
CONFIRM
mongodb — js-bson
 
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object’s _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type. 2020-03-30 7.5 CVE-2020-7610
MISC
mulesoft — apikit
 
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java 2020-03-27 7.5 CVE-2020-10991
MISC
node-key-sender — node-key-sender
 
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the ‘arrParams’ argument in the ‘execute()’ function. 2020-04-02 7.5 CVE-2020-7627
MISC
MISC
objectcomputing — micronaut
 
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client. 2020-03-30 7.5 CVE-2020-7611
MISC
MISC
MISC
odata4j — odata4j odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. 2020-03-30 7.5 CVE-2016-11024
MISC
odata4j — odata4j
 
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. 2020-03-30 7.5 CVE-2016-11023
MISC
paessler — prtg_network_monitor
 
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form. 2020-03-30 7.5 CVE-2020-10374
MISC
CONFIRM
pam-krb5 — pam-krb5
 
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single ‘\0’ byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option. 2020-03-31 7.5 CVE-2020-10595
CONFIRM
CONFIRM
MLIST
UBUNTU
DEBIAN
sonatype — nexus_repository_manager Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. 2020-04-01 9 CVE-2020-10204
CONFIRM
sonatype — nexus_repository_manager Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). 2020-04-01 9 CVE-2020-10199
CONFIRM
unisoon — ultralog_express
 
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. 2020-03-27 7.5 CVE-2020-3936
MISC

university_of_southern_california — innovation_in_integrated_informatics_lab_cereal

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. 2020-03-30 7.5 CVE-2020-11105
MISC
vertiv — avocent_umg-400_devices
 
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root. 2020-03-30 9 CVE-2019-9507
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn’t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. 2020-04-01 7.5 CVE-2020-7947
MISC
CONFIRM
CONFIRM
MISC
wordpress — wordpress
 
LearnDash WordPress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. 2020-04-01 7.5 CVE-2020-6009
MISC
wordpress — wordpress
 
LifterLMS WordPress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution 2020-03-31 7.5 CVE-2020-6008
MISC
yamaha — multiple_products
 
Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors. 2020-04-01 7.8 CVE-2020-5548
MISC
MISC
zoom — client_for_meetings Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user’s privileges) to obtain root access by replacing runwithroot. 2020-04-01 7.2 CVE-2020-11469
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. 2020-04-02 4.3 CVE-2019-19089
CONFIRM
abb — esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow ‘ClickJacking’ attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. 2020-04-02 4.3 CVE-2019-19001
CONFIRM
abb — esoms
 
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. 2020-04-02 6.5 CVE-2019-19094
CONFIRM
abb — esoms
 
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. 2020-04-02 4.3 CVE-2019-19003
CONFIRM
abb — esoms
 
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. 2020-04-02 4.3 CVE-2019-19097
CONFIRM
abb — esoms
 
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. 2020-04-02 6.4 CVE-2019-19093
CONFIRM
abb — esoms
 
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. 2020-04-02 6.4 CVE-2019-19000
CONFIRM
abb — esoms
 
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. 2020-04-02 4 CVE-2019-19091
CONFIRM
advantech — webaccess
 
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. 2020-03-27 6.5 CVE-2020-10607
MISC
advantech — webaccess
 
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. 2020-04-01 5 CVE-2019-3942
MISC
apache — dubbo
 
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions. 2020-04-01 6.8 CVE-2019-17564
MISC
apache — http_server
 
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. 2020-04-02 5.8 CVE-2020-1927
MLIST
MLIST
CONFIRM
MLIST
MLIST
apache — netbeans The “Apache NetBeans” autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans” versions up to and including 11.2 are affected by this vulnerability. 2020-03-30 6.4 CVE-2019-17560
MISC
apache — netbeans
 
The “Apache NetBeans” autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. “Apache NetBeans” versions up to and including 11.2 are affected by this vulnerability. 2020-03-30 5 CVE-2019-17561
MISC
apache — ofbiz Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. 2020-04-01 4.3 CVE-2020-1943
MISC
apache — sling_cms
 
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. 2020-04-01 4.3 CVE-2020-1949
MISC
apache — solr
 
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). 2020-04-01 4 CVE-2018-11802
MISC
apple — ios_and_ipados A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic. 2020-04-01 4 CVE-2020-9770
MISC
apple — ios_and_ipados An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail. 2020-04-01 5 CVE-2020-9777
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts. 2020-04-01 4.3 CVE-2020-3888
MISC
apple — ios_and_ipados
 
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn’t intend to. 2020-04-01 5 CVE-2020-9781
MISC
apple — ios_and_ipados
 
The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion. 2020-04-01 5 CVE-2020-3890
MISC
apple — ios_and_ipados
 
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user’s private browsing activity may be unexpectedly saved in Screen Time. 2020-04-01 5 CVE-2020-9775
MISC
apple — macos_catalina
 
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user’s call history. 2020-04-01 4.3 CVE-2020-9776
MISC
apple — macos_high_sierra_and_catalina An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. 2020-04-01 4.3 CVE-2020-3884
MISC
apple — macos_mojave_and_catalina
 
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement. 2020-04-01 6.8 CVE-2020-3906
MISC

apple — macos_mojave_and_catalina_and_high_sierrra

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. 2020-04-01 6.6 CVE-2020-3908
MISC

apple — macos_mojave_and_catalina_and_high_sierrra

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. 2020-04-01 6.6 CVE-2020-3912
MISC

apple — macos_mojave_and_catalina_and_high_sierrra

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. 2020-04-01 6.6 CVE-2020-3907
MISC
apple — multiple_devices
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. 2020-04-01 6.8 CVE-2020-9783
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory. 2020-04-01 4.3 CVE-2020-3914
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download’s origin may be incorrectly associated. 2020-04-01 4.3 CVE-2020-3887
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to identify what other applications a user has installed. 2020-04-01 4.3 CVE-2020-9773
MISC
MISC
MISC
MISC
apple — multiple_products
 
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. 2020-04-01 6.8 CVE-2020-3913
MISC
MISC
MISC
apple — multiple_products
 
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. 2020-04-01 4.3 CVE-2020-3902
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-04-01 6.8 CVE-2020-3900
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. 2020-04-01 5 CVE-2020-3916
MISC
MISC

apple — multiple_products

 

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-04-01 6.8 CVE-2020-3901
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — safari
 
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. 2020-04-01 4.3 CVE-2020-9784
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process. 2020-04-01 5 CVE-2020-10865
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. 2020-04-01 6.4 CVE-2020-10861
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. 2020-04-01 5 CVE-2020-10868
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). 2020-04-01 5 CVE-2020-10860
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. 2020-04-01 5 CVE-2020-10863
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. 2020-04-01 4.6 CVE-2020-10862
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process. 2020-04-01 5 CVE-2020-10864
MISC
MISC
MISC
avast — avast_antivirus
 
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. 2020-04-01 5 CVE-2020-10866
MISC
MISC
MISC

cacagoo — cloud_storage_intelligent_camera_tv_288zd-2mp

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password. 2020-04-02 5 CVE-2020-9349
MISC
MISC
deskpro — deskpro
 
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user’s privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc. 2020-04-01 4 CVE-2020-11464
MISC
MISC
MISC
deskpro — deskpro
 
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user’s privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket. 2020-04-01 4 CVE-2020-11466
MISC
MISC
MISC
deskpro — deskpro
 
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user’s privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to get full access to all emails sent or received by the system including password reset emails, making it possible to reset any user’s password. 2020-04-01 5 CVE-2020-11463
MISC
MISC
MISC
deskpro — deskpro
 
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user’s privilege, allowing an attacker to control/install helpdesk applications and leak current applications’ configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system. 2020-04-01 6.5 CVE-2020-11465
MISC
MISC
MISC
deskpro — deskpro
 
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one’s context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution. 2020-04-01 6.5 CVE-2020-11467
MISC
MISC
MISC
f5 — big-ip On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. 2020-03-27 5 CVE-2020-5859
MISC
f5 — big-ip On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. 2020-03-27 5 CVE-2020-5857
MISC
f5 — big-ip On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS. 2020-03-27 5 CVE-2020-5862
MISC
f5 — big-ip On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. 2020-03-27 5 CVE-2020-5861
MISC
f5 — big-ip
 
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command. 2020-03-27 4.6 CVE-2020-5858
MISC
f5 — big-ip_and_big-iq
 
On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). 2020-03-27 6.8 CVE-2020-5860
MISC
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). 2020-03-31 6.8 CVE-2020-11111
MISC
MISC
CONFIRM
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). 2020-03-31 6.8 CVE-2020-11113
MISC
MISC
CONFIRM
fasterxml — jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). 2020-03-31 6.8 CVE-2020-11112
MISC
MISC
CONFIRM
fortinet — fortios
 
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. 2020-04-02 6.5 CVE-2018-13371
MISC
gitlab — gitlab
 
GitLab through 12.9 is affected by a potential DoS in repository archive download. 2020-03-27 5 CVE-2020-10954
CONFIRM
MISC
gitlab — gitlab_community_and_enterprise_editions
 
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. 2020-03-27 5.8 CVE-2020-10952
CONFIRM
MISC
gitlab — gitlab_community_and_enterprise_editions
 
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. 2020-03-27 4 CVE-2020-10955
CONFIRM
MISC
gitlab — gitlab_enterprise_edition
 
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. 2020-03-27 5 CVE-2020-10953
CONFIRM
MISC
grandstream — ucm6200_series_devices
 
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. 2020-03-30 5 CVE-2020-5723
CONFIRM
grandstream — ucm6200_series_devices
 
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server’s websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. 2020-03-30 4.3 CVE-2020-5725
MISC
CONFIRM
grandstream — ucm6200_series_devices
 
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. 2020-03-30 5 CVE-2020-5726
MISC
CONFIRM
grandstream — ucm6200_series_devices
 
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server’s websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. 2020-03-30 5 CVE-2020-5724
CONFIRM
gstreamer — gst-rtsp-server An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. 2020-03-27 5 CVE-2020-6095
MISC
MISC
haproxy — haproxy
 
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. 2020-04-02 6.5 CVE-2020-11100
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
huawei — multiple_smartax_devices There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10. 2020-04-02 5.2 CVE-2020-9067
CONFIRM
ibm — process_federation_server
 
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can’t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. 2020-04-02 4 CVE-2020-4325
XF
CONFIRM
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. 2020-03-31 6.4 CVE-2020-4240
XF
CONFIRM
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. 2020-03-31 6.4 CVE-2020-4214
XF
CONFIRM
ibm — tivoli_netcool_impact
 
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. 2020-03-31 5 CVE-2020-4239
XF
CONFIRM
ibm — tivoli_netcool_impact
 
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411. 2020-03-31 6.8 CVE-2020-4238
XF
CONFIRM
ibm — tivoli_netcool_impact
 
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410. 2020-03-31 6.8 CVE-2020-4237
XF
CONFIRM
ibm — tivoli_netcool_impact
 
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409. 2020-03-31 4 CVE-2020-4236
XF
CONFIRM
ibm — websphere_application_server_liberty
 
IBM WebSphere Application Server – Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670. 2020-04-02 4.3 CVE-2020-4304
XF
CONFIRM
ibm — websphere_application_server_liberty
 
IBM WebSphere Application Server – Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. 2020-04-02 4.3 CVE-2020-4303
XF
CONFIRM
intland_software — codebeamer codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. 2020-04-02 4.3 CVE-2019-20635
MISC
kubernetes — api_server The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. 2020-03-27 5 CVE-2020-8552
MISC
MISC
kubernetes — api_server
 
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. 2020-04-01 4 CVE-2019-11254
MISC
MISC
leantime — leantime
 
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3. 2020-03-31 6.5 CVE-2020-5292
MISC
MISC
CONFIRM
lenovo — lenovo_solution_center
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. 2020-03-27 6.8 CVE-2015-8536
MISC
lenovo — multiple_devices
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 6.9 CVE-2015-7335
MISC
lenovo — multiple_devices
 
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. 2020-03-27 5 CVE-2015-7336
MISC
limesurvey — limesurvey
 
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. 2020-04-01 5 CVE-2020-11455
MISC
limesurvey — limesurvey
 
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). 2020-04-01 4.3 CVE-2020-11456
MISC
microstrategy — web_services
 
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.) 2020-04-02 6.5 CVE-2020-11451
MISC
FULLDISC
MISC
MISC
microstrategy — web_services
 
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). 2020-04-02 5 CVE-2020-11453
MISC
FULLDISC
MISC
MISC
microstrategy — web_services
 
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. 2020-04-02 5 CVE-2020-11450
MISC
FULLDISC
MISC
MISC
microstrategy — web_services
 
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it’s possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper. 2020-04-02 4 CVE-2020-11452
MISC
FULLDISC
MISC
MISC
misp_project — misp
 
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. 2020-04-02 4 CVE-2020-11458
MISC
MISC
mongodb — js-bson
 
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. 2020-03-31 5.5 CVE-2019-2391
CONFIRM
moodle — moodle
 
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users’ email address changes require additional verification during sign-up to reduce the risk of account compromise. 2020-03-31 6.4 CVE-2019-14880
CONFIRM
MISC
open_source_social_network — open_source_social_network An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php. 2020-03-30 4.3 CVE-2020-10560
MISC
MISC
osmand — osmand
 
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. 2020-03-27 6.4 CVE-2020-10993
MISC

otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. 2020-03-27 5.5 CVE-2020-1773
MISC

otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition

In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 4 CVE-2020-1769
MISC

otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition

It’s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 5 CVE-2020-1772
MISC

otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 4 CVE-2020-1770
MISC
phoenix_contact — pc_worx_srt Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. 2020-03-27 4.6 CVE-2020-10939
CONFIRM
phoenix_contact — portico_server Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. 2020-03-27 4.6 CVE-2020-10940
CONFIRM
php — php In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. 2020-04-01 5.8 CVE-2020-7064
MISC
CONFIRM
php — php
 
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. 2020-04-01 6.8 CVE-2020-7065
MISC
CONFIRM
php — php
 
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. 2020-04-01 4.3 CVE-2020-7066
MISC
CONFIRM
progress_software — telerik_ui_for_silverlight
 
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations. 2020-03-31 5 CVE-2020-11414
MISC
proofpoint — email_protection An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. 2020-03-30 6.4 CVE-2019-20634
MISC
MISC
red_hat — ansible_engine
 
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. 2020-03-31 4.6 CVE-2019-14905
REDHAT
REDHAT
CONFIRM
FEDORA
red_hat — openshift/apb-base
 
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-04-02 4.4 CVE-2019-19348
CONFIRM
red_hat — openshift/mariadb-apb
 
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-04-02 4.4 CVE-2019-19346
CONFIRM
redpwn — redpwnctf
 
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team's account. Then, the attacker can gain points / value off the backs of the victims. This is patched in version 2.3. 2020-04-01 4.3 CVE-2020-5290
MISC
CONFIRM
responsive_filemanager — responsive_filemanager An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION[‘RF’][“view_type”] wasn’t sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the “view” action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION[‘RF’][“view_type”] variable, but there it wasn’t sanitized. 2020-03-30 4.3 CVE-2020-11106
MISC
sunnet_technology — ehrd Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. 2020-03-27 5 CVE-2020-10508
CONFIRM
MISC
sunnet_technology — ehrd Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. 2020-03-27 4.3 CVE-2020-10509
CONFIRM
MISC
sunnet_technology — ehrd
 
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. 2020-03-27 4 CVE-2020-10510
CONFIRM
MISC
symfony — symfony
 
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7. 2020-03-30 4 CVE-2020-5255
MISC
CONFIRM
MISC
symfony — symfony
 
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule’s attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7. 2020-03-30 5.5 CVE-2020-5275
CONFIRM
CONFIRM
symfony — symfony
 
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 2020-03-30 5.5 CVE-2020-5274
MISC
MISC
CONFIRM
technicolor — tc7337_devices
 
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf. 2020-04-01 5 CVE-2020-11449
MISC
tikiwiki — groupware_and_cms
 
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. 2020-04-01 4.3 CVE-2020-8966
CONFIRM
CONFIRM
totemo — totemomail An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. 2020-03-27 5.5 CVE-2020-7918
MISC
MISC
toyota — model_year_2017_display_control_unit
 
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. 2020-03-30 5.4 CVE-2020-5551
MISC
MISC
ubiquiti — unifi_video_controller The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer. 2020-04-01 4 CVE-2020-8145
CONFIRM
ubiquiti — unifi_video_controller
 
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer. 2020-04-01 6.9 CVE-2020-8146
CONFIRM
ubiquiti — unifi_video_controller
 
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. 2020-04-01 5.2 CVE-2020-8144
CONFIRM
unisoon — ultralog_express UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. 2020-03-27 5 CVE-2020-3921
MISC
unisoon — ultralog_express
 
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. 2020-03-27 5.5 CVE-2020-3920
MISC

university_of_southern_california — innovation_in_integrated_informatics_lab_cereal

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context. 2020-03-30 5 CVE-2020-11104
MISC
vertiv — avocent_universal_management_gateway The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page. 2020-03-30 6 CVE-2019-9508
MISC
MISC
vertiv — avocent_universal_management_gateway
 
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code. 2020-03-30 6.5 CVE-2019-9509
MISC
MISC
weberp — weberp
 
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection. 2020-03-30 6.5 CVE-2019-7755
MISC
MISC
MISC
wordpress — wordpress A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. 2020-04-01 4.3 CVE-2020-5392
CONFIRM
MISC
CONFIRM
wordpress — wordpress The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. 2020-03-27 6.5 CVE-2020-10817
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference. 2020-04-01 6.5 CVE-2020-7948
MISC
CONFIRM
CONFIRM
MISC
wordpress — wordpress
 
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. 2020-04-01 6.8 CVE-2020-5391
CONFIRM
MISC
CONFIRM
wordpress — wordpress
 
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. 2020-04-01 4.3 CVE-2020-6753
CONFIRM
MISC
CONFIRM
yahoo — elide
 
In Elide before 4.5.14, it is possible for an adversary to “guess and check” the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater. 2020-03-30 4 CVE-2020-5289
MISC
MISC
CONFIRM
zeit — next.js
 
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. 2020-03-30 5 CVE-2020-5284
MISC
CONFIRM
zevenet — zen_load_balancer
 
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. 2020-04-02 4 CVE-2020-11491
MISC
MISC
zoho — manageengine_desktop_central Zoho ManageEngine Desktop Central allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. 2020-03-30 5 CVE-2020-8509
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — esoms
 
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials’ confidentiality. 2020-04-02 3.6 CVE-2019-19096
CONFIRM
abb — esoms
 
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. 2020-04-02 3.5 CVE-2019-19095
CONFIRM
abb — esoms
 
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. 2020-04-02 3.5 CVE-2019-19002
CONFIRM
abb — esoms
 
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. 2020-04-02 3.5 CVE-2019-19090
CONFIRM
abb — esoms
 
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. 2020-04-02 3.5 CVE-2019-19092
CONFIRM
apache — cxf
 
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory’ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. 2020-04-01 2.9 CVE-2020-1954
MISC
apache — druid
 
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. 2020-04-01 3.5 CVE-2020-1958
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST

apple — ios_and_ipados

The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher. 2020-04-01 2.1 CVE-2020-9780
MISC
apple — macos_catalina
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. 2020-04-01 2.1 CVE-2020-3881
MISC
apple — multiple_products
 
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks. 2020-04-01 2.1 CVE-2020-3917
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. 2020-04-01 2.1 CVE-2020-3891
MISC
MISC
apple — multiple_products
 
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. 2020-04-01 2.6 CVE-2020-3894
MISC
MISC
MISC
MISC
MISC
MISC

bd — pyxis_medstation_es_system_and_pyxis_anesthesia_es_system

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data. 2020-04-01 3.6 CVE-2020-10598
MISC
gradle — plugin_portal
 
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the –info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own. 2020-03-30 3.3 CVE-2020-7599
MISC
MISC
ibm — tivoli_netcool_impact
 
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408. 2020-03-31 3.5 CVE-2020-4235
XF
CONFIRM
intland_software — codebeamer_alm
 
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter. 2020-03-30 3.5 CVE-2019-19913
MISC
intland_software — codebeamer_alm
 
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. 2020-03-30 3.5 CVE-2019-19912
MISC
kubernetes — kubelet
 
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. 2020-03-27 3.3 CVE-2020-8551
MISC
MISC
microstrategy — web_services
 
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application. 2020-04-02 3.5 CVE-2020-11454
MISC
FULLDISC
MISC
MISC

otrs — open_ticket_request_system_and_open_ticket_request_system_community_edition

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 3.5 CVE-2020-1771
MISC
pfsense — pfsense
 
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. 2020-04-01 3.5 CVE-2020-11457
MISC
MISC
pki-core — pki-core
 
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code. 2020-03-31 3.5 CVE-2019-10180
CONFIRM
sonatype — nexus_repository_manager Sonatype Nexus Repository before 3.21.2 allows XSS. 2020-04-01 3.5 CVE-2020-10203
CONFIRM
versiant — lynx_customer_service_portal
 
Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure. 2020-03-30 3.5 CVE-2020-9055
MISC
CERT-VN
zoom — zoom_client_for_meetings
 
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user’s privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client’s microphone and camera access. 2020-04-01 2.1 CVE-2020-11470
MISC
MISC
zyxel — xgs221–52hp_devices
 
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. 2020-03-31 3.5 CVE-2019-13495
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3xlogic — infinias_eidc32_devices
 
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side’s interpretation of the <KEY>MYKEY</KEY> substring. 2020-04-04 not yet calculated CVE-2020-11542
MISC
apple — macos_catalina
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files. 2020-04-01 not yet calculated CVE-2020-3889
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements. 2020-04-01 not yet calculated CVE-2020-3883
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. 2020-04-01 not yet calculated CVE-2020-3885
MISC
MISC
MISC
MISC
MISC
MISC
bit2spr — bit2spr
 
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. 2020-04-04 not yet calculated CVE-2020-11528
MISC
MISC
dell — emc_isilon_onefs
 
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. 2020-04-04 not yet calculated CVE-2020-5347
MISC
dell — latitude_7202_rugged_tablet
 
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. 2020-04-04 not yet calculated CVE-2020-5348
MISC
eclipse — che
 
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod. 2020-04-03 not yet calculated CVE-2020-10689
CONFIRM
MISC
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool
 
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py. 2020-04-02 not yet calculated CVE-2020-11499
MISC
MISC
get-git-data — get-git-data
 
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. 2020-04-02 not yet calculated CVE-2020-7619
MISC
MISC
gnu_glibc — gnu_glibc
 
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker underflows the ‘num’ parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. 2020-04-01 not yet calculated CVE-2020-6096
MISC
gnutls — gnutls
 
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 ‘\0’ bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. 2020-04-03 not yet calculated CVE-2020-11501
MISC
MISC
DEBIAN
MISC
grav — grav
 
Common/Grav.php in Grav before 1.6.23 has an Open Redirect. 2020-04-04 not yet calculated CVE-2020-11529
MISC
MISC
hirschmann_automation_and_control — hios_and_hisecos
 
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. 2020-04-03 not yet calculated CVE-2020-6994
MISC
ibm — spectrum_scale
 
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. 2020-04-03 not yet calculated CVE-2020-4273
XF
CONFIRM
ibm — strongloop_strong-nginx-controller strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the ‘_nginxCmd()’ function. 2020-04-02 not yet calculated CVE-2020-7621
MISC
MISC
ini-parser — ini-parser
 
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a ‘__proto__’ payload. 2020-04-02 not yet calculated CVE-2020-7617
CONFIRM
CONFIRM
ivanti — workspace_control
 
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). 2020-04-04 not yet calculated CVE-2020-11533
MISC
jscover — jscover
 
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. 2020-04-02 not yet calculated CVE-2020-7623
MISC
MISC
linux — linux_kernel
 
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. 2020-04-02 not yet calculated CVE-2020-11494
MISC
linux — linux_kernel
 
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) 2020-04-02 not yet calculated CVE-2020-8835
CONFIRM
CONFIRM
FEDORA
CONFIRM
UBUNTU
UBUNTU
CONFIRM
CONFIRM
mcafee — endpoint_security_for_windows
 
Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. 2020-04-01 not yet calculated CVE-2020-7263
CONFIRM
mediawiki — mediawiki
 
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). 2020-04-03 not yet calculated CVE-2020-10960
CONFIRM
CONFIRM
mitsubishi — multiple_products
 
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions. 2020-03-30 not yet calculated CVE-2020-5527
MISC
MISC
netgear — multiple_products
 
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. 2020-04-01 not yet calculated CVE-2018-11106
CONFIRM
parrot — anafi_drone
 
Web server running on Parrot ANAFI can be crashed due to the SDK command “Common_CurrentDateTime” being sent to control service with larger than expected date length. 2020-04-01 not yet calculated CVE-2019-3945
MISC
parrot — anafi_drone
 
Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. 2020-04-01 not yet calculated CVE-2019-3944
MISC
pomelo-monitor — pomelo-monitor
 
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of ‘pomelo-monitor’ params. 2020-04-02 not yet calculated CVE-2020-7620
MISC
MISC
revive_adserver — revive_adserver
 
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. 2020-04-03 not yet calculated CVE-2020-8143
MISC
MISC
revive_adserver — revive_adserver
 
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided. 2020-04-03 not yet calculated CVE-2020-8142
MISC
MISC
slack — nebula
 
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user’s own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this “requires a high degree of access and other preconditions that are tough to achieve.” 2020-04-02 not yet calculated CVE-2020-11498
MISC
MISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. 2020-04-02 not yet calculated CVE-2020-11444
MISC
CONFIRM
starface — ucc_client
 
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. 2020-04-02 not yet calculated CVE-2020-10515
MISC
CONFIRM
MISC

suse — linux_enterprise_server_12_autoyast2_and15_autoyast2

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. 2020-04-03 not yet calculated CVE-2019-18905
CONFIRM
suse — multiple_products
 
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. 2020-04-02 not yet calculated CVE-2020-8016
CONFIRM
suse — multiple_products
 
A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. 2020-04-02 not yet calculated CVE-2020-8017
CONFIRM
suse — multiple_products
 
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1. 2020-04-03 not yet calculated CVE-2019-18904
CONFIRM

suse — openstack_cloud_and_openstack_cloud_crowbar

A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. 2020-04-03 not yet calculated CVE-2018-17954
CONFIRM
suse — opensuse_factory
 
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. 2020-04-02 not yet calculated CVE-2020-8015
CONFIRM
sytemd — systemd
 
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. 2020-03-31 not yet calculated CVE-2020-1712
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
testlink — testlink
 
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. 2020-04-03 not yet calculated CVE-2020-8638
MISC
CONFIRM
testlink — testlink
 
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. 2020-04-03 not yet calculated CVE-2020-8639
MISC
CONFIRM
testlink — testlink
 
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. 2020-04-03 not yet calculated CVE-2020-8637
MISC
CONFIRM
tp-link — cloud_camera
 
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. 2020-04-01 not yet calculated CVE-2020-11445
MISC
tp-link — multiple_devices
 
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. 2020-04-01 not yet calculated CVE-2020-10231
MISC
MISC
tp-link — tl-wr841n_devices
 
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. 2020-04-02 not yet calculated CVE-2020-8423
MISC
MISC
utils-extend — utils-extend
 
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. 2020-04-03 not yet calculated CVE-2020-8147
MISC
viewvc — viewvc
 
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28. 2020-04-03 not yet calculated CVE-2020-5283
MISC
MISC
CONFIRM
visam — vbase_editor_and_vbase_web-remote_module VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code. 2020-04-03 not yet calculated CVE-2020-10599
MISC
visam — vbase_editor_and_vbase_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. 2020-04-03 not yet calculated CVE-2020-7004
MISC
visam — vbase_editor_and_vbase_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. 2020-04-03 not yet calculated CVE-2020-7000
MISC
visam — vbase_editor_and_vbase_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. 2020-04-03 not yet calculated CVE-2020-7008
MISC
visam — vbase_editor_and_vbase_web-remote_module
 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash. 2020-04-03 not yet calculated CVE-2020-10601
MISC
wordpress — wordpress
 
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. 2020-04-03 not yet calculated CVE-2019-17230
MISC
wordpress — wordpress
 
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. 2020-04-03 not yet calculated CVE-2019-17231
MISC
xampp — xampp
 
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. 2020-04-02 not yet calculated CVE-2020-11107
CONFIRM
zevenet — zen_load_balancer
 
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter. 2020-04-02 not yet calculated CVE-2020-11490
MISC
MISC
zoho — manageengine_ad_self_service_plus
 
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. 2020-04-04 not yet calculated CVE-2020-11518
MISC
zoho — manageengine_op_manager
 
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. 2020-04-04 not yet calculated CVE-2020-11527
MISC
zoom — client_for_meetings
 
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. 2020-04-03 not yet calculated CVE-2020-11500
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of January 27, 2020

Original release date: February 3, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — illustrator_cc
 
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 9.3 CVE-2020-3714
CONFIRM
adobe — illustrator_cc
 
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 9.3 CVE-2020-3713
CONFIRM
adobe — illustrator_cc
 
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 9.3 CVE-2020-3712
CONFIRM
adobe — illustrator_cc
 
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 9.3 CVE-2020-3711
CONFIRM
adobe — illustrator_cc
 
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 9.3 CVE-2020-3710
CONFIRM
alienvault — ossim
 
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability 2020-01-27 7.8 CVE-2013-6056
MISC
amd — atidxx64.dll_driver An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 7.8 CVE-2019-5124
MISC
amd — atidxx64.dll_driver
 
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 7.8 CVE-2019-5146
MISC
amd — atidxx64.dll_driver
 
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 7.8 CVE-2019-5147
MISC
apache — spamassassin
 
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. 2020-01-30 9.3 CVE-2020-1931
CONFIRM
BUGTRAQ
DEBIAN
apache — spamassassin
 
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges. 2020-01-30 9.3 CVE-2020-1930
CONFIRM
MLIST
BUGTRAQ
DEBIAN
asus — rt-n56u_devices
 
ASUS RT-N56U devices allow CSRF. 2020-01-28 9.3 CVE-2013-3093
MISC
avast — secure_browser
 
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker. 2020-01-27 7.2 CVE-2019-17190
MISC
bitdefender — bitdefender_box_2
 
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. 2020-01-27 10 CVE-2019-17095
ETC
CONFIRM
ETC
bitdefender — bitdefender_box_2
 
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. 2020-01-27 9.3 CVE-2019-17096
CONFIRM
cisco — sd-wan_solution
 
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. 2020-01-26 9 CVE-2019-12629
CISCO
cisco — sd-wan_solution_vmanage
 
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. 2020-01-26 7.2 CVE-2020-3115
CISCO
cisco — small_business_switches
 
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 2020-01-30 7.8 CVE-2020-3147
CISCO
cisco — webex_video_mesh
 
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. 2020-01-26 9 CVE-2019-16005
CISCO
core_security — vivotek_ip_cameras
 
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. 2020-01-24 9 CVE-2013-1598
MISC
MISC
MISC
MISC
MISC
core_security — vivotek_pt7135_ip_camera
 
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. 2020-01-24 7.5 CVE-2013-1595
MISC
MISC
MISC
MISC
MISC
d-link — dir-859_devices
 
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. 2020-01-29 10 CVE-2019-20216
MISC
MISC
CONFIRM
d-link — dir-859_devices
 
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. 2020-01-29 10 CVE-2019-20215
MISC
CONFIRM
d-link — dir-859_devices
 
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. 2020-01-29 10 CVE-2019-20217
MISC
MISC
CONFIRM
d-link — dsr-250n_devices
 
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. 2020-01-25 9 CVE-2012-6613
EXPLOIT-DB
dolibarr — dolibarr
 
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. 2020-01-26 10 CVE-2020-7995
MISC
MISC
exiv2 — exiv2
 
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. 2020-01-27 7.1 CVE-2019-20421
MISC
MISC
fudforum — fudforum_bulletin_board
 
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. 2020-01-27 9 CVE-2013-2267
BID
XF
geocoder — geocoder
 
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. 2020-01-25 7.5 CVE-2020-7981
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition
 
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. 2020-01-28 7.5 CVE-2019-5464
MISC
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition
 
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user’s account. 2020-01-28 7.5 CVE-2019-15585
MISC
MISC
git — git
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka ‘Git for Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. 2020-01-24 9.3 CVE-2019-1352
SUSE
REDHAT
MISC
MISC
git — git
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka ‘Git for Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. 2020-01-24 9.3 CVE-2019-1354
SUSE
MISC
MISC
git — git
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka ‘Git for Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. 2020-01-24 9.3 CVE-2019-1349
SUSE
REDHAT
MISC
MISC
git — git
 
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka ‘Git for Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. 2020-01-24 9.3 CVE-2019-1350
SUSE
MISC
MISC
gnu — gnu_coreutils
 
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. 2020-01-24 7.5 CVE-2015-4042
MISC
MISC
handsomeweb — sos_webpages
 
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. 2020-01-28 7.5 CVE-2014-3445
MISC
MISC
MISC
MISC
MISC
huawei — e587_3g_mobile_hotspot
 
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. 2020-01-27 10 CVE-2013-2612
XF
BID
i_read_it_somewhere — i_read_it_somewhere
 
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. 2020-01-25 7.5 CVE-2013-1744
MISC
intellian_technologies — aptus
 
The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. 2020-01-27 10 CVE-2020-8001
MISC
intellian_technologies — aptus_web
 
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. 2020-01-27 10 CVE-2020-8000
MISC
intellian_technologies — aptus_web
 
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. 2020-01-25 10 CVE-2020-7980
MISC
MISC
MISC
intellian — aptus
 
The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. 2020-01-27 7.5 CVE-2020-7999
MISC
irfanview — flashpix_plugin
 
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability 2020-01-27 9.3 CVE-2013-3486
MISC
MISC
isof — isof
 
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. 2020-01-29 7.5 CVE-2019-10783
MISC
jenkins — jenkins
 
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. 2020-01-29 7.5 CVE-2020-2099
MLIST
CONFIRM
koha — koha
 
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. 2020-01-24 7.5 CVE-2014-1925
MISC
MISC
MISC
MISC
koha — koha
 
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. 2020-01-24 7.5 CVE-2014-1924
MISC
MISC
MISC
MISC
lexmark — markvision_enterprise
 
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. 2020-01-27 7.8 CVE-2014-8742
CONFIRM
MISC
lexmark — markvision_enterprise
 
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. 2020-01-27 10 CVE-2014-8741
CONFIRM
MISC
lorex_technology — lnc116_and_lnc104_ip_cameras
 
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability 2020-01-24 7.5 CVE-2012-6451
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client. 2020-01-27 7.8 CVE-2019-20424
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size. 2020-01-27 7.8 CVE-2019-20432
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. 2020-01-27 7.8 CVE-2019-20425
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. 2020-01-27 7.8 CVE-2019-20430
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. 2020-01-27 7.8 CVE-2019-20431
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2. 2020-01-27 7.8 CVE-2019-20429
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter. 2020-01-27 7.8 CVE-2019-20428
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check. 2020-01-27 7.8 CVE-2019-20426
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error. 2020-01-27 7.8 CVE-2019-20423
MISC
MISC
MISC
MISC
lustre — lustre
 
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error. 2020-01-27 9 CVE-2019-20427
MISC
MISC
MISC
MISC
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-29 7.8 CVE-2020-3719
CONFIRM
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 10 CVE-2020-3716
CONFIRM
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-29 10 CVE-2020-3718
CONFIRM
microsoft — visual_studio_code
 
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’. 2020-01-24 7.2 CVE-2019-1414
MISC
netgear — centria_wndr4700_devices
 
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. 2020-01-28 7.5 CVE-2013-3071
BID
netgear — wndr4700_media_server_devices
 
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). 2020-01-28 7.8 CVE-2013-3074
BID
netgear — wnr1000v3
 
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. 2020-01-29 10 CVE-2013-3317
EXPLOIT-DB
netgear — wnr1000v3
 
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a “.jpg”. 2020-01-29 10 CVE-2013-3316
EXPLOIT-DB

opensmtpd — opensmtpd

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the “uncommented” default configuration. The issue exists because of an incorrect return value upon failure of input validation. 2020-01-29 10 CVE-2020-7247
MISC
MISC
FULLDISC
MISC
CONFIRM
BUGTRAQ
DEBIAN
CERT-VN
CONFIRM
postgresql — postgresql
 
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. 2020-01-27 7.5 CVE-2015-0244
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
red_hat — openshift_origin
 
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. 2020-01-28 10 CVE-2013-2060
MISC
MISC
MISC
MISC
ruckus — zoneflex_r500_devices
 
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. 2020-01-29 9 CVE-2020-8438
MISC
soapbox — soapbox
 
Soapbox through 0.3.1: Sandbox bypass – runs a second instance of Soapbox within a sandboxed Soapbox. 2020-01-24 7.2 CVE-2012-6302
MISC
suse — Linux_enterprise_server_11
 
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. 2020-01-24 7.2 CVE-2019-3693
SUSE
CONFIRM
suse — linux_enterprise_server_11
 
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. 2020-01-24 7.2 CVE-2019-3692
CONFIRM
suse — opensuse
 
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. 2020-01-24 7.2 CVE-2019-3697
CONFIRM
suse — opensuse_factory
 
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. 2020-01-24 7.2 CVE-2019-3694
CONFIRM
synacor — zimbra_collaboration
 
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. 2020-01-27 7.5 CVE-2014-8563
CONFIRM
CONFIRM
tp-link — tp-link_ip_cameras
 
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. 2020-01-29 10 CVE-2013-2573
MISC
MISC
MISC
MISC
MISC
vtiger — vtiger_crm
 
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. 2020-01-29 7.5 CVE-2013-3215
BID
XF
vtiger — vtiger_crm
 
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in ‘vtigerolservice.php’. 2020-01-28 7.5 CVE-2013-3214
EXPLOIT-DB
BID
XF
webcalendar_project — webcalendar
 
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. 2020-01-27 7.5 CVE-2012-1495
MISC
MISC
MISC
MISC
xnview — xnview
 
XnView 2.03 has an integer overflow vulnerability 2020-01-27 7.5 CVE-2013-3493
MISC
xnview — xnview
 
XnView 2.03 has a stack-based buffer overflow vulnerability 2020-01-27 7.5 CVE-2013-3492
MISC
zavio — zavio_ip_cameras
 
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. 2020-01-29 10 CVE-2013-2568
MISC
MISC
MISC
MISC
MISC
zavio — zavio_ip_cameras
 
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. 2020-01-29 7.5 CVE-2013-2570
MISC
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions — codesys_control_and_gateway_and_hmi
 
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. 2020-01-24 4 CVE-2020-7052
CONFIRM
MISC
N/A — N/A
 
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. 2020-01-28 6.8 CVE-2015-8011
MISC
MISC
MISC
N/A — N/A
 
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. 2020-01-27 4.3 CVE-2020-8091
MISC
MISC
N/A — N/A
 
BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. 2020-01-29 5 CVE-2020-8416
CONFIRM
CONFIRM
CONFIRM
MISC
N/A — N/A
 
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. 2020-01-28 4.3 CVE-2014-8490
MISC
MISC
N/A — secure_entry_server
 
Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default. 2020-01-28 5.8 CVE-2013-2764
BID
XF
adive — adive
 
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. 2020-01-26 6.8 CVE-2020-7991
MISC
MISC
MISC
adive — adive_framework
 
Adive Framework 2.0.8 has admin/user/add userName XSS. 2020-01-26 4.3 CVE-2020-7990
MISC
MISC
adive — adive_framework
 
Adive Framework 2.0.8 has admin/user/add userUsername XSS. 2020-01-26 4.3 CVE-2020-7989
MISC
MISC
amazon — aws_xms
 
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the ‘what’ parameter. 2020-01-27 5 CVE-2013-2474
EXPLOIT-DB
BID
XF

amd — atidxx64.dll_driver

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2020-01-25 6.8 CVE-2019-5183
MISC
angular_expressions — angular_expressions
 
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. 2020-01-24 6.8 CVE-2020-5219
MISC
MISC
CONFIRM
apache — nifi
 
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers. 2020-01-28 4.3 CVE-2020-1933
CONFIRM
apache — nifi
 
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present. 2020-01-28 5 CVE-2020-1928
CONFIRM
apache — superset
 
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users’ information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. 2020-01-28 4 CVE-2020-1932
MISC
asus — wrt-ac66u_3_rt_devices
 
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. 2020-01-28 4.3 CVE-2020-7997
MISC
big_switch_networks — big_monitoring_fabric
 
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. 2020-01-24 4.3 CVE-2019-19632
MISC
MISC
bitdefender — epsecurityservice.exe
 
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. 2020-01-27 4.4 CVE-2019-17099
CONFIRM
bytemark — symbiosis
 
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. 2020-01-27 5 CVE-2014-3979
MISC
MISC
MISC
chamilo — chamilo
 
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. 2020-01-30 4.3 CVE-2013-0739
MISC
MISC
chamilo — chamilo
 
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. 2020-01-30 4.3 CVE-2013-0738
MISC
MISC
cisco — application_policy_infrastructure_controller
 
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j). 2020-01-26 5 CVE-2020-3139
CISCO
cisco — asyncos_software
 
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. 2020-01-26 6.4 CVE-2020-3134
CISCO
cisco — crosswork_change_automation
 
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-01-26 4.3 CVE-2019-16024
CISCO
cisco — data_center_analytics_framework
 
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. 2020-01-26 4.3 CVE-2019-16015
CISCO
cisco — finesse
 
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. 2020-01-26 4.3 CVE-2019-15278
CISCO
cisco — identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. 2020-01-26 4 CVE-2019-15255
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. 2020-01-26 5 CVE-2019-16022
CISCO
cisco — ios_xr_software
 
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim&rsquo;s BGP network on an existing, valid TCP connection to a BGP peer. 2020-01-26 5 CVE-2019-15989
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. 2020-01-26 5 CVE-2019-16020
CISCO
cisco — ios_xr_software
 
A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS&ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS&ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS&ndash;IS process. 2020-01-26 4 CVE-2019-16027
CISCO
cisco — jabber_guest
 
A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier. 2020-01-26 4.3 CVE-2020-3136
CISCO
cisco — mobility_management_entity
 
A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. 2020-01-26 4.3 CVE-2019-16026
CISCO
cisco — sd-wan_solution_vmanage
 
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. 2020-01-26 4 CVE-2019-12619
CISCO
cisco — small_business_smart_and_managed_switches
 
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-01-26 4.3 CVE-2020-3121
CISCO
cisco — smart_software_manager_on-prem
 
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. 2020-01-26 6.4 CVE-2019-16029
CISCO
cisco — ucs_director
 
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. 2020-01-26 5 CVE-2019-16003
CISCO
cisco — webex_meetings_suite_and_online
 
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device&rsquo;s web browser. The browser will then request to launch the device&rsquo;s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. 2020-01-26 5 CVE-2020-3142
CISCO
cisco — webex_teams
 
A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user’s client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. 2020-01-26 4 CVE-2020-3131
CISCO
codecov — codecov
 
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the “gcov-args” argument. 2020-01-25 6.5 CVE-2020-7596
MISC
contao — contao
 
contao prior to 2.11.4 has a sql injection vulnerability 2020-01-29 6.5 CVE-2012-4383
MISC
core_security — vivotek_pt7135_ip_camera
 
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. 2020-01-24 5 CVE-2013-1594
MISC
MISC
MISC
MISC
MISC
MISC
core_security — vivotek_pt7135_ip_camera
 
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. 2020-01-24 5 CVE-2013-1596
MISC
MISC
MISC
MISC
MISC
core_security — tp-link_ip_cameras
 
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. 2020-01-29 5 CVE-2013-2572
MISC
MISC
MISC
MISC
MISC
core_security — vivotek_pt7135_ip_cameras
 
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. 2020-01-24 4 CVE-2013-1597
MISC
MISC
MISC
MISC
MISC
core_security — zavio_ip_cameras
 
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. 2020-01-29 5 CVE-2013-2567
MISC
MISC
MISC
MISC
MISC
core_security — zavio_ip_cameras
 
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream. 2020-01-29 5 CVE-2013-2569
MISC
MISC
MISC
MISC
cpanel — webhost_manager
 
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-27 4.3 CVE-2012-6448
EXPLOIT-DB
dolibarr — dolibarr
 
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. 2020-01-26 4.3 CVE-2020-7994
MISC
MISC
dolibarr — dolibarr
 
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. 2020-01-26 4.3 CVE-2020-7996
MISC
MISC
eucalyptus — eucalyptus_management_control
 
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-27 4.3 CVE-2013-4770
MISC
f-revocrm — f-revocrm
 
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-27 4.3 CVE-2019-6036
MISC
MISC
fuji_xerox — netprint
 
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-01-27 5.8 CVE-2020-5520
MISC
MISC
fuji_xerox — kantan_netprint
 
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-01-27 5.8 CVE-2020-5521
MISC
MISC
fuji_xerox — kantan_netprint
 
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-01-27 5.8 CVE-2020-5522
MISC
MISC
gitlab — gitlab
 
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. 2020-01-28 5 CVE-2019-5470
MISC
MISC
MISC
gitlab — gitlab
 
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. 2020-01-28 5 CVE-2019-5472
MISC
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition

 

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. 2020-01-28 5 CVE-2019-15578
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition

 

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. 2020-01-28 5 CVE-2019-15579
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition

 

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. 2020-01-28 5 CVE-2019-15581
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition

 

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. 2020-01-28 5 CVE-2019-15582
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition
 
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration 2020-01-28 5 CVE-2019-15590
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition
 
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. 2020-01-28 5 CVE-2019-15583
MISC
MISC
gitlab — gitlab_community_and_enterprise_edition
 
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. 2020-01-28 4.3 CVE-2019-15586
MISC
MISC
gitlab — gitlab_community_end_enterprise_edition
 
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. 2020-01-28 6.8 CVE-2019-5462
MISC
MISC
MISC
git — git
 
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka ‘Git for Visual Studio Tampering Vulnerability’. 2020-01-24 5 CVE-2019-1351
SUSE
MISC
MISC
gnu — aspell
 
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single ‘\0’ byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. 2020-01-27 6.4 CVE-2019-20433
MISC
gnu — gnucoreutils
 
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. 2020-01-24 4.6 CVE-2015-4041
MISC
MISC
MISC
gnu — gnutls
 
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. 2020-01-27 5 CVE-2015-0294
MISC
MISC
MISC
google — android
 
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. 2020-01-24 4.3 CVE-2015-1525
MISC
google — android
 
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. 2020-01-24 6 CVE-2015-1530
MISC
ibm — content_navigator
 
IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. 2020-01-28 4 CVE-2019-4679
XF
CONFIRM
ibm — mq_and_mq_appliance
 
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. 2020-01-28 4 CVE-2019-4614
XF
CONFIRM
ibm — mq_and_mq_appliance
 
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. 2020-01-28 4.3 CVE-2019-4568
XF
CONFIRM
ibm — mq_appliance_and_lts
 
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. 2020-01-28 4.6 CVE-2019-4620
XF
CONFIRM
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. 2020-01-28 5.5 CVE-2019-4707
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004. 2020-01-28 4.3 CVE-2019-4632
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. 2020-01-28 4.3 CVE-2019-4638
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. 2020-01-28 4 CVE-2019-4635
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001. 2020-01-28 5.8 CVE-2019-4631
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045. 2020-01-28 5 CVE-2019-4639
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. 2020-01-28 4 CVE-2019-4636
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043. 2020-01-28 4 CVE-2019-4637
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007. 2020-01-28 4.3 CVE-2019-4633
XF
CONFIRM
icewarp — webmail_server
 
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. 2020-02-01 4.3 CVE-2020-8512
MISC
MISC
jazzband — django-user-sessions
 
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. 2020-01-24 4 CVE-2020-5224
CONFIRM
MISC
jenkins — fortify_plugin
 
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2020-01-29 4 CVE-2020-2107
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. 2020-01-29 4 CVE-2020-2104
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. 2020-01-29 5 CVE-2020-2100
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user’s detail object in the whoAmI diagnostic page. 2020-01-29 4 CVE-2020-2103
MLIST
CONFIRM
jenkins — jenkins
 
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. 2020-01-29 4.3 CVE-2020-2105
MLIST
CONFIRM
jenkins — websphere_deployer_plugin
 
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. 2020-01-29 6.5 CVE-2020-2108
MLIST
CONFIRM
jetbrains — intellij_idea
 
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. 2020-01-30 5 CVE-2020-7905
MISC
CONFIRM
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. 2020-01-30 5.8 CVE-2020-7904
MISC
CONFIRM
jetbrains — rider
 
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. 2020-01-30 5 CVE-2020-7906
MISC
MISC
jetbrains — teamcity
 
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. 2020-01-30 4.3 CVE-2020-7908
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. 2020-01-30 5 CVE-2020-7909
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. 2020-01-30 4.3 CVE-2020-7911
MISC
CONFIRM
jetbrains — youtrack
 
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. 2020-01-30 5 CVE-2020-7912
MISC
CONFIRM
jetbrains — youtrack
 
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. 2020-01-30 4.3 CVE-2020-7913
MISC
CONFIRM
koha — koha
 
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. 2020-01-24 5 CVE-2014-1923
MISC
MISC
MISC
MISC
MISC
koha — koha
 
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. 2020-01-24 5 CVE-2014-1922
MISC
MISC
MISC
MISC
lldpd — lldpd
 
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. 2020-01-28 5 CVE-2015-8012
MISC
MISC
CONFIRM
CONFIRM
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-29 5 CVE-2020-3717
CONFIRM
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-29 4.3 CVE-2020-3715
CONFIRM
magento — magento
 
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-29 4.3 CVE-2020-3758
CONFIRM
mediawiki — N/A
 
Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. 2020-01-28 4.3 CVE-2013-6451
MISC
mediawiki — mediawiki
 
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. 2020-01-28 5 CVE-2013-6455
MISC
microsoft — Microsoft_dynamics_365_server
 
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka ‘Microsoft Dynamics 365 Elevation of Privilege Vulnerability’. 2020-01-24 4 CVE-2018-8654
MISC
mirumee — saleor
 
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). 2020-01-24 5 CVE-2020-7964
MISC
MISC
mympc — media_player_classic_home_cinema
 
Stack-based buffer overflow in Media Player Classic – Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file. 2020-01-31 6.8 CVE-2013-3488
CONFIRM
MISC
mympc — media_player_classic_home_cinema
 
Buffer overflow in Media Player Classic – Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file 2020-01-31 6.8 CVE-2013-3489
MISC
MISC
netapp — oncommand_system_manager
 
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the ‘full-name’ and ‘comment’ fields. 2020-01-29 4.3 CVE-2013-3320
BID
XF
XF
netapp — oncommand_system_manager
 
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the “diagnostic” page using the SnapMirror log path parameter. 2020-01-29 6 CVE-2013-3321
XF
MISC
netty — netty
 
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. 2020-01-27 5 CVE-2020-7238
MISC
MISC
netty — netty
 
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an “invalid fold.” 2020-01-29 6.4 CVE-2019-20444
MISC
MISC
MLIST
MLIST
MLIST
netty — netty
 
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. 2020-01-29 6.4 CVE-2019-20445
MISC
MISC
MLIST
MLIST
MLIST
novell — zenworks_configuration_management
 
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. 2020-01-25 5 CVE-2012-6345
MISC
novell — zenworks_configuration_management
 
Novell ZENworks Configuration Management before 11.2.4 allows XSS. 2020-01-25 4.3 CVE-2012-6344
MISC
ntt_data_corporation — mypallete
 
Android App ‘MyPallete’ and some of the Android banking applications based on ‘MyPallete’ do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-01-28 5.8 CVE-2020-5523
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
openpne — openpne_3
 
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability 2020-01-24 6.4 CVE-2013-4333
MISC
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. 2020-01-30 6.5 CVE-2020-8442
MISC
MISC
MISC
postgresql — postgresql
 
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. 2020-01-27 4 CVE-2014-8161
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
postgresql — postgresql
 
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. 2020-01-27 6.5 CVE-2015-0243
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
postgresql — postgresql
 
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. 2020-01-27 6.5 CVE-2015-0242
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
postgresql — postgresql
 
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. 2020-01-27 6.5 CVE-2015-0241
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
proxmox — proxmox
 
Proxmox VE prior to 3.2: ‘AccessControl.pm’ User Enumeration Vulnerability 2020-01-27 5 CVE-2014-4156
MISC
MISC
pwgen_project — pwgen
 
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. 2020-01-27 5 CVE-2013-4441
MISC
MISC
MISC
MISC
pyradius — pyrad
 
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. 2020-01-28 4.3 CVE-2013-0294
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
MISC
CONFIRM
python — python
 
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker’s copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system’s copy. Windows 8 and later are unaffected. 2020-01-28 4.3 CVE-2020-8315
MISC
qt — qt
 
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. 2020-01-24 5 CVE-2015-9541
MISC
rapid7 — nexpose
 
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user’s session and gain unauthorized access. 2020-01-25 4.3 CVE-2012-6494
BID
XF
ratpack — ratpack
 
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable – so for this to be utilized in production it would require users to not disable development mode. 2020-01-28 4.3 CVE-2019-10770
CONFIRM
roundup — roundup
 
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. 2020-01-30 4.3 CVE-2012-6133
CONFIRM
MISC
MISC
MISC
CONFIRM
simplehrm — simplehrm
 
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in ‘user_manager.php’ via spoofing a cookie. 2020-01-27 5 CVE-2013-2499
MISC
BID
XF
simplesamlphp — simplesamlphp
 
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. 2020-01-24 5.5 CVE-2020-5225
CONFIRM
MISC
smb4k — smb4k
 
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the “Additional options” line edit. 2020-01-28 5 CVE-2014-2581
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
stroom — stroom
 
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user. 2020-01-28 4.3 CVE-2019-10779
CONFIRM
synacor — zimbra-collaboration
 
Synacor Zimbra Collaboration before 8.0.8 has XSS. 2020-01-27 4.3 CVE-2014-5500
CONFIRM
synacor — zimbra_collaboration
 
Zimbra Collaboration 8.7.x – 8.8.11P2 contains persistent XSS. 2020-01-27 4.3 CVE-2019-8945
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration
 
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. 2020-01-27 4.3 CVE-2019-15313
MISC
MISC
synacor — zimbra_collaboration
 
Zimbra Collaboration 8.7.x – 8.8.11P2 contains persistent XSS. 2020-01-27 4.3 CVE-2019-8946
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration
 
Zimbra Collaboration 8.7.x – 8.8.11P2 contains non-persistent XSS. 2020-01-27 4.3 CVE-2019-8947
MISC
MISC
MISC
MISC
tiki_software — tiki_wiki_cms_groupware
 
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. 2020-01-27 6 CVE-2011-4558
MISC
tor_project — tor
 
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24 5 CVE-2015-2688
MISC
MISC
tor_project — tor
 
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. 2020-01-24 5 CVE-2015-2929
MISC
MISC
tor_project — tor
 
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. 2020-01-24 5 CVE-2015-2928
MLIST
CONFIRM
tor_project — tor
 
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. 2020-01-24 5 CVE-2015-2689
MISC
MISC
tornadoweb — tornado
 
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. 2020-01-24 4.3 CVE-2014-9720
MISC
MISC
MISC
MISC
MISC
tp-link — tp-link_tl-wr849n
 
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. 2020-01-27 4.1 CVE-2019-19143
MISC
valve_dota_2 — valve_dota_2
 
rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. 2020-01-27 6.8 CVE-2020-7952
MISC
valve_dota_2 — valve_dota_2
 
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. 2020-01-27 6.8 CVE-2020-7949
MISC
valve_dota_2 — valve_dota_2
 
meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. 2020-01-27 6.8 CVE-2020-7951
MISC
valve_dota_2 — valve_dota_2
 
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. 2020-01-27 6.8 CVE-2020-7950
MISC
videolan — vlc_media_player
 
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. 2020-01-24 6.8 CVE-2014-9626
MISC
MISC
CONFIRM
videolan — vlc_media_player
 
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. 2020-01-24 6.8 CVE-2014-9630
MISC
MISC
CONFIRM
videolan — vlc_media_player
 
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. 2020-01-24 6.8 CVE-2014-9628
MISC
MISC
CONFIRM
videolan — vlc_media_player
 
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. 2020-01-24 6.8 CVE-2014-9629
MISC
MISC
CONFIRM
videolan — vlc_media_player
 
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an “integer truncation” vulnerability. 2020-01-24 6.8 CVE-2014-9625
MISC
MISC
CONFIRM
videolan — vlc_media_player
 
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. 2020-01-24 6.8 CVE-2014-9627
MISC
MISC
CONFIRM
viewgit — viewgit
 
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php. 2020-01-30 4.3 CVE-2013-2294
CONFIRM
MISC
MISC
MISC
webcalendar_project — webcalendar
 
Local file inclusion in WebCalendar before 1.2.5. 2020-01-27 6.5 CVE-2012-1496
MISC
wiz — wiz
 
Wiz 5.0.3 has a user mode write access violation 2020-01-27 5 CVE-2013-5659
MISC
MISC
wordpress — wordpress
 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php. 2020-01-28 6.8 CVE-2015-5483
MISC
MISC
MISC
wordpress — wordpress
 
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability 2020-01-27 6.4 CVE-2013-4462
MISC
MISC
wordpress — wordpress
 
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the ‘playerID’ parameter. 2020-01-28 4.3 CVE-2013-2714
BID
wso2 — multiple_products An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect’s URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects. 2020-01-28 4.3 CVE-2019-20436
MISC
MISC
wso2 — multiple_products
 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect’s URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations. 2020-01-28 4.3 CVE-2019-20437
MISC
MISC
zend — zend_mail
 
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. 2020-01-27 4.3 CVE-2015-3154
CONFIRM
zeuscart — zeuscart
 
Multiple SQL injection vulnerabilities in ZeusCart 4.x. 2020-01-31 6.5 CVE-2014-3868
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
N/A — N/A
 
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc. 2020-01-28 3.5 CVE-2019-15607
MISC
N/A — N/A
 
The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). 2020-01-27 3.5 CVE-2020-8090
MISC
bitdefender — bitdefender_av_for_mac
 
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. 2020-01-27 2.1 CVE-2019-17103
CONFIRM
cisco — multiple_products
 
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2020-01-26 3.5 CVE-2019-16008
CISCO
cisco — unity_connection_software
 
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. 2020-01-26 3.5 CVE-2020-3129
CISCO
dokeos — dokeos
 
Dokeos 2.1.1 has multiple XSS issues involving “extra_” parameters in main/auth/profile.php. 2020-01-29 3.5 CVE-2012-5776
MISC
MISC
fortinet — fortisiem
 
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. 2020-01-28 3.5 CVE-2019-17651
CONFIRM
git — git
 
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The –export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=… and it allows overwriting arbitrary paths. 2020-01-24 3.6 CVE-2019-1348
SUSE
REDHAT
MISC
MISC
google — android
 
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka ‘Outlook for Android Spoofing Vulnerability’. 2020-01-24 3.5 CVE-2019-1460
MISC
havalite — havalite_cms
 
Havalite CMS 1.1.7 has a stored XSS vulnerability 2020-01-29 3.5 CVE-2013-0161
MISC
jenkins — jenkins
 
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. 2020-01-29 3.5 CVE-2020-2101
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. 2020-01-29 3.5 CVE-2020-2106
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. 2020-01-29 3.5 CVE-2020-2102
MLIST
CONFIRM
jetbrains — teamcity
 
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. 2020-01-30 3.5 CVE-2020-7910
MISC
CONFIRM
linux — Linux_kernel
 
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. 2020-01-29 3.6 CVE-2020-8428
MLIST
MLIST
MISC
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. 2020-01-27 2.1 CVE-2019-20422
MISC
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka ‘Windows User Profile Service Elevation of Privilege Vulnerability’. 2020-01-24 3.6 CVE-2019-1454
MISC
netapp — e-series_santricity_os_controller_software
 
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. 2020-01-30 3.3 CVE-2019-17273
CONFIRM
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. 2020-01-30 2.1 CVE-2020-8446
MISC
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user. 2020-01-30 2.1 CVE-2020-8448
MISC
MISC
MISC
simplesamlphp — simplesamlphp
 
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field. 2020-01-24 3.5 CVE-2020-5226
CONFIRM
MISC
suse — linux_enterprise_server
 
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the “easy” permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. 2020-01-24 1.9 CVE-2019-3687
CONFIRM
suse — networkmanager
 
NetworkManager 0.9.x does not pin a certificate’s subject to an ESSID when 802.11X authentication is used. 2020-01-27 3.2 CVE-2006-7246
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration
 
Zimbra Collaboration before 8.6.0 patch5 has XSS. 2020-01-27 3.5 CVE-2015-2249
CONFIRM
synacor — zimbra_collaboration
 
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. 2020-01-27 3.5 CVE-2019-11318
MISC
MISC
MISC
MISC
synacor — zimbra_collaboration
 
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. 2020-01-27 3.5 CVE-2019-12427
MISC
MISC
MISC
virgl — virglrenderer
 
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. 2020-01-27 2.1 CVE-2020-8003
MISC
MISC
MISC
MISC
virgl — virglrenderer
 
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). 2020-01-27 2.1 CVE-2020-8002
MISC
MISC
MISC
wordpress — wordpress
 
Pinboard 1.0.6 theme for WordPress has XSS. 2020-01-27 3.5 CVE-2013-0286
MISC
wordpress — wordpress
 
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. 2020-01-28 3.5 CVE-2020-8426
MISC
MISC
MISC
wowza_media_systems — wowza_streaming_engine
 
Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. 2020-01-29 3.5 CVE-2019-7655
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. 2020-01-28 3.5 CVE-2019-20434
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. 2020-01-28 3.5 CVE-2019-20435
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. 2020-01-28 3.5 CVE-2019-20438
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the “manage the API” page of the API Publisher. 2020-01-28 3.5 CVE-2019-20439
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. 2020-01-28 3.5 CVE-2019-20440
MISC
MISC
wso2 — api_manager
 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the ‘implement phase’ of the API Publisher. 2020-01-28 3.5 CVE-2019-20441
MISC
MISC
wso2 — multiple_products
 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. 2020-01-28 3.5 CVE-2019-20443
MISC
MISC
wso2 — multiple_products
 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. 2020-01-28 3.5 CVE-2019-20442
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abrt — abrt
 
ABRT might allow attackers to obtain sensitive information from crash reports. 2020-01-31 not yet calculated CVE-2011-4088
MISC
MISC
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-01-28 not yet calculated CVE-2019-8257
CONFIRM
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-01-28 not yet calculated CVE-2019-7131
CONFIRM
aircrack-ng — aircrack-ng
 
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. 2020-01-31 not yet calculated CVE-2014-8321
CONFIRM
MISC
MISC
CONFIRM
MISC
aircrack-ng — aircrack-ng
 
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. 2020-01-31 not yet calculated CVE-2014-8322
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
alcatel-lucent — 1830_photonic_service_switch Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. 2020-01-31 not yet calculated CVE-2014-3809
MISC
apache — jackrabbit_oak
 
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. 2020-01-28 not yet calculated CVE-2020-1940
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
aroxsolution — school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. 2020-01-31 not yet calculated CVE-2020-8505
MISC
aroxsolution — school_management_software_php/mysql
 
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. 2020-01-31 not yet calculated CVE-2020-8504
MISC
aruba — airwave_management_platform
 
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 2020-01-31 not yet calculated CVE-2016-2032
MISC
MISC
MISC
MISC
aruba — clearpass_policy_manager
 
Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to 6.5.6 and 6.6.0 includes SQL injection issues, unauthenticated arbitrary file read via XXE, remote root command execution, and elevated privilege issues. 2020-01-31 not yet calculated CVE-2016-2033
CONFIRM
aruba — instate
 
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. 2020-01-31 not yet calculated CVE-2016-2031
MISC
MISC
MISC
MISC
belkin — wemo_switch Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. 2020-01-28 not yet calculated CVE-2013-2748
EXPLOIT-DB
BID
XF
belkin_wemo_insight_switch
 
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. 2020-01-27 not yet calculated CVE-2019-17094
CONFIRM
biscom — biscom_secure_file_transfer
 
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. 2020-01-31 not yet calculated CVE-2020-8503
MISC
bitdefender — bitdefender_antivirus_for_mac
 
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. 2020-01-30 not yet calculated CVE-2020-8092
MISC
bitdefender — bitdefender_antivirus_for_mac
 
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution 2020-01-30 not yet calculated CVE-2020-8093
MISC
bitdefender — bitdefender_total_security_2020
 
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. 2020-01-30 not yet calculated CVE-2020-8095
CONFIRM
bitdefender — box_2
 
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36. 2020-01-27 not yet calculated CVE-2019-17102
CONFIRM
bitdefender — total_security_2020
 
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. 2020-01-27 not yet calculated CVE-2019-17100
MISC
c-lightning — c-lightning
 
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states “It can be used for testing, but it should not be used for real funds.” 2020-01-31 not yet calculated CVE-2019-12998
MISC
CONFIRM
cisco — ios_xr_software
 
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer. 2020-01-26 not yet calculated CVE-2019-16018
CISCO
com.puppycrawl.tools:checkstyle — com.puppycrawl.tools:checkstyle
 
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. 2020-01-30 not yet calculated CVE-2019-10782
MISC
cups_easy — cups_easy_purchase_&_inventory
 
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. 2020-01-28 not yet calculated CVE-2020-8425
MISC
MISC
cups_easy — cups_easy_purchase_&_inventory
 
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. 2020-01-28 not yet calculated CVE-2020-8424
MISC
MISC
cysharp — messagepack_for_c#_and_unity
 
MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. 2020-01-31 not yet calculated CVE-2020-5234
MISC
CONFIRM
d-link — multiple_cameras An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information. 2020-01-28 not yet calculated CVE-2013-1600
MISC
MISC
MISC
MISC
MISC
d-link — multiple_ip_cameras An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream. 2020-01-28 not yet calculated CVE-2013-1603
MISC
MISC
MISC
MISC
MISC
d-link — multiple_ip_cameras A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera?s web interface. 2020-01-28 not yet calculated CVE-2013-1599
MISC
MISC
MISC
MISC
FULLDISC
MISC
d-link — multiple_ip_cameras An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information. 2020-01-28 not yet calculated CVE-2013-1601
MISC
MISC
MISC
MISC
MISC
d-link — multiple_ip_cameras An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. 2020-01-28 not yet calculated CVE-2013-1602
MISC
MISC
MISC
MISC
das_u-boot — das_u-bootN/A
 
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. 2020-01-29 not yet calculated CVE-2020-8432
MISC
MISC
draytek — multiple_devices
 
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. 2020-02-01 not yet calculated CVE-2020-8515
MISC
drupal — drupal The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. 2020-01-30 not yet calculated CVE-2013-2198
MISC
CONFIRM
CONFIRM
CONFIRM
drupal — drupal The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. 2020-01-30 not yet calculated CVE-2013-4187
MISC
MISC
MISC
CONFIRM
MISC
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. 2020-01-31 not yet calculated CVE-2014-8338
MISC
MISC
eclair — eclair
 
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states “it is beta-quality software and don’t put too much money in it.” 2020-01-31 not yet calculated CVE-2019-13000
MISC
MISC
CONFIRM
edk2 — unified_extensible_firmware_interface Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. 2020-01-31 not yet calculated CVE-2014-4859
MISC
edk2 — unified_extensible_firmware_interface Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. 2020-01-31 not yet calculated CVE-2014-4860
MISC
ensdomains — ens
 
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. 2020-01-31 not yet calculated CVE-2020-5232
MISC
CONFIRM
eucalyptus — eucalyptus_management_console Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 not yet calculated CVE-2014-5039
CONFIRM
evernote — evernote Evernote before 5.5.1 has insecure PIN storage 2020-01-31 not yet calculated CVE-2013-5112
MISC
MISC
evernote — evernote Evernote prior to 5.5.1 has insecure password change 2020-01-31 not yet calculated CVE-2013-5116
MISC
MISC
MISC
feedgen — feedgen
 
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources. 2020-01-28 not yet calculated CVE-2020-5227
MISC
MISC
CONFIRM
fish-shell — fish-shell fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. 2020-01-28 not yet calculated CVE-2014-2914
MISC
CONFIRM
fish-shell — fish-shell The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. 2020-01-28 not yet calculated CVE-2014-3856
MISC
CONFIRM
MISC
fish-shell — fish-shell The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. 2020-01-28 not yet calculated CVE-2014-2906
MISC
MISC
CONFIRM
foscam — ip_camera_fi8620 An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. 2020-01-29 not yet calculated CVE-2013-2574
MISC
MISC
MISC
MISC
MISC
fuji_xerox — awms_mobile_app
 
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-01-31 not yet calculated CVE-2020-5526
MISC
MISC
fusionauth — fusionauth
 
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. 2020-01-28 not yet calculated CVE-2020-7799
MISC
MISC
MISC
BUGTRAQ
gemalto — gemalto_tokend Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability 2020-01-30 not yet calculated CVE-2013-1867
MISC
MISC
git — git
 
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as “WSL”) while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. 2020-01-24 not yet calculated CVE-2019-1353
SUSE
MISC
MISC
git-extras — git-extras The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. 2020-01-28 not yet calculated CVE-2012-6114
MISC
MISC
MISC
gitlab — ce/ee An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. 2020-01-28 not yet calculated CVE-2019-5466
MISC
MISC
MISC
gitlab — ce/ee
 
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. 2020-01-28 not yet calculated CVE-2019-5465
MISC
MISC
MISC
gitlab — ee
 
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. 2020-01-28 not yet calculated CVE-2019-5474
MISC
MISC
MISC
gitlab — gitlab The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. 2020-01-28 not yet calculated CVE-2013-4583
MISC
MISC
MISC
gitlab — gitlab The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. 2020-01-28 not yet calculated CVE-2013-4582
MISC
MISC
MISC
gitlab — gitlab
 
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. 2020-01-28 not yet calculated CVE-2019-5468
MISC
MISC
MISC
hashicorp — consul_and_consul_enterprise HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. 2020-01-31 not yet calculated CVE-2020-7219
MISC
MISC
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. 2020-01-31 not yet calculated CVE-2020-7955
MISC
MISC
hashicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. 2020-01-31 not yet calculated CVE-2020-7218
MISC
MISC
hashicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. 2020-01-31 not yet calculated CVE-2020-7956
MISC
MISC
hp — intel-based_business_pcs
 
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02). 2020-01-31 not yet calculated CVE-2019-18913
CONFIRM
htcondor — mrg_grid
 
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. 2020-01-31 not yet calculated CVE-2014-8126
MISC
MISC
MISC
MISC
ibm — watson_iot_message_gateway
 
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. 2020-01-28 not yet calculated CVE-2020-4207
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. 2020-01-31 not yet calculated CVE-2019-4720
XF
CONFIRM
idelji — web_viewpoint_and_web_viewpoint_plus_and_web_viewpoint_enterprise
 
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. 2020-01-27 not yet calculated CVE-2019-19539
CONFIRM

info-zip — unzip

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 not yet calculated CVE-2014-8140
MISC
MISC
MISC
MISC
info-zip — unzip
 
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 not yet calculated CVE-2014-8139
MISC
MISC
MISC
MISC
info-zip — unzip
 
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. 2020-01-31 not yet calculated CVE-2014-8141
MISC
MISC
MISC
MISC
infoware — mapsuite mapapi Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-01-31 not yet calculated CVE-2014-2843
MISC
MISC
MISC
intel — multiple_intel_processors
 
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-01-28 not yet calculated CVE-2020-0549
CONFIRM
intel — multiple_intel_processors
 
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2020-01-28 not yet calculated CVE-2020-0548
CONFIRM
intergraph_corporation — erdas_er_viewer
 
ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities 2020-01-30 not yet calculated CVE-2013-0725
MISC
MISC
israeli_ex_libris — aleph_500 Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. 2020-01-30 not yet calculated CVE-2014-3719
MISC
MISC
israeli_ex_libris — aleph_500 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter. 2020-01-30 not yet calculated CVE-2014-3718
MISC
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. 2020-01-31 not yet calculated CVE-2020-7914
MISC
CONFIRM
joomla! — joomla! An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. 2020-01-28 not yet calculated CVE-2020-8419
MISC
joomla! — joomla!
 
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. 2020-01-28 not yet calculated CVE-2020-8421
MISC
joomla! — joomla!
 
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. 2020-01-28 not yet calculated CVE-2020-8420
MISC
kronos — kronos_web_time_and_attendance A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. 2020-01-30 not yet calculated CVE-2020-8493
MISC
MISC
kronos — kronos_web_time_and_attendance
 
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. 2020-01-30 not yet calculated CVE-2020-8495
MISC
MISC
kronos — kronos_web_time_and_attendance
 
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. 2020-01-30 not yet calculated CVE-2020-8496
MISC
MISC
kronos — kronos_web_time_and_attendance
 
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. 2020-01-30 not yet calculated CVE-2020-8494
MISC
MISC
ktor — ktor
 
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn’t handle Content-Length and Transfer-Encoding properly or doesn’t handle \n as a headers separator. 2020-01-27 not yet calculated CVE-2020-5207
MISC
CONFIRM
liferay — portal_ce
 
In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). 2020-01-28 not yet calculated CVE-2020-7934
MISC
lightning_labs — lightning_network_daemon
 
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. 2020-01-31 not yet calculated CVE-2019-12999
MISC
MISC
CONFIRM
linux — linux_kernel
 
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. 2020-01-31 not yet calculated CVE-2019-3016
CONFIRM
CONFIRM
CONFIRM
logmein — lastpass LastPass prior to 2.5.1 allows secure wipe bypass. 2020-01-31 not yet calculated CVE-2013-5114
MISC
MISC
MISC
logmein — lastpass LastPass prior to 2.5.1 has an insecure PIN implementation. 2020-01-31 not yet calculated CVE-2013-5113
MISC
MISC
MISC
lzx_apps — super_file_explorer
 
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service. 2020-01-28 not yet calculated CVE-2020-7998
MISC
MISC
manageengine — desktopcentral Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. 2020-01-27 not yet calculated CVE-2013-7390
MISC
MISC
mediawiki — mediawiki
 
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. 2020-01-27 not yet calculated CVE-2014-9481
MISC
MISC
CONFIRM
MISC
micasaverde — veralite The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. 2020-01-28 not yet calculated CVE-2013-4863
MISC
MISC
MISC
micasaverde — veralite MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. 2020-01-28 not yet calculated CVE-2013-4862
MISC
MISC
MISC
micasaverde — veralite Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. 2020-01-28 not yet calculated CVE-2013-4861
MISC
MISC
MISC
micasaverde — veralite MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. 2020-01-28 not yet calculated CVE-2013-4864
MISC
MISC
MISC
micasaverde — veralite Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. 2020-01-28 not yet calculated CVE-2013-4865
MISC
MISC
MISC
motu — motu_avb_devices
 
AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. 2020-01-27 not yet calculated CVE-2020-8009
MISC
multiple_vendors — multiple_bios_implementations
 
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. 2020-01-30 not yet calculated CVE-2015-0949
MISC
multiple_vendors — multiple_realtek_sdk_based_routers
 
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. 2020-01-27 not yet calculated CVE-2019-19822
MISC
MISC
FULLDISC
FULLDISC
MISC
MISC
multiple_vendors — multiple_realtek_sdk_based_routers
 
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. 2020-01-27 not yet calculated CVE-2019-19823
MISC
MISC
FULLDISC
FULLDISC
MISC
MISC
neato — botvac_connected
 
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot. 2020-01-27 not yet calculated CVE-2018-19441
MISC
MISC
netapp — oncommand_system_manager NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. 2020-01-31 not yet calculated CVE-2013-3322
XF
MISC
nethack — nethack
 
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5214
CONFIRM
nethack — nethack
 
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5213
CONFIRM
nethack — nethack
 
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5212
CONFIRM
nethack — nethack
 
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5210
MISC
CONFIRM
nethack — nethack
 
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5209
MISC
CONFIRM
nethack — nethack
 
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. 2020-01-28 not yet calculated CVE-2020-5211
CONFIRM
network_time_protocol — network_time_protocol
 
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use ‘\’ or ‘/’ characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. 2020-01-28 not yet calculated CVE-2015-7851
MISC
MISC
MISC
node-uuid — node-uuid
 
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. 2020-01-30 not yet calculated CVE-2015-8851
MISC
MISC
CONFIRM
CONFIRM
oauth2_proxy — oauth2_proxy
 
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. 2020-01-30 not yet calculated CVE-2020-5233
MISC
MISC
CONFIRM
open-xchange — open-xchange_app_suite Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. 2020-01-31 not yet calculated CVE-2014-5236
MISC
MISC
MISC
opencast — opencast
 
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user’s password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint. 2020-01-30 not yet calculated CVE-2020-5229
MISC
CONFIRM
opencast — opencast
 
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 2020-01-30 not yet calculated CVE-2020-5222
MISC
CONFIRM
opencast — opencast
 
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast’s Id.toString(?) vs Id.compact(?) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. 2020-01-30 not yet calculated CVE-2020-5230
MISC
CONFIRM
opencast — opencast
 
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name ? implying an admin for a specific course ? users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration. 2020-01-30 not yet calculated CVE-2020-5231
MISC
CONFIRM
opencast — opencast
 
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows. 2020-01-30 not yet calculated CVE-2020-5228
MISC
CONFIRM
opencast — opencast
 
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 2020-01-30 not yet calculated CVE-2020-5206
MISC
CONFIRM
openjpeg_2.3.1 — openjpeg_2.3.1N/A
 
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. 2020-01-28 not yet calculated CVE-2020-8112
MISC
MLIST
opensc — opensc.tokend
 
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability 2020-01-30 not yet calculated CVE-2013-1866
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). 2020-01-30 not yet calculated CVE-2020-8443
MISC
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). 2020-01-30 not yet calculated CVE-2020-8444
MISC
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn’t remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data. 2020-01-30 not yet calculated CVE-2020-8445
MISC
MISC
MISC
ossec — ossec-hids
 
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). 2020-01-30 not yet calculated CVE-2020-8447
MISC
MISC
MISC
pandora_fms — pandora_fms
 
Pandora FMS ? 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a “tricky” name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type. 2020-01-30 not yet calculated CVE-2019-20050
MISC
perl — perl Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. 2020-01-31 not yet calculated CVE-2011-4115
MISC
MISC
CONFIRM
perl — perl Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. 2020-01-28 not yet calculated CVE-2013-1437
MISC
MISC
MISC
perl — perl The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. 2020-01-31 not yet calculated CVE-2011-4117
MISC
MISC
MISC
perl — perl The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. 2020-01-28 not yet calculated CVE-2014-3230
MISC
MISC
MISC
MISC
MISC
perl — perl _is_safe in the File::Temp module for Perl does not properly handle symlinks. 2020-01-31 not yet calculated CVE-2011-4116
MISC
MISC
MISC
MISC
MISC
pivotal — pivotal_tc_server_and_pivotal_tc_runtime
 
In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance. 2020-01-27 not yet calculated CVE-2019-11288
CONFIRM
polycom — hdx_video_end_points_and_uc_ap Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. 2020-01-28 not yet calculated CVE-2012-6610
MISC
MISC
polycom — web_management_interface_g3/hdx_8000_hd Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. 2020-01-28 not yet calculated CVE-2012-6609
MISC
MISC
prosody — prosody
 
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. 2020-01-28 not yet calculated CVE-2020-8086
MISC
MISC
CONFIRM
BUGTRAQ
DEBIAN
python — python The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. 2020-01-28 not yet calculated CVE-2013-1895
MISC
MISC
MISC
MISC
MISC
python — python
 
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. 2020-01-30 not yet calculated CVE-2020-8492
MISC
MISC
MISC
qemu — qemu
 
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. 2020-01-31 not yet calculated CVE-2015-6815
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
rockwell_automation — arena_simulation_software
 
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. 2020-01-27 not yet calculated CVE-2019-13521
MISC
MISC
rockwell_automation — arena_simulation_software
 
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. 2020-01-27 not yet calculated CVE-2019-13519
MISC
MISC
senior — rubiweb
 
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL. 2020-01-31 not yet calculated CVE-2019-19550
CONFIRM
silicon_graphics_international — sgi_tempo
 
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. 2020-01-27 not yet calculated CVE-2014-7303
MISC
MISC
silicon_graphics_international — sgi_tempo
 
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. 2020-01-27 not yet calculated CVE-2014-7302
MISC
MISC
silicon_graphics_international — sgi_tempo
 
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. 2020-01-27 not yet calculated CVE-2014-7301
MISC
MISC
simplejobscript — simplejobscript
 
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. 2020-01-31 not yet calculated CVE-2020-8440
CONFIRM
smc_networks — d3g0804w_d3gnv5m-3.5.1.6.10_ga_devices
 
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. 2020-01-27 not yet calculated CVE-2020-8087
MISC
solarwinds — n-central
 
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. 2020-01-26 not yet calculated CVE-2020-7984
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sonalak — verax_nms Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities 2020-01-30 not yet calculated CVE-2013-1350
MISC
MISC
sonalak — verax_nms Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. 2020-01-30 not yet calculated CVE-2013-1352
MISC
MISC
MISC
sonalak — verax_nms Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. 2020-01-30 not yet calculated CVE-2013-1351
MISC
MISC
MISC
sonalak — verax_nms
 
Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action 2020-01-30 not yet calculated CVE-2013-1631
MISC
MISC
sudo — sudo
 
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. 2020-01-29 not yet calculated CVE-2019-18634
FULLDISC
MLIST
MLIST
MLIST
BUGTRAQ
BUGTRAQ
BUGTRAQ
CONFIRM
DEBIAN
CONFIRM
MISC
suse — linux_enterprise_server_15_obs-service-tar_scm_and_opensuse_factory_obs-service-tar_scm Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. 2020-01-27 not yet calculated CVE-2018-12476
CONFIRM
suse — opensuse_leap_yast2-rmt
 
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. 2020-01-27 not yet calculated CVE-2018-20105
CONFIRM
suse — suse_studio_onsite_susestudio-common
 
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. 2020-01-27 not yet calculated CVE-2017-14806
CONFIRM
suse — suse_studio_onsite_susestudio-ui-server
 
An Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. 2020-01-27 not yet calculated CVE-2017-14807
CONFIRM
sylius — resourcebundle
 
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group – for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle’s controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3. 2020-01-27 not yet calculated CVE-2020-5220
MISC
CONFIRM
sylius — sylius
 
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer – 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore. 2020-01-27 not yet calculated CVE-2020-5218
MISC
CONFIRM
tensorflow — tensorflow
 
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(“hello”, tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0. 2020-01-28 not yet calculated CVE-2020-5215
MISC
MISC
MISC
CONFIRM
tibco_software — tibco_patterns_-_search
 
The user interface component of TIBCO Software Inc.’s TIBCO Patterns – Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Patterns – Search: versions 5.4.0 and below. 2020-01-28 not yet calculated CVE-2019-17338
CONFIRM
CONFIRM
totolink — realtek_sdk_based_routers
 
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {“topicurl”:”setting/getSanvas”} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. 2020-01-27 not yet calculated CVE-2019-19825
MISC
FULLDISC
FULLDISC
MISC
totolink — realtek_sdk_based_routers
 
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device’s internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. 2020-01-27 not yet calculated CVE-2019-19824
MISC
FULLDISC
FULLDISC
MISC
trend_micro — anti-threat_toolkit
 
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. 2020-01-30 not yet calculated CVE-2019-20358
FULLDISC
N/A
N/A
united_planet — intrexx_professional Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. 2020-01-31 not yet calculated CVE-2014-2025
MISC
MISC
CONFIRM
usebb — usebb
 
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. 2020-01-27 not yet calculated CVE-2020-8088
MISC
videolan — vlc_media_player Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. 2020-01-31 not yet calculated CVE-2013-3565
MISC
MISC
MISC
MISC
vtiger — vtiger_crm vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in ‘customerportal.php’ which allows remote attackers to view files and execute local script code. 2020-01-28 not yet calculated CVE-2013-3212
EXPLOIT-DB
BID
XF
web2project — web2project Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. 2020-01-31 not yet calculated CVE-2014-3119
MISC
MISC
MISC
webargs — webargs
 
flaskparser.py in Webargs 5.x through 5.5.2 doesn’t check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF. 2020-01-29 not yet calculated CVE-2020-7965
CONFIRM
wolfssl — cyassl The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. 2020-01-28 not yet calculated CVE-2014-2896
MISC
MISC
CONFIRM
CONFIRM
wolfssl — cyassl wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. 2020-01-28 not yet calculated CVE-2014-2898
MISC
MISC
CONFIRM
CONFIRM
wolfssl — cyassl The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. 2020-01-28 not yet calculated CVE-2014-2897
MISC
MISC
CONFIRM
CONFIRM
wordpress — wordpress Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings – Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings – Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings – Template form (hms-testimonials-templates-new page). 2020-01-30 not yet calculated CVE-2013-4241
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. 2020-01-28 not yet calculated CVE-2020-8417
MISC
MISC
wordpress — wordpress
 
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability 2020-01-30 not yet calculated CVE-2013-0291
MISC
MISC
wordpress — wordpress
 
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). 2020-01-30 not yet calculated CVE-2020-8498
MISC
MISC
MISC
wowza — wowza_streaming_engine
 
A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. 2020-01-29 not yet calculated CVE-2019-7656
MISC
MISC
wowza — wowza_streaming_engine
 
Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. 2020-01-29 not yet calculated CVE-2019-7654
MISC
MISC
xpient — xpient_point_of_sale_systems Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. 2020-01-28 not yet calculated CVE-2013-2571
MISC
MISC
MISC
MISC
zoho_manageengine — remote_access_plus
 
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). 2020-01-31 not yet calculated CVE-2020-8422
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

IC3 Issues Alert on Employment Scams

Original release date: January 22, 2020

The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber criminals will conduct fake interviews and even offer positions to victims before requesting PII such as Social Security numbers and bank account information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and CISA’s Tips on Avoiding Social Engineering and Phishing Attacks and Website Security for more information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of January 13, 2020

Original release date: January 20, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
deja_vu — crescendo_sales_crm
 
D?j? Vu Crescendo Sales CRM has remote SQL Injection 2020-01-10 7.5 CVE-2014-4984
MISC
MISC
MISC
ether — etherpad-lite The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability 2020-01-10 7.5 CVE-2013-7380
MISC
MISC
hashbrown_cms — hashbrown_cms
 
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. 2020-01-13 7.5 CVE-2020-6948
MISC
jcow — jcow_cms
 
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. 2020-01-14 7.5 CVE-2011-3203
MISC
livezilla — livezilla
 
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability 2020-01-13 7.5 CVE-2013-6225
MISC
MISC
MISC
microsoft — .net_core__and_.net_framework
 
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET Framework Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0605. 2020-01-14 9.3 CVE-2020-0606
N/A
microsoft — .net_framework
 
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’. 2020-01-14 10 CVE-2020-0646
N/A
microsoft — asp.net_core
 
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘ASP.NET Core Remote Code Execution Vulnerability’. 2020-01-14 9.3 CVE-2020-0603
REDHAT
REDHAT
N/A
microsoft — internet_explorer_9_and_10_and_11
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. 2020-01-14 7.6 CVE-2020-0640
N/A
microsoft — multiple_products
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653. 2020-01-14 9.3 CVE-2020-0650
N/A
microsoft — multiple_products
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653. 2020-01-14 9.3 CVE-2020-0651
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. 2020-01-14 7.2 CVE-2020-0641
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0635. 2020-01-14 7.2 CVE-2020-0644
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0644. 2020-01-14 7.2 CVE-2020-0635
N/A
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. 2020-01-14 7.2 CVE-2020-0634
N/A
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0624. 2020-01-14 7.2 CVE-2020-0642
N/A
microsoft — multiple_windows_server_products
 
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0609. 2020-01-14 10 CVE-2020-0610
N/A
microsoft — multiple_windows_server_products
 
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0610. 2020-01-14 10 CVE-2020-0609
N/A
mruby — mruby
 
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. 2020-01-11 7.5 CVE-2020-6838
MISC
mruby — mruby
 
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. 2020-01-11 7.5 CVE-2020-6839
MISC
mruby — mruby
 
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. 2020-01-11 7.5 CVE-2020-6840
MISC
online_tv_database — online_tv_database An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. 2020-01-10 7.5 CVE-2011-5020
MISC
oracle — outside_in_technology
 
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). 2020-01-15 7.5 CVE-2020-2543
MISC
oracle — solaris Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 2020-01-15 7.2 CVE-2020-2696
MISC
MISC
FULLDISC
BUGTRAQ
MISC
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 2020-01-15 7.5 CVE-2020-2551
MISC
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container – JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 2020-01-15 7.5 CVE-2020-2546
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — experience_manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-15 4.3 CVE-2019-16467
CONFIRM
adobe — experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-15 5 CVE-2019-16469
CONFIRM
adobe — experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-01-15 5 CVE-2019-16468
CONFIRM
apache — cxf
 
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. 2020-01-16 4.3 CVE-2019-17573
CONFIRM
MLIST
arial_software — campaign_enterprise
 
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. 2020-01-10 5 CVE-2012-3823
MISC
XF
arial_software — campaign_enterprise
 
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users’ credentials. 2020-01-10 5 CVE-2012-3822
MISC
XF
arial_software — campaign_enterprise
 
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. 2020-01-10 5 CVE-2012-3824
MISC
XF
atlassian — bitbucket_server Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim’s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim’s Bitbucket Server or Bitbucket Data Center instance. 2020-01-15 6.5 CVE-2019-15010
MISC
atlassian — bitbucket_server
 
Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance. 2020-01-15 6.5 CVE-2019-15012
MISC
atlassian — bitbucket_server_and_bitbucket_data_center
 
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim’s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content. 2020-01-15 6.5 CVE-2019-20097
MISC
axper — vision_ii_devices Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. 2020-01-13 4.3 CVE-2020-6848
MISC
cacti — cacti
 
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). 2020-01-16 4.3 CVE-2020-7106
MISC
MLIST
cerberus — cerberus_ftp_server_enterprise_edition Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission. 2020-01-14 5.5 CVE-2020-5196
MISC
MISC
MISC
chamilo — chamilo
 
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. 2020-01-10 6.4 CVE-2012-4030
XF
clickdesk — clickdesk ClickDesk version 4.3 and below has persistent cross site scripting 2020-01-14 4.3 CVE-2014-9211
MISC
MISC
comcrete_cms — concrete5 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. 2020-01-14 4.3 CVE-2011-3183
MISC
dompdf — dompdf
 
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. 2020-01-10 6.8 CVE-2014-5013
MISC
MISC
dompdf — dompdf
 
DOMPDF before 0.6.2 allows Information Disclosure. 2020-01-10 4.3 CVE-2014-5011
MISC
MISC
dompdf — dompdf
 
DOMPDF before 0.6.2 allows denial of service. 2020-01-10 4.3 CVE-2014-5012
MISC
MISC
elog — electronic_logbook
 
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. 2020-01-10 4.3 CVE-2019-20376
MISC
elog — electronic_logbook
 
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c. 2020-01-10 4.3 CVE-2019-20375
MISC
ganglia — ganglia-web
 
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. 2020-01-11 4.3 CVE-2019-20379
MISC
ganglia — ganglia-web
 
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. 2020-01-11 4.3 CVE-2019-20378
MISC
gitlab — gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. 2020-01-13 4.3 CVE-2019-20148
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. 2020-01-13 5 CVE-2019-20147
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. 2020-01-13 4 CVE-2019-20145
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. 2020-01-13 5 CVE-2019-20146
MISC
CONFIRM
google — chrome
 
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-01-10 6.8 CVE-2020-6377
SUSE
SUSE
SUSE
REDHAT
MISC
MISC
FEDORA
FEDORA
granding_technology — grand_ma_300
 
Grand MA 300 allows a brute-force attack on the PIN. 2020-01-13 5 CVE-2014-5381
MISC
MISC
MISC
MISC
hashbrown_cms — hashbrown_cms
 
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user’s account, or otherwise reconfigure that account. 2020-01-13 6.5 CVE-2020-6949
MISC

ibm — qradar_security_information_and_event_manager

IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. 2020-01-10 5 CVE-2019-4559
XF
CONFIRM
jcow — jcow
 
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. 2020-01-14 4.3 CVE-2011-3202
MISC
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. 2020-01-15 6.8 CVE-2020-2090
CONFIRM
kubernetes — kubernetes Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. 2020-01-14 5 CVE-2018-1002104
CONFIRM
markdown2 — markdown2 python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. 2020-01-15 4.3 CVE-2009-3724
MISC
MISC
microsoft — asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. 2020-01-14 5 CVE-2020-0602
REDHAT
REDHAT
N/A
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0630
N/A
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0613
N/A
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0628
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0626
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0627
N/A
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka ‘Remote Desktop Client Remote Code Execution Vulnerability’. 2020-01-14 5.1 CVE-2020-0611
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka ‘Microsoft Cryptographic Services Elevation of Privilege Vulnerability’. 2020-01-14 4.6 CVE-2020-0620
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0623
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0629
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0614
N/A
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Information Disclosure Vulnerability’. 2020-01-14 4.3 CVE-2020-0607
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632. 2020-01-14 4.6 CVE-2020-0633
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0625
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0631
N/A
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka ‘Remote Desktop Web Access Information Disclosure Vulnerability’. 2020-01-14 4 CVE-2020-0637
N/A
microsoft — multiple_windows_products
 
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka ‘Windows CryptoAPI Spoofing Vulnerability’. 2020-01-14 5.8 CVE-2020-0601
MISC
MISC
N/A
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633. 2020-01-14 4.6 CVE-2020-0632
N/A
microsoft — office_and_office_365_proplus A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Memory Corruption Vulnerability’. 2020-01-14 6.8 CVE-2020-0652
N/A
MISC
microsoft — windows_10_and_windows_server
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0642. 2020-01-14 4.6 CVE-2020-0624
N/A

microsoft — windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Update Notification Manager Elevation of Privilege Vulnerability’. 2020-01-14 4.6 CVE-2020-0638
N/A
microsoft — windows_10_and_windows_server_and_windows_server_2019
 
A denial of service vulnerability exists when Windows improperly handles hard links, aka ‘Microsoft Windows Denial of Service Vulnerability’. 2020-01-14 4.9 CVE-2020-0616
N/A
MISC
mitel — sip-dect_wireless_devices
 
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information. 2020-01-13 4.3 CVE-2019-19891
MISC
CONFIRM
mozilla — firefox Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets 2020-01-13 4.3 CVE-2011-2670
MISC
nitro_software — free_pdf_reader
 
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content. 2020-01-10 4.3 CVE-2019-19819
MISC
MISC
nitro_software — free_pdf_reader
 
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. 2020-01-10 4.3 CVE-2019-19817
MISC
MISC
openjpeg — openjpeg
 
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so. 2020-01-13 5 CVE-2020-6851
MISC
oracle — applications_framework
 
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). 2020-01-15 4.3 CVE-2020-2566
MISC
oracle — applications_framwork Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 2020-01-15 5 CVE-2020-2666
MISC
oracle — banking_corporate_lending

 

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). 2020-01-15 5.8 CVE-2020-2717
MISC
oracle — banking_corporate_lending
 
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). 2020-01-15 5.5 CVE-2020-2715
MISC
oracle — banking_corporate_lending
 
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2020-01-15 4 CVE-2020-2719
MISC
oracle — banking_corporate_lending
 
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). 2020-01-15 5.5 CVE-2020-2718
MISC
oracle — banking_corporate_lending
 
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 2020-01-15 4 CVE-2020-2716
MISC
oracle — banking_payments
 
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 2020-01-15 4 CVE-2020-2711
MISC
oracle — banking_payments
 
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2020-01-15 4 CVE-2020-2714
MISC
oracle — banking_payments
 
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). 2020-01-15 5.5 CVE-2020-2710
MISC
oracle — banking_payments
 
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). 2020-01-15 5.8 CVE-2020-2712
MISC
oracle — banking_payments
 
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). 2020-01-15 5.5 CVE-2020-2713
MISC
oracle — business_intelligence_enterprise_edition Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). 2020-01-15 6.8 CVE-2020-2537
MISC
oracle — business_intelligence_enterprise_edition Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). 2020-01-15 4.3 CVE-2020-2535
MISC
oracle — crm_technical_foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2651
MISC
oracle — crm_technical_foundation
 
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2653
MISC
oracle — crm_technical_foundation
 
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2652
MISC
oracle — crm_technical_foundation
 
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). 2020-01-15 4.3 CVE-2020-2596
MISC
oracle — crm_technical_foundation
 
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). 2020-01-15 4.3 CVE-2020-2657
MISC
oracle — email_center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2671
MISC
oracle — email_center
 
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2672
MISC
oracle — email_center
 
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2670
MISC
oracle — email_center
 
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). 2020-01-15 5.8 CVE-2020-2669
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2616
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2615
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2642
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2610
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2622
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2612
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2613
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2644
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2617
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2643
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2618
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2619
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2620
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2645
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2611
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). 2020-01-15 6.5 CVE-2020-2609
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2633
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). 2020-01-15 6.5 CVE-2020-2636
MISC
oracle — enterprise_manager_base_platform
 
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a