Vulnerability Summary for the Week of January 20, 2020
Released
Jan 27, 2020
Document ID
SB20-027
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| comtech -- stampede_fx-1010_devices | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | 2020-01-20 | 9 | CVE-2020-7242 MISC |
| comtech -- stampede_fx-1010_devices | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | 2020-01-20 | 9 | CVE-2020-7243 MISC |
| comtech -- stampede_fx-1010_devices | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | 2020-01-20 | 9 | CVE-2020-7244 MISC |
| eclipse_foundation -- eclipse_memory_analyzer | Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. | 2020-01-17 | 8.5 | CVE-2019-17634 CONFIRM |
| geutebruck -- g-code_and_g-cam_ip_cameras | Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | 2020-01-17 | 9 | CVE-2019-10956 MISC |
| geutebruck -- g-code_and_g-cam_ip_cameras | Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | 2020-01-17 | 9 | CVE-2019-10958 MISC |
| impresspages -- impresspages_cms | ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) | 2020-01-22 | 7.5 | CVE-2011-4943 MISC |
| jara -- jara | Jara 1.6 has a SQL injection vulnerability. | 2020-01-21 | 7.5 | CVE-2011-4094 MISC EXPLOIT-DB MISC |
| meinberg -- lantime_m300_and_m1000_devices | Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). | 2020-01-20 | 9 | CVE-2020-7240 MISC MISC |
| pivotal -- pivotal_spring_framework | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 2020-01-17 | 7.6 | CVE-2020-5398 CONFIRM |
| plone -- plone | A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 2020-01-23 | 7.5 | CVE-2020-7941 MLIST MISC MISC MISC |
| poly -- plantronics_hub | A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges. | 2020-01-17 | 7.2 | CVE-2019-15742 MISC |
| qualcomm -- multiple_snapdragon_products | Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-10532 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-14017 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-10582 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-10611 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.8 | CVE-2019-14003 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24 | 2020-01-21 | 7.2 | CVE-2019-10606 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-14016 CONFIRM |
| qualcomm -- multiple_snapdragon_products | NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 10 | CVE-2019-10581 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130 | 2020-01-21 | 7.8 | CVE-2019-14008 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.8 | CVE-2019-10578 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 9.4 | CVE-2019-10579 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 | 2020-01-21 | 10 | CVE-2019-14014 CONFIRM |
| qualcomm -- multiple_snapdragon_products | While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-14013 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 10 | CVE-2019-14006 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 10 | CVE-2019-14005 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 10 | CVE-2019-14004 CONFIRM |
| qualcomm -- multiple_snapdragon_products | While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130 | 2020-01-21 | 7.2 | CVE-2019-10548 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-2267 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-10583 CONFIRM |
| qualcomm -- multiple_snapdragon_products | The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 7.8 | CVE-2019-14010 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-14024 CONFIRM |
| qualcomm -- multiple_snapdragon_products | String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-14023 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-14034 CONFIRM |
| qualcomm -- multiple_snapdragon_products | While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-10558 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 | 2020-01-21 | 7.2 | CVE-2019-10585 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150 | 2020-01-21 | 7.2 | CVE-2019-10602 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605 | 2020-01-21 | 7.2 | CVE-2019-14036 CONFIRM |
| ruckus -- unleashed_devices
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | 2020-01-22 | 7.5 | CVE-2019-19843 MISC MISC MISC |
| ruckus -- unleashed_devices
| AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. | 2020-01-22 | 7.5 | CVE-2019-19836 MISC MISC MISC |
| ruckus -- unleashed_devices | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | 2020-01-23 | 10 | CVE-2019-19839 MISC MISC MISC |
| ruckus -- unleashed_devices | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | 2020-01-23 | 10 | CVE-2019-19838 MISC MISC MISC |
| ruckus -- unleashed_devices | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests. | 2020-01-23 | 7.8 | CVE-2019-19837 MISC MISC MISC |
| webkitgtk -- webkitgtk+ | WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | 2020-01-22 | 7.5 | CVE-2016-4761 MISC MISC |
| wordpress -- wordpress | The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. | 2020-01-22 | 7.5 | CVE-2020-7109 MISC |
| wordpress -- wordpress | Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | 2020-01-22 | 7.5 | CVE-2012-4919 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apostrophecms -- sanitize-html | sanitize-html before 1.4.3 has XSS. | 2020-01-23 | 4.3 | CVE-2016-1000237 MISC MISC |
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. | 2020-01-23 | 6.8 | CVE-2019-16513 MISC MISC MISC MISC MISC |
| eclipse_foundation -- eclipse_memory_analyzer | Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. | 2020-01-17 | 6.8 | CVE-2019-17635 CONFIRM |
| forcepoint -- web_security | It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) | 2020-01-22 | 4.3 | CVE-2019-6146 MISC |
| huawei -- honor_v30_smartphones | Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. | 2020-01-21 | 4.3 | CVE-2020-1788 MISC |
| intel -- raid_web_console_3 | Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-01-17 | 4.6 | CVE-2019-14601 CONFIRM |
| jara -- jara | Jara 1.6 has an XSS vulnerability | 2020-01-21 | 4.3 | CVE-2011-4095 MISC MISC |
| libyang -- libyang | A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | 2020-01-22 | 6.8 | CVE-2019-20394 MISC MISC MISC MISC |
| libyang -- libyang | A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | 2020-01-22 | 6.8 | CVE-2019-20397 MISC MISC MISC MISC |
| libyang -- libyang | An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. | 2020-01-22 | 4.3 | CVE-2019-20392 MISC MISC MISC MISC |
| libyang -- libyang | An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. | 2020-01-22 | 4.3 | CVE-2019-20391 MISC MISC MISC MISC |
| libyang -- libyang | A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | 2020-01-22 | 6.8 | CVE-2019-20393 MISC MISC MISC MISC |
| libyang -- libyang | A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | 2020-01-22 | 4.3 | CVE-2019-20395 MISC MISC MISC MISC |
| libyang -- libyang | A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. | 2020-01-22 | 4.3 | CVE-2019-20396 MISC MISC MISC |
| libyang -- libyang | A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. | 2020-01-22 | 4.3 | CVE-2019-20398 MISC MISC MISC MISC |
| lifesize -- express_devices | Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. | 2020-01-22 | 4.3 | CVE-2018-17981 MISC |
| mozilla -- firefox | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | 2020-01-21 | 6.8 | CVE-2011-2668 MISC |
| mozilla -- firefox | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | 2020-01-21 | 4.3 | CVE-2011-2669 MISC |
| parity_technologies -- libsecp256k1 | A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack. | 2020-01-23 | 4.3 | CVE-2019-20399 MISC |
| phorum -- phorum | A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | 2020-01-22 | 4.3 | CVE-2011-3622 MISC MISC |
| plone -- plone | Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | 2020-01-23 | 5 | CVE-2020-7940 MLIST MISC MISC MISC |
| plone -- plone | plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | 2020-01-23 | 6.5 | CVE-2020-7938 MLIST MISC MISC MISC |
| plone -- plone | SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) | 2020-01-23 | 6.5 | CVE-2020-7939 MLIST MISC MISC MISC |
| plone -- plone | An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | 2020-01-23 | 5.8 | CVE-2020-7936 MLIST MISC MISC MISC |
| qemu -- qemu | tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | 2020-01-21 | 5 | CVE-2020-7211 CONFIRM MISC DEBIAN |
| qualcomm -- multiple_snapdragon_products | Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 | 2020-01-21 | 5 | CVE-2019-10561 CONFIRM |
| ruckus -- unleashed_devices | Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | 2020-01-22 | 6.5 | CVE-2019-19834 MISC MISC MISC |
| schneider_electric -- msx_configurator | A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL. | 2020-01-22 | 4.4 | CVE-2019-6858 MISC |
| serendipity -- serendipity | A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. | 2020-01-22 | 4.3 | CVE-2011-3610 MISC MISC MISC |
| solarwinds -- orion_platform | A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | 2020-01-17 | 4.3 | CVE-2019-17127 CONFIRM MISC |
| solarwinds -- orion_platform | A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | 2020-01-17 | 4.3 | CVE-2019-17125 CONFIRM MISC |
| testlink -- testlink | TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491. | 2020-01-20 | 4.3 | CVE-2019-20381 MISC MISC MISC |
| uhp_networks -- uhp-100_satellite_router | UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). | 2020-01-19 | 4.3 | CVE-2020-7235 MISC |
| uhp_networks -- uhp-100_satellite_router | UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). | 2020-01-19 | 4.3 | CVE-2020-7236 MISC |
| usebb -- usebb | Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | 2020-01-22 | 6.8 | CVE-2011-3612 MISC MISC MISC |
| wordpress -- wordpress | The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | 2020-01-17 | 4.3 | CVE-2020-7104 MISC |
| wordpress -- wordpress | The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | 2020-01-23 | 4.3 | CVE-2014-7238 MISC |
| wordpress -- wordpress | The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. | 2020-01-21 | 4.3 | CVE-2020-7239 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. | 2020-01-23 | 3.5 | CVE-2019-16512 MISC MISC MISC MISC MISC |
| eaton -- sp_850_devices | An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. | 2020-01-22 | 3.5 | CVE-2020-7915 MISC |
| geutebruck -- g-code_and_g-cam_ip_cameras | Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user?s browser. | 2020-01-17 | 3.5 | CVE-2019-10957 MISC |
| intel -- chipset_device_software_inf_utility | Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | 2020-01-17 | 2.1 | CVE-2019-14596 CONFIRM |
| intel -- data_analytics_acceleration_library | Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. | 2020-01-17 | 2.1 | CVE-2019-14629 CONFIRM |
| joomla! -- joomla! | Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | 2020-01-22 | 3.5 | CVE-2011-3595 MISC MISC MISC |
| pivotal -- pivotal_spring_framework | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. | 2020-01-17 | 2.6 | CVE-2020-5397 CONFIRM |
| plone -- plone | An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | 2020-01-23 | 3.5 | CVE-2020-7937 MLIST MISC MISC MISC |
| ruckus -- zoneflex_devices | Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). | 2020-01-19 | 3.5 | CVE-2020-7234 MISC |
| sonoff -- sonoff_th_10_and_16_devices | Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password). | 2020-01-21 | 3.5 | CVE-2020-7470 MISC |
| wordpress -- wordpress | The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | 2020-01-22 | 3.5 | CVE-2020-7228 MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_control_and_gatweay_and_hmi | CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | 2020-01-24 | not yet calculated | CVE-2020-7052 CONFIRM MISC |
| accusoft -- prizm_content_connect | Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | 2020-01-21 | not yet calculated | CVE-2012-5190 MISC MISC |
| aef -- advanced_electron_forum | A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | 2020-01-22 | not yet calculated | CVE-2011-3582 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | not yet calculated | CVE-2019-5124 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | not yet calculated | CVE-2019-5146 MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | not yet calculated | CVE-2019-5147 MISC |
| amd -- atidxx64.dll_driver | An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2020-01-25 | not yet calculated | CVE-2019-5183 MISC |
| apache -- xml-rpc | An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | 2020-01-23 | not yet calculated | CVE-2019-17570 MLIST CONFIRM CONFIRM |
apereo -- jasig_java_cas_client_and_.net_cas_client_and_phpcas | A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | 2020-01-24 | not yet calculated | CVE-2014-4172 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apt-cacher-ng -- apt-cacher-ng | apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can. | 2020-01-21 | not yet calculated | CVE-2020-5202 MISC MLIST MISC |
| arm -- mbed_crypto_and_mbed_tls | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. | 2020-01-23 | not yet calculated | CVE-2019-18222 MISC CONFIRM |
| artifex_software_and_sumatra_pdf -- mupdf_and_sumatra_pdf | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | 2020-01-23 | not yet calculated | CVE-2012-5340 EXPLOIT-DB |
| atinux -- schema-inpsector | In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector. | 2020-01-22 | not yet calculated | CVE-2019-10781 CONFIRM MISC |
| babygekko -- babygekko | BabyGekko before 1.2.4 has SQL injection. | 2020-01-23 | not yet calculated | CVE-2012-5698 MISC MISC |
| babygekko -- babygekko | BabyGekko before 1.2.4 allows PHP file inclusion. | 2020-01-23 | not yet calculated | CVE-2012-5699 MISC MISC |
| bibtex_gem_for_ruby_on_rails -- bibtex_gem_for_ruby_on_rails | BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | 2020-01-22 | not yet calculated | CVE-2019-10780 MISC |
| big_switch_networks -- multiple_products | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation. | 2020-01-24 | not yet calculated | CVE-2019-19631 MISC MISC |
| big_switch_networks -- multiple_products | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. | 2020-01-24 | not yet calculated | CVE-2019-19632 MISC MISC |
| cacti -- cacti | Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. | 2020-01-21 | not yet calculated | CVE-2019-17357 MISC CONFIRM MISC |
| cacti -- cacti | Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | 2020-01-20 | not yet calculated | CVE-2020-7237 MISC |
| carbonftp -- carbonftp | CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. | 2020-01-21 | not yet calculated | CVE-2020-6857 MISC MISC FULLDISC FULLDISC MISC |
| citrix -- xenserver | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | 2020-01-23 | not yet calculated | CVE-2012-4606 BID |
| codecov -- codecov | Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | 2020-01-25 | not yet calculated | CVE-2020-7596 MISC |
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. | 2020-01-23 | not yet calculated | CVE-2019-16514 MISC MISC MISC MISC MISC |
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. | 2020-01-23 | not yet calculated | CVE-2019-16515 MISC MISC MISC MISC MISC |
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username. | 2020-01-23 | not yet calculated | CVE-2019-16516 MISC MISC MISC MISC MISC |
| connectwise -- connectwise_control | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. | 2020-01-23 | not yet calculated | CVE-2019-16517 MISC MISC MISC MISC MISC |
| corel -- wordperfect_office_x6 | Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference | 2020-01-23 | not yet calculated | CVE-2012-4900 MISC MISC MISC |
| cryptacular -- cryptacular | CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. | 2020-01-24 | not yet calculated | CVE-2020-7226 MISC MISC |
| ctfd -- ctfd | Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a username similar to the admin, but with spaces inserted before and after the username. This will register the account with the same username as the admin. After a reset of the password for this new account, CTFd will reset the admin account's password due to the username collision. | 2020-01-23 | not yet calculated | CVE-2020-7245 MISC MISC |
| d-link -- dsr-250n_devices | D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | 2020-01-25 | not yet calculated | CVE-2012-6613 EXPLOIT-DB |
| dimo_software -- yellowbox_crm | In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | 2020-01-21 | not yet calculated | CVE-2019-14767 MISC MISC MISC |
| dimo_software -- yellowbox_crm | An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | 2020-01-21 | not yet calculated | CVE-2019-14768 MISC MISC |
| dimo_software -- yellowbox_crm | Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | 2020-01-21 | not yet calculated | CVE-2019-14765 MISC MISC |
| dimo_software -- yellowbox_crm | Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | 2020-01-21 | not yet calculated | CVE-2019-14766 MISC MISC |
| easytime_studio -- easy_file_manager | Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | 2020-01-24 | not yet calculated | CVE-2013-3960 MISC MISC |
| evoko -- evoko_home | Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL. | 2020-01-19 | not yet calculated | CVE-2020-7232 MISC |
| evoko -- evoko_home | Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. | 2020-01-19 | not yet calculated | CVE-2020-7231 MISC |
| extjs -- extjs | Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. | 2020-01-23 | not yet calculated | CVE-2007-6758 MISC MISC |
| facebook -- whatsapp_desktop | A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. | 2020-01-21 | not yet calculated | CVE-2019-18426 CONFIRM |
| fasttrack_software -- admin_by_request | FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions. | 2020-01-23 | not yet calculated | CVE-2019-17201 CONFIRM |
| fasttrack_software -- admin_by_request | FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege. | 2020-01-23 | not yet calculated | CVE-2019-17202 CONFIRM |
| fluxbb -- fluxbb | A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. | 2020-01-22 | not yet calculated | CVE-2011-3621 MISC MISC |
| fordnn -- fordnn.usersexportimport_module | The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | 2020-01-21 | not yet calculated | CVE-2019-19392 MISC MISC |
| fortinet -- fortimail | An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | 2020-01-23 | not yet calculated | CVE-2019-15707 MISC |
| fortinet -- fortimail | An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | 2020-01-23 | not yet calculated | CVE-2019-15712 MISC |
| fortinet -- fortios | Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | 2020-01-23 | not yet calculated | CVE-2019-5593 MISC |
| fortinet -- fortisiem | A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | 2020-01-23 | not yet calculated | CVE-2019-16153 CONFIRM |
| freeciv -- freeciv | Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. | 2020-01-23 | not yet calculated | CVE-2012-6083 MISC MISC |
| gallagher -- command_centre_server | An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. | 2020-01-20 | not yet calculated | CVE-2020-7215 MISC |
| general_electric -- d20me_devices | General Electric D20ME devices are not properly configured and reveal plaintext passwords. | 2020-01-23 | not yet calculated | CVE-2012-6663 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files. | 2020-01-24 | not yet calculated | CVE-2020-6961 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network. | 2020-01-24 | not yet calculated | CVE-2020-6966 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package. | 2020-01-24 | not yet calculated | CVE-2020-6965 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution. | 2020-01-24 | not yet calculated | CVE-2020-6962 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. | 2020-01-24 | not yet calculated | CVE-2020-6964 MISC |
| general_electric -- multiple_products | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | 2020-01-24 | not yet calculated | CVE-2020-6963 MISC |
| gentoo -- portage | Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. | 2020-01-21 | not yet calculated | CVE-2019-20384 MLIST MISC |
| geocoder -- geocoder | sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | 2020-01-25 | not yet calculated | CVE-2020-7981 MISC MISC |
| gnu -- gnu_coreutils | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | 2020-01-24 | not yet calculated | CVE-2015-4042 MISC MISC |
| gnu -- gnu_coreutils | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | 2020-01-24 | not yet calculated | CVE-2015-4041 MISC MISC MISC |
| google -- android | audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | 2020-01-24 | not yet calculated | CVE-2015-1525 MISC |
| google -- android | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | 2020-01-24 | not yet calculated | CVE-2015-1530 MISC |
| google -- android | Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | 2020-01-23 | not yet calculated | CVE-2013-6792 MISC |
| hashicorp -- vault_enterprise | HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. | 2020-01-23 | not yet calculated | CVE-2020-7220 CONFIRM MISC |
| honeywell -- maxpro_vms_and_nvr | The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. | 2020-01-22 | not yet calculated | CVE-2020-6960 MISC |
| honeywell -- maxpro_vms_and_nvr | The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. | 2020-01-22 | not yet calculated | CVE-2020-6959 MISC |
| ht_editor -- ht_editor | HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability | 2020-01-23 | not yet calculated | CVE-2012-5867 MISC MISC |
| huawei -- mate_20_smart_phones | HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) | 2020-01-21 | not yet calculated | CVE-2020-1840 MISC |
| huawei -- multiple_products | There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. | 2020-01-21 | not yet calculated | CVE-2019-19414 MISC |
| huawei -- multiple_products | There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. | 2020-01-21 | not yet calculated | CVE-2019-19413 MISC |
| huawei -- usg9500_devices | USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. | 2020-01-21 | not yet calculated | CVE-2019-19411 MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability | 2020-01-23 | not yet calculated | CVE-2012-4863 MISC MISC |
| intellian_technologies -- aptus_web | Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | 2020-01-25 | not yet calculated | CVE-2020-7980 MISC |
| iris -- citations_management_tool | IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | 2020-01-25 | not yet calculated | CVE-2013-1744 MISC |
| ispconfig -- ispconfig | ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | 2020-01-23 | not yet calculated | CVE-2012-2087 MISC MISC MISC MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | 2020-01-23 | not yet calculated | CVE-2019-19898 MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | 2020-01-23 | not yet calculated | CVE-2019-19893 MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function. | 2020-01-23 | not yet calculated | CVE-2019-19897 MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients. | 2020-01-23 | not yet calculated | CVE-2019-19896 MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. | 2020-01-23 | not yet calculated | CVE-2019-19895 MISC |
| ixp_data -- easyinstall | In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP. | 2020-01-23 | not yet calculated | CVE-2019-19894 MISC |
| jama_software -- jama_connect | Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting | 2020-01-21 | not yet calculated | CVE-2019-19592 MISC |
| jazzband -- django-user-sessions | In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | 2020-01-24 | not yet calculated | CVE-2020-5224 CONFIRM MISC |
| jfrog -- artifactory | In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. | 2020-01-23 | not yet calculated | CVE-2020-7931 MISC MISC |
| kms_controls -- bac-a1616bc_bacnet_devices | KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | 2020-01-19 | not yet calculated | CVE-2020-7233 MISC |
| koha -- koha | The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 2020-01-24 | not yet calculated | CVE-2014-1924 MISC MISC MISC MISC |
| koha -- koha | Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | 2020-01-24 | not yet calculated | CVE-2014-1923 MISC MISC MISC MISC MISC |
| koha -- koha | SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | 2020-01-24 | not yet calculated | CVE-2014-1925 MISC MISC MISC MISC |
| koha -- koha | Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | 2020-01-24 | not yet calculated | CVE-2014-1922 MISC MISC MISC MISC |
| libressl -- libressl | Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | 2020-01-23 | not yet calculated | CVE-2015-5334 MISC MISC MISC MISC MISC |
| libressl -- libressl | Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | 2020-01-23 | not yet calculated | CVE-2015-5333 CONFIRM MISC MISC MISC |
| logaritmo -- aware_callmanager_2012_devices | The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI. | 2020-01-21 | not yet calculated | CVE-2019-20385 MISC |
| lorex_technology -- lnc116_and_lnc104_ip_cameras | Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | 2020-01-24 | not yet calculated | CVE-2012-6451 MISC MISC |
| meinberg -- syncbox/ptp/ptpv2_devices | The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor. | 2020-01-21 | not yet calculated | CVE-2019-17584 MISC CONFIRM |
| micro_focus -- novell_zenworks_configuration_management | Novell ZENworks Configuration Management before 11.2.4 allows XSS. | 2020-01-25 | not yet calculated | CVE-2012-6344 MISC |
| micro_focus -- novell_zenworks_configuration_management | Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | 2020-01-25 | not yet calculated | CVE-2012-6345 MISC |
| microsoft -- activex | NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request. | 2020-01-23 | not yet calculated | CVE-2012-5389 MISC MISC |
| microsoft -- microsoft_dynamics_365 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | 2020-01-24 | not yet calculated | CVE-2018-8654 MISC |
| microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 2020-01-24 | not yet calculated | CVE-2019-1454 MISC |
| microsoft -- outlook_for_android | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | 2020-01-24 | not yet calculated | CVE-2019-1460 MISC |
| microsoft -- visual_studio_2017_and_2019 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | not yet calculated | CVE-2019-1352 MISC |
| microsoft -- visual_studio_2017_and_2019 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | 2020-01-24 | not yet calculated | CVE-2019-1354 MISC |
| microsoft -- visual_studio_2017_and_2019 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | not yet calculated | CVE-2019-1349 MISC |
| microsoft -- visual_studio_2017_and_2019 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | 2020-01-24 | not yet calculated | CVE-2019-1351 MISC |
| microsoft -- visual_studio_2017_and_2019 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | 2020-01-24 | not yet calculated | CVE-2019-1350 MISC |
| microsoft -- visual_studio_code | An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'. | 2020-01-24 | not yet calculated | CVE-2019-1414 MISC |
| mimblewimble -- grin | Grin through 2.1.1 has Insufficient Validation. | 2020-01-21 | not yet calculated | CVE-2020-6638 MISC CONFIRM |
| mirc -- mirc | mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. | 2020-01-21 | not yet calculated | CVE-2011-5282 MISC |
| mirc -- mirc | mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. | 2020-01-23 | not yet calculated | CVE-2008-7314 CONFIRM CONFIRM |
| mirumee -- saleor | An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). | 2020-01-24 | not yet calculated | CVE-2020-7964 MISC MISC |
| multitech_conduit -- mtcdt-lvw2-24xx_devices | MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | 2020-01-21 | not yet calculated | CVE-2020-7594 MISC |
| mysecureshell -- mysecureshell | MySecureShell 1.31 has a Local Denial of Service Vulnerability | 2020-01-23 | not yet calculated | CVE-2013-4175 MISC MISC |
| mysecureshell -- mysecureshell | mysecureshell 1.31: Local Information Disclosure Vulnerability | 2020-01-23 | not yet calculated | CVE-2013-4176 MISC MISC |
| openpne -- openpne_3 | OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | 2020-01-24 | not yet calculated | CVE-2013-4333 MISC MISC MISC |
| owncloud -- owncloud_server | Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | 2020-01-23 | not yet calculated | CVE-2014-2050 MISC CONFIRM MISC |
| papercrop_gem_for_ruby_on_rails -- papercrop_gem_for_ruby_on_rails | The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. | 2020-01-21 | not yet calculated | CVE-2015-2784 CONFIRM CONFIRM |
| parallels -- parallels | Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. | 2020-01-21 | not yet calculated | CVE-2020-7213 MISC MISC MISC |
| peerigon -- angular-expressions | Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | 2020-01-24 | not yet calculated | CVE-2020-5219 MISC MISC CONFIRM |
| philips -- hue_bridge | Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | 2020-01-23 | not yet calculated | CVE-2020-6007 MISC |
| postfix-mta-sts-resolver -- postfix-mta-sts-resolver | In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. | 2020-01-22 | not yet calculated | CVE-2019-16791 MISC CONFIRM |
| prestashop -- prestashop | PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | 2020-01-23 | not yet calculated | CVE-2013-6358 MISC |
| privatebin -- privatebin | In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users. | 2020-01-23 | not yet calculated | CVE-2020-5223 MISC MISC CONFIRM MISC |
| pylons_project -- waitress | Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0. | 2020-01-22 | not yet calculated | CVE-2019-16792 MISC MISC CONFIRM |
| qdpm -- qdpm | A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. | 2020-01-21 | not yet calculated | CVE-2020-7246 MISC MISC |
| qemu -- qemu | Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. | 2020-01-23 | not yet calculated | CVE-2015-5745 MISC MISC MISC MISC MISC MISC MISC |
| qemu -- qemu | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | 2020-01-23 | not yet calculated | CVE-2015-5278 MISC MISC MISC MISC MISC MISC MISC |
| qemu -- qemu | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | 2020-01-23 | not yet calculated | CVE-2015-5239 MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM |
| qt -- qt | Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | 2020-01-24 | not yet calculated | CVE-2015-9541 MISC |
| rapid7 -- appspider | The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215. | 2020-01-22 | not yet calculated | CVE-2019-5647 CONFIRM |
| rapid7 -- nexpose | Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access. | 2020-01-25 | not yet calculated | CVE-2012-6494 BID XF |
| red_hat -- jboss_enterprise_application_platform_vault | A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | 2020-01-23 | not yet calculated | CVE-2019-14885 CONFIRM |
| red_hat -- multiple_jboss_products | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | 2020-01-23 | not yet calculated | CVE-2012-5626 CONFIRM CONFIRM |
| red_hat -- quay | A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. | 2020-01-21 | not yet calculated | CVE-2019-3864 CONFIRM |
| ricoh -- multiple_devices | An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version | 2020-01-24 | not yet calculated | CVE-2019-19363 MISC FULLDISC CONFIRM |
| ruckus -- unleashed_devices | SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. | 2020-01-23 | not yet calculated | CVE-2019-19835 MISC MISC MISC |
| ruckus -- unleashed_devices | A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | 2020-01-22 | not yet calculated | CVE-2019-19840 MISC MISC MISC |
| ruckus -- unleashed_devices | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | 2020-01-22 | not yet calculated | CVE-2019-19842 MISC MISC MISC |
| ruckus -- unleashed_devices | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | 2020-01-22 | not yet calculated | CVE-2019-19841 MISC MISC MISC |
| saltstack -- salt | In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | 2020-01-17 | not yet calculated | CVE-2019-17361 CONFIRM MISC |
| samba -- samba | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | 2020-01-21 | not yet calculated | CVE-2019-14907 CONFIRM CONFIRM MISC CONFIRM |
| samba -- samba | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | 2020-01-21 | not yet calculated | CVE-2019-14902 CONFIRM CONFIRM MISC CONFIRM |
| samba -- samba | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | 2020-01-21 | not yet calculated | CVE-2019-19344 CONFIRM CONFIRM MISC CONFIRM |
samsung -- galaxy_gear_devices | The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16269 MISC MISC |
| samsung -- galaxy_gear_devices | The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16271 MISC MISC |
| samsung -- galaxy_gear_devices | Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. | 2020-01-22 | not yet calculated | CVE-2018-16270 MISC MISC |
| samsung -- galaxy_gear_devices | The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16272 MISC MISC |
| sap -- message_server | A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | 2020-01-23 | not yet calculated | CVE-2013-1592 MISC MISC MISC MISC MISC MISC |
| sap -- netweaver_2004s | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | 2020-01-23 | not yet calculated | CVE-2013-1593 MISC MISC MISC MISC MISC |
| sarg -- squid_analysis_report_generator | log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | 2020-01-21 | not yet calculated | CVE-2019-18932 MISC MISC MLIST MISC |
| secure_headers_gem_for_ruby_on_rails -- secure_headers_gem_for_ruby_on_rails | In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. | 2020-01-23 | not yet calculated | CVE-2020-5216 MISC CONFIRM |
| secure_headers_gem_for_ruby_on_rails -- secure_headers_gem_for_ruby_on_rails | In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0. | 2020-01-23 | not yet calculated | CVE-2020-5217 MISC MISC MISC CONFIRM |
| simple_machines -- simple_machines_forum | An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links. | 2020-01-22 | not yet calculated | CVE-2019-12490 MISC MISC |
| simplejobscript.com -- simplejobscript.com | An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. | 2020-01-21 | not yet calculated | CVE-2020-7229 MISC MISC |
| simplesamlphp -- simplesamlphp | Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field. | 2020-01-24 | not yet calculated | CVE-2020-5226 CONFIRM MISC |
| simplesamlphp -- simplesamlphp | Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. | 2020-01-24 | not yet calculated | CVE-2020-5225 CONFIRM MISC |
| smc -- d3g08042w_3.5.2.5-lat_ga_devices | SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). | 2020-01-21 | not yet calculated | CVE-2020-7249 MISC |
| soapbox -- soapbox | Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | 2020-01-24 | not yet calculated | CVE-2012-6302 MISC |
| splunk -- splunk | Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | 2020-01-23 | not yet calculated | CVE-2013-6773 MISC |
| splunk -- splunk | Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | 2020-01-23 | not yet calculated | CVE-2013-6772 MISC |
| storebackup -- storebackup | storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | 2020-01-21 | not yet calculated | CVE-2020-7040 MISC MLIST MLIST MLIST MLIST MISC MLIST |
| supermicro -- intelligent_management_platform_interface | Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | 2020-01-23 | not yet calculated | CVE-2013-6785 MISC |
| suse -- libsolv | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | 2020-01-21 | not yet calculated | CVE-2019-20387 MISC MISC |
| suse -- linux_enterprise_server | The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. | 2020-01-24 | not yet calculated | CVE-2019-3687 CONFIRM |
suse -- linux_enterprise_server_15_and_opensuse_factory | A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. | 2020-01-23 | not yet calculated | CVE-2019-3691 CONFIRM |
| suse -- linux_enterprise_server_15_sp1 | UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | 2020-01-23 | not yet calculated | CVE-2019-18898 CONFIRM |
suse -- multiple_products | The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | 2020-01-24 | not yet calculated | CVE-2019-3692 CONFIRM |
| suse -- multiple_products | A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. | 2020-01-24 | not yet calculated | CVE-2019-3694 CONFIRM |
| suse -- multiple_products | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | 2020-01-24 | not yet calculated | CVE-2019-3693 CONFIRM |
| suse -- multiple_products | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. | 2020-01-24 | not yet calculated | CVE-2019-18900 CONFIRM |
| suse -- opensuse_leap | The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. | 2020-01-23 | not yet calculated | CVE-2019-18899 CONFIRM |
| suse -- opensuse_leap | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | 2020-01-24 | not yet calculated | CVE-2019-3697 CONFIRM |
suse -- opensuse_leap_and_opensuse_factory | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. | 2020-01-24 | not yet calculated | CVE-2019-3699 CONFIRM |
| systemd -- systemd | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | 2020-01-21 | not yet calculated | CVE-2019-20386 MISC |
| tizen -- tizen | The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16267 MISC MISC MISC |
| tizen -- tizen | The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16263 MISC MISC MISC |
| tizen -- tizen | The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16262 MISC MISC MISC |
| tizen -- tizen | The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16264 MISC MISC MISC |
| tizen -- tizen | The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16265 MISC MISC MISC MISC |
| tizen -- tizen | The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16266 MISC MISC MISC |
| tizen -- tizen | The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | 2020-01-22 | not yet calculated | CVE-2018-16268 MISC MISC MISC |
| tornadoweb -- tornado | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 2020-01-24 | not yet calculated | CVE-2014-9720 MISC MISC MISC MISC MISC |
| torproject -- tor | Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 2020-01-24 | not yet calculated | CVE-2015-2689 MISC MISC |
| torproject -- tor | The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. | 2020-01-24 | not yet calculated | CVE-2015-2929 MISC MISC |
| torproject -- tor | The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | 2020-01-24 | not yet calculated | CVE-2015-2928 MLIST CONFIRM |
| torproject -- tor | buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 2020-01-24 | not yet calculated | CVE-2015-2688 MISC MISC |
| toshiba -- configfree | Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | 2020-01-23 | not yet calculated | CVE-2012-4981 MISC MISC |
| troglobit -- uftpd | In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | 2020-01-22 | not yet calculated | CVE-2020-5221 MISC CONFIRM |
| trustwave -- modsecurity | Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | 2020-01-21 | not yet calculated | CVE-2019-19886 CONFIRM |
| umbraco -- umbraco | Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | 2020-01-23 | not yet calculated | CVE-2020-7210 MISC FULLDISC MISC MISC BUGTRAQ |
| undertow -- http_server | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | 2020-01-23 | not yet calculated | CVE-2019-14888 CONFIRM |
| usebb -- usebb | A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | 2020-01-22 | not yet calculated | CVE-2011-3611 MISC MISC MISC |
| vanilla_forums -- vanilla | An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | 2020-01-22 | not yet calculated | CVE-2011-3613 MISC MISC |
| vanilla_forums -- vanilla | An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | 2020-01-22 | not yet calculated | CVE-2011-3614 MISC MISC |
| videolan -- vlc_media_player | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | 2020-01-24 | not yet calculated | CVE-2014-9630 MISC MISC CONFIRM |
| videolan -- vlc_media_player | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | 2020-01-24 | not yet calculated | CVE-2014-9629 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | 2020-01-24 | not yet calculated | CVE-2014-9628 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. | 2020-01-24 | not yet calculated | CVE-2014-9627 MISC MISC CONFIRM |
| videolan -- vlc_media_player | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | 2020-01-24 | not yet calculated | CVE-2014-9626 MISC MISC CONFIRM |
| videolan -- vlc_media_player | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | 2020-01-24 | not yet calculated | CVE-2014-9625 MISC MISC CONFIRM |
| vivotek -- pt7135_ip_cameras | A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. | 2020-01-24 | not yet calculated | CVE-2013-1595 MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. | 2020-01-24 | not yet calculated | CVE-2013-1594 MISC MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | 2020-01-24 | not yet calculated | CVE-2013-1598 MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. | 2020-01-24 | not yet calculated | CVE-2013-1596 MISC MISC MISC MISC MISC |
| vivotek -- pt7135_ip_cameras | A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. | 2020-01-24 | not yet calculated | CVE-2013-1597 MISC MISC MISC MISC MISC |
| websitebaker -- websitebaker | websitebaker prior to and including 2.8.1 has an authentication error in backup module. | 2020-01-21 | not yet calculated | CVE-2011-4322 MISC |
| wordpress -- wordpress | The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. | 2020-01-20 | not yet calculated | CVE-2020-7241 MISC MISC |
| wordpress -- wordpress | WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | 2020-01-23 | not yet calculated | CVE-2012-6649 MISC BID |
| wordpress -- wordpress | An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | 2020-01-21 | not yet calculated | CVE-2016-11018 MISC MISC MISC |
| wordpress -- wordpress | The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. | 2020-01-21 | not yet calculated | CVE-2020-6849 MISC MISC MISC |
| xmind -- xmind | The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. | 2020-01-21 | not yet calculated | CVE-2014-2680 MISC |
| xmlsoft -- libxml2 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 2020-01-21 | not yet calculated | CVE-2019-20388 MISC |
| xmlsoft -- libxml2 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 2020-01-21 | not yet calculated | CVE-2020-7595 MISC |
| yast -- yast2-security | yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. | 2020-01-24 | not yet calculated | CVE-2019-3700 CONFIRM |
| zoho_manageengine -- servicedesk_plus | Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | 2020-01-23 | not yet calculated | CVE-2020-6843 MISC FULLDISC MISC BUGTRAQ CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.