Vulnerability Summary for the Week of February 17, 2020
Released
Feb 24, 2020
Document ID
SB20-055
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- macos_x | Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | 2020-02-21 | 7.5 | CVE-2016-4606 MISC MISC MISC |
| berkeley -- berkeley_open_infrastructure_for_network_computing | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2020-02-20 | 7.5 | CVE-2013-2018 MISC MISC |
| broadcom -- ca_unified_infrastructure_management | CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 2020-02-18 | 10 | CVE-2020-8010 CONFIRM |
| broadcom -- ca_unified_infrastructure_management | CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | 2020-02-18 | 7.5 | CVE-2020-8012 CONFIRM |
| eltex -- ntp-rg-1402g_router | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. | 2020-02-17 | 10 | CVE-2020-9026 MISC |
| eltex -- ntp-rg-1402g_router | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. | 2020-02-17 | 10 | CVE-2020-9027 MISC |
| hcl -- appscan_standard_edition | HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | 2020-02-14 | 10 | CVE-2019-4392 MISC |
| horde -- groupware_webmail_edition | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 2020-02-17 | 7.5 | CVE-2020-8518 FEDORA FEDORA CONFIRM |
| ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960. | 2020-02-19 | 7.2 | CVE-2020-4204 XF CONFIRM |
| iteris -- vantage_velocity_field_unit_devices | Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | 2020-02-17 | 10 | CVE-2020-9020 MISC |
| iteris -- vantage_velocity_field_unit_devices | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. | 2020-02-17 | 7.5 | CVE-2020-9023 MISC |
| iteris -- vantage_velocity_field_unit_devices | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. | 2020-02-17 | 10 | CVE-2020-9024 MISC |
| jsreport -- jsreport | An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | 2020-02-14 | 7.5 | CVE-2020-8128 MISC |
| jsreport -- script-manager | An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 2020-02-14 | 7.5 | CVE-2020-8129 MISC |
| moxa -- mgate_5105-mb-eip_series_protocol_gateways | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. | 2020-02-14 | 9 | CVE-2020-8858 MISC MISC |
| nec -- multiple_aterm_series_devices | Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | 2020-02-21 | 8.3 | CVE-2020-5524 MISC MISC MISC |
| nec -- multiple_aterm_series_devices | Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | 2020-02-21 | 7.7 | CVE-2020-5525 MISC MISC |
| nec -- multiple_aterm_series_devices | Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 2020-02-21 | 7.7 | CVE-2020-5534 MISC MISC |
| netsweeper -- netsweeper | Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | 2020-02-19 | 7.5 | CVE-2014-9613 MISC |
| netsweeper -- netsweeper | The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | 2020-02-19 | 7.5 | CVE-2014-9614 MISC |
| netsweeper -- netsweeper | SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | 2020-02-19 | 7.5 | CVE-2014-9612 MISC |
| openx -- openx_ad_server | A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 2020-02-14 | 7.5 | CVE-2013-4211 MISC MISC MISC MISC MISC |
| post_oak_traffic_systems -- awam_bluetooth_multiple_field_devices | Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | 2020-02-17 | 10 | CVE-2020-9021 MISC |
| prestashop -- prestashop | PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | 2020-02-18 | 7.5 | CVE-2013-6295 MISC MISC |
| proftpd -- proftpd | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | 2020-02-20 | 9 | CVE-2020-9273 CONFIRM CONFIRM MLIST |
| promise-probe -- promise-probe | promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | 2020-02-18 | 7.5 | CVE-2019-10791 MISC MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | 2020-02-18 | 9 | CVE-2020-9269 MISC |
| spacewalk_project -- spacewalk | A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. | 2020-02-17 | 7.5 | CVE-2020-1693 CONFIRM MISC MISC |
| wordpress -- wordpress | The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | 2020-02-17 | 9 | CVE-2020-9043 MISC MISC MISC |
| wordpress -- wordpress | The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) | 2020-02-17 | 7.5 | CVE-2020-9006 MISC MISC MISC MISC |
| xorus -- lpar2rrd | LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | 2020-02-17 | 10 | CVE-2014-4981 MISC MISC MISC MISC BID XF |
| yeager -- yeager_cms | SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | 2020-02-18 | 7.5 | CVE-2015-7567 MISC MISC MISC MISC |
| zabbix -- zabbix | A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | 2020-02-17 | 7.5 | CVE-2013-3738 MISC |
| zend_framework -- zend_framework | SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 2020-02-17 | 7.5 | CVE-2014-8089 MISC MISC BID MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- asset_suite | Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. | 2020-02-17 | 5.5 | CVE-2019-18998 CONFIRM |
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2020-02-14 | 6.8 | CVE-2019-5187 MISC |
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2020-02-14 | 6.8 | CVE-2020-6068 MISC |
| ai -- risknet_acquirer | RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. | 2020-02-14 | 5 | CVE-2013-5687 XF |
| aishu_technology -- anyshare_cloud | AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | 2020-02-16 | 4 | CVE-2020-8996 MISC |
| arvato -- skillpipe | Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. | 2020-02-16 | 4 | CVE-2020-9013 MISC MISC |
| atos -- unify_openscape_uc_web_client | Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload. | 2020-02-21 | 4.3 | CVE-2019-19865 MISC MISC |
| broadcom -- ca_unified_infrastructure_management | CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. | 2020-02-18 | 5 | CVE-2020-8011 CONFIRM |
| cisco -- finesse | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2020-02-19 | 4.3 | CVE-2020-3159 CISCO |
| cisco -- unified_communications_manager | A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. | 2020-02-19 | 4.3 | CVE-2015-0749 MISC |
| codecov -- codecov-node | codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | 2020-02-17 | 6.5 | CVE-2020-7597 MISC MISC |
| combodo -- itop | iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version. | 2020-02-14 | 5 | CVE-2019-13967 MISC MISC |
| combodo -- itop | In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title). | 2020-02-14 | 4.3 | CVE-2019-13966 MISC MISC |
| combodo -- itop | In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. | 2020-02-14 | 6.8 | CVE-2019-11215 MISC MISC |
| combodo -- itop | Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. | 2020-02-14 | 4.3 | CVE-2019-13965 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640. | 2020-02-14 | 6.8 | CVE-2020-8856 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358. | 2020-02-14 | 6.8 | CVE-2020-8845 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400. | 2020-02-14 | 6.8 | CVE-2020-8846 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591. | 2020-02-14 | 6.8 | CVE-2020-8853 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606. | 2020-02-14 | 6.8 | CVE-2020-8854 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560. | 2020-02-14 | 6.8 | CVE-2020-8855 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413. | 2020-02-14 | 6.8 | CVE-2020-8849 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862. | 2020-02-14 | 6.8 | CVE-2020-8857 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415. | 2020-02-14 | 6.8 | CVE-2020-8850 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406. | 2020-02-14 | 6.8 | CVE-2020-8851 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. | 2020-02-14 | 6.8 | CVE-2020-8844 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9414. | 2020-02-14 | 6.8 | CVE-2020-8847 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407. | 2020-02-14 | 6.8 | CVE-2020-8848 MISC MISC |
| foxit -- reader | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416. | 2020-02-14 | 4.3 | CVE-2020-8852 MISC MISC |
| gitlab -- gitlab | GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. | 2020-02-14 | 4 | CVE-2019-15592 MISC MISC |
| gitlab -- gitlab | GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. | 2020-02-14 | 4 | CVE-2019-15594 MISC MISC |
| gitlab -- gitlab_enterprise_edition | In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | 2020-02-17 | 5 | CVE-2020-8795 CONFIRM MISC |
| gluu -- identity_configuration | A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | 2020-02-16 | 4.3 | CVE-2020-9012 MISC |
| huawei -- cloudlink_board | Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. | 2020-02-17 | 5 | CVE-2020-1841 CONFIRM |
| huawei -- gaussdb_200 | GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. | 2020-02-17 | 4 | CVE-2020-1853 CONFIRM |
| huawei -- gaussdb_200 | GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | 2020-02-18 | 6.5 | CVE-2020-1790 CONFIRM |
| huawei -- gaussdb_200 | GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | 2020-02-18 | 6.5 | CVE-2020-1811 CONFIRM |
| huawei -- hege-60_and_multiple_osca_products | Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. | 2020-02-18 | 4.6 | CVE-2020-1843 CONFIRM |
| huawei -- hege-60_and_multiple_osca_products | Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. | 2020-02-18 | 4.6 | CVE-2020-1842 CONFIRM |
| huawei -- multiple_osca_products | Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. | 2020-02-18 | 4.6 | CVE-2020-1789 CONFIRM |
| huawei -- multiple_products | Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Attackers need to perform a series of operations in a special scenario to exploit this vulnerability. Successful exploit may cause the new connections can't be established, result in a denial of service. | 2020-02-17 | 5 | CVE-2020-1858 CONFIRM CONFIRM |
| huawei -- multiple_products | Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. | 2020-02-17 | 5 | CVE-2020-1856 CONFIRM |
| huawei -- multiple_products
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. | 2020-02-18 | 4.3 | CVE-2020-1816 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. | 2020-02-18 | 4.3 | CVE-2020-1815 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. | 2020-02-17 | 5 | CVE-2020-1827 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. | 2020-02-17 | 5 | CVE-2020-1828 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. | 2020-02-17 | 5 | CVE-2020-1829 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service. | 2020-02-18 | 5 | CVE-2020-1830 CONFIRM |
| huawei -- p30_smartphones | HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | 2020-02-18 | 6.8 | CVE-2020-1812 CONFIRM |
| ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 2020-02-19 | 5 | CVE-2020-4135 XF CONFIRM |
| ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341. | 2020-02-19 | 4 | CVE-2020-4161 XF CONFIRM |
ibm -- emptoris_spend_analysis_and_emptoris_strategic_supply_management_platform | IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348. | 2020-02-20 | 6.5 | CVE-2019-4752 XF CONFIRM CONFIRM |
| ibm -- jazz_foundation | IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654. | 2020-02-19 | 4 | CVE-2019-4457 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. | 2020-02-20 | 4 | CVE-2019-4583 XF CONFIRM |
| ibm -- maximo_asset_management | A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 2020-02-18 | 6.8 | CVE-2013-3323 MISC MISC CONFIRM |
| icehrm -- icehrm | ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | 2020-02-18 | 4.3 | CVE-2020-9271 MISC |
| icehrm -- icehrm | ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | 2020-02-18 | 6.8 | CVE-2020-9270 MISC |
| imagemagick -- imagemagick | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | 2020-02-17 | 6.8 | CVE-2014-1947 MISC MISC MISC MISC MISC MISC MISC |
| ipsilon_project -- ipsilon | The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response. | 2020-02-17 | 4.3 | CVE-2015-5216 MISC MISC MISC |
| istio -- istio | An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. | 2020-02-14 | 5.8 | CVE-2020-8843 MISC MISC CONFIRM |
| iteris -- vantage_velocity_field_unit_devices | Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. | 2020-02-17 | 4.3 | CVE-2020-9025 MISC |
| jasper -- jasper | Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | 2020-02-17 | 6.8 | CVE-2015-8751 MISC MISC MISC BID MISC |
| joplin -- joplin | Joplin through 1.0.184 allows Arbitrary File Read via XSS. | 2020-02-17 | 4.3 | CVE-2020-9038 MISC MISC |
| lenovo -- xclarity_administrator | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | 2020-02-14 | 4.3 | CVE-2019-6194 CONFIRM |
| linux -- linux_kernel | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | 2020-02-14 | 4.9 | CVE-2020-8992 MISC |
| lvm2 -- lvm2 | vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. | 2020-02-14 | 5 | CVE-2020-8991 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | 2020-02-17 | 6.4 | CVE-2020-9029 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). | 2020-02-17 | 4.3 | CVE-2020-9028 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | 2020-02-17 | 6.4 | CVE-2020-9030 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | 2020-02-17 | 6.4 | CVE-2020-9031 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | 2020-02-17 | 6.4 | CVE-2020-9032 MISC |
| microsemi -- symmetricom_syncserver_devices | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | 2020-02-17 | 6.4 | CVE-2020-9033 MISC |
| moodle -- moodle | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | 2020-02-17 | 4 | CVE-2020-1692 CONFIRM |
| nec -- aterm_wg2600hs_device | Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-02-21 | 4.3 | CVE-2020-5533 MISC MISC |
| netsurf -- libnsbmp | libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. | 2020-02-18 | 5 | CVE-2015-7507 MISC MISC |
| netsweeper -- netsweeper | Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2020-02-19 | 4.3 | CVE-2014-9607 MISC |
| netsweeper -- netsweeper | Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. | 2020-02-19 | 5 | CVE-2014-9609 MISC |
| netsweeper -- netsweeper | Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 2020-02-19 | 5.8 | CVE-2014-9617 MISC |
| netsweeper -- netsweeper | Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. | 2020-02-19 | 4.3 | CVE-2014-9615 MISC |
| netsweeper -- netsweeper | Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2020-02-19 | 4.3 | CVE-2014-9608 MISC |
| netsweeper -- netsweeper | Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. | 2020-02-19 | 4.3 | CVE-2014-9606 MISC |
| opensips -- opensips | A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. | 2020-02-17 | 5 | CVE-2013-3722 MISC |
| proftpd -- proftpd | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | 2020-02-20 | 5 | CVE-2020-9272 CONFIRM CONFIRM |
| progress -- moveit_transfer | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | 2020-02-14 | 6 | CVE-2020-8612 MISC CONFIRM CONFIRM CONFIRM |
| progress -- moveit_transfer | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. | 2020-02-14 | 6.5 | CVE-2020-8611 MISC CONFIRM CONFIRM CONFIRM |
| silverstripe -- silverstripe | SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | 2020-02-19 | 4.3 | CVE-2019-12246 MISC MISC CONFIRM |
| silverstripe -- silverstripe | SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. | 2020-02-17 | 4.3 | CVE-2019-19325 CONFIRM |
| silverstripe -- silverstripe | In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, | 2020-02-19 | 6.8 | CVE-2019-12437 MISC MISC CONFIRM |
| soplanning -- simple_online_planning | SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | 2020-02-18 | 4.3 | CVE-2020-9266 MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | 2020-02-18 | 4.3 | CVE-2020-9267 MISC |
| soplanning -- simple_online_planning | SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | 2020-02-18 | 5 | CVE-2020-9268 MISC |
| twiki -- twiki | Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | 2020-02-17 | 6.4 | CVE-2014-7236 MISC MISC BID MISC |
| western_digital -- mycloud.com | Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | 2020-02-20 | 4.3 | CVE-2020-8960 MISC MISC |
| wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2020-02-18 | 6.8 | CVE-2020-5530 MISC MISC MISC |
| wordpress -- wordpress | WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | 2020-02-18 | 6.4 | CVE-2013-4454 MISC MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress | Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | 2020-02-17 | 4.3 | CVE-2020-6850 MISC MISC MISC |
| xirrus -- multiple_wireless_arrays | An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. | 2020-02-17 | 4.3 | CVE-2020-9022 MISC |
| zoho_manageengine -- remote_access_plus | An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | 2020-02-17 | 4 | CVE-2019-20474 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| codologic -- codofurm | Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | 2020-02-15 | 3.5 | CVE-2020-7050 CONFIRM MISC |
| codologic -- codofurm | Codoforum 4.8.8 allows self-XSS via the title of a new topic. | 2020-02-16 | 3.5 | CVE-2020-9007 MISC |
| dolibarr -- dolibarr | Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. | 2020-02-16 | 3.5 | CVE-2020-9016 MISC |
| huawei -- hege-60_and_hege-570_and_multiple_osca_products | Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. | 2020-02-18 | 3.6 | CVE-2020-1855 CONFIRM |
| huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. | 2020-02-18 | 2.1 | CVE-2020-1791 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. | 2020-02-18 | 3.5 | CVE-2020-1814 CONFIRM |
| huawei -- multiple_products | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. | 2020-02-17 | 2.1 | CVE-2020-1857 CONFIRM |
| huawei -- multiple_smartphones | Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. | 2020-02-18 | 2.1 | CVE-2020-1882 CONFIRM |
| prestashop -- prestashop | PrestaShop before 1.4.11 allows logout CSRF. | 2020-02-14 | 3.5 | CVE-2013-4792 MISC |
| prestashop -- prestashop | PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 2020-02-14 | 3.5 | CVE-2013-4791 MISC |
| wolf_cms -- wolf_cms | A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | 2020-02-19 | 3.5 | CVE-2012-1932 MISC |
| wordpress -- wordpress | The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | 2020-02-14 | 3.5 | CVE-2020-8594 MISC CONFIRM MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abbott -- freestyle_libre_sensors | Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018). | 2020-02-16 | not yet calculated | CVE-2020-8997 MISC |
| adobe -- after_effects | Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-02-20 | not yet calculated | CVE-2020-3765 CONFIRM |
| adobe -- media_encoder | Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-02-20 | not yet calculated | CVE-2020-3764 CONFIRM |
| ansible -- ansible | The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | 2020-02-20 | not yet calculated | CVE-2014-4678 MISC MISC MISC MISC MISC MISC MISC |
| ansible -- ansible | Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 2020-02-18 | not yet calculated | CVE-2014-4967 MISC CONFIRM |
| ansible -- ansible | Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | 2020-02-18 | not yet calculated | CVE-2014-4966 MISC CONFIRM |
| ansible -- ansible | The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | 2020-02-20 | not yet calculated | CVE-2014-4658 CONFIRM BID |
| ansible -- ansible | The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 2020-02-20 | not yet calculated | CVE-2014-4657 CONFIRM BID |
| ansible -- ansible | Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 2020-02-20 | not yet calculated | CVE-2014-4660 MISC MISC MISC MISC MISC |
| ansible -- ansible | Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 2020-02-20 | not yet calculated | CVE-2014-4659 CONFIRM BID |
| apache -- jclouds | It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | 2020-02-18 | not yet calculated | CVE-2014-4651 MISC MISC |
| apple -- macos_x | The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 2020-02-20 | not yet calculated | CVE-2012-5366 MISC BID |
| atos -- unify_openscape_uc_web_client | Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. | 2020-02-21 | not yet calculated | CVE-2019-19866 MISC MISC |
| audiofile -- audiofile | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | 2020-02-19 | not yet calculated | CVE-2015-7747 MISC MISC MISC MISC MISC MISC |
| auieo -- candid_applicant_tracking_system | CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | 2020-02-22 | not yet calculated | CVE-2020-9341 MISC |
| avira -- antivirus_engine | Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. | 2020-02-20 | not yet calculated | CVE-2020-9320 MISC MISC MISC |
| axous -- axous | Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. | 2020-02-20 | not yet calculated | CVE-2012-2629 MISC MISC |
| bodymen -- bodymen | bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | 2020-02-18 | not yet calculated | CVE-2019-10792 MISC MISC |
| bosch -- security_systems_nbn-498_dinion2x_ip_cameras | The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml. | 2020-02-18 | not yet calculated | CVE-2015-6970 MISC |
| cacti -- cacti | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | 2020-02-22 | not yet calculated | CVE-2020-8813 MISC MISC MISC MISC |
| cisco -- adaptive_security_appliance | A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | 2020-02-19 | not yet calculated | CVE-2011-2054 CISCO |
| cisco -- anyconnect_secure_mobility_client_for_windows | A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | 2020-02-19 | not yet calculated | CVE-2020-3153 CISCO |
| cisco -- asyncos_software_for_cisco_email_security_appliance | A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. | 2020-02-19 | not yet calculated | CVE-2020-3132 CISCO |
| cisco -- cloud_web_security | A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database. | 2020-02-19 | not yet calculated | CVE-2020-3154 CISCO |
| cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-02-19 | not yet calculated | CVE-2020-3113 CISCO |
| cisco -- data_center_network_manager | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. | 2020-02-19 | not yet calculated | CVE-2020-3114 CISCO |
| cisco -- data_center_network_manager | A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. | 2020-02-19 | not yet calculated | CVE-2020-3112 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device. | 2020-02-19 | not yet calculated | CVE-2020-3138 CISCO |
| cisco -- identity_services_engine | A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | 2020-02-19 | not yet calculated | CVE-2020-3156 CISCO |
| cisco -- ios_xe_sd-wan_software | A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. | 2020-02-19 | not yet calculated | CVE-2019-1950 CONFIRM |
| cisco -- linksys_e4200_router | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi. | 2020-02-18 | not yet calculated | CVE-2013-2679 MISC MISC MISC MISC MISC |
| cisco -- meeting_server | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. | 2020-02-19 | not yet calculated | CVE-2020-3160 CISCO |
| cisco -- smart_software_manager_on-prem | A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. | 2020-02-19 | not yet calculated | CVE-2020-3158 CISCO |
| cisco -- unified_contact_center_enterprise | A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. | 2020-02-19 | not yet calculated | CVE-2020-3163 CISCO |
| compenent -- flatten.js | All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | 2020-02-18 | not yet calculated | CVE-2019-10794 CONFIRM |
| coturn -- coturn | An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | 2020-02-19 | not yet calculated | CVE-2020-6061 MISC |
| coturn -- coturn | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | 2020-02-19 | not yet calculated | CVE-2020-6062 MISC |
| couchbase -- couchbase_server | Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access). | 2020-02-22 | not yet calculated | CVE-2020-9039 CONFIRM |
| d-link -- dap-1330_devices | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. | 2020-02-22 | not yet calculated | CVE-2020-8861 N/A N/A |
| d-link -- dap-6210_devices | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. | 2020-02-22 | not yet calculated | CVE-2020-8862 N/A N/A |
| d-link -- dch-m225_devices | D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 2020-02-21 | not yet calculated | CVE-2020-6842 MISC CONFIRM |
| d-link -- dch-m225_devices | D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 2020-02-21 | not yet calculated | CVE-2020-6841 MISC CONFIRM |
| d-link -- dsr-250n_devices | D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | 2020-02-19 | not yet calculated | CVE-2012-6614 CONFIRM MISC MISC |
| debian -- x11-common | The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | 2020-02-21 | not yet calculated | CVE-2012-1093 MISC MISC MISC MISC MISC |
| dell -- client_consumer_and_commericial_platforms | Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | 2020-02-21 | not yet calculated | CVE-2020-5324 MISC |
| dell -- client_platforms | Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | 2020-02-21 | not yet calculated | CVE-2020-5326 MISC |
| dot-object -- dot-object | dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | 2020-02-18 | not yet calculated | CVE-2019-10793 MISC MISC |
| drupal -- drupal | The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | 2020-02-18 | not yet calculated | CVE-2013-4228 MISC MISC MISC MISC MISC |
| drupal -- drupal | The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | 2020-02-18 | not yet calculated | CVE-2013-4226 MISC MISC MISC |
| drupal -- drupal | Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. | 2020-02-18 | not yet calculated | CVE-2013-4227 MISC MISC MISC MISC |
| election -- election | fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. | 2020-02-22 | not yet calculated | CVE-2020-9340 MISC |
| election -- election | fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. | 2020-02-22 | not yet calculated | CVE-2020-9336 MISC |
| electronic_arts -- origin | Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. | 2020-02-20 | not yet calculated | CVE-2019-19741 MISC |
| emerson -- openenterprise_scada_server | A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | 2020-02-19 | not yet calculated | CVE-2020-6970 MISC |
| eset -- multiple_products | ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. | 2020-02-18 | not yet calculated | CVE-2020-9264 FULLDISC MISC MISC |
| f-secure -- multiple_products | The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. | 2020-02-22 | not yet calculated | CVE-2020-9342 MISC |
| facebook -- hhvm | Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | 2020-02-19 | not yet calculated | CVE-2016-1000004 CONFIRM CONFIRM |
| facebook -- hhvm | mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | 2020-02-19 | not yet calculated | CVE-2016-1000005 CONFIRM CONFIRM |
| facebook -- hhvm | HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). | 2020-02-19 | not yet calculated | CVE-2016-1000109 CONFIRM MISC CONFIRM |
| freebsd -- freebsd | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | 2020-02-20 | not yet calculated | CVE-2015-2923 MISC MISC MISC MISC |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | 2020-02-18 | not yet calculated | CVE-2020-7450 MISC |
| freebsd -- freebsd | In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated. | 2020-02-18 | not yet calculated | CVE-2019-5613 MISC |
| freebsd -- freebsd | In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. | 2020-02-18 | not yet calculated | CVE-2019-15875 MISC |
| general_electric -- ultrasound_products | A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | 2020-02-20 | not yet calculated | CVE-2020-6977 MISC |
| gitlab -- gitlab_enterprise_edition | Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. | 2020-02-17 | not yet calculated | CVE-2019-12825 MISC CONFIRM |
| gogs -- gogs | Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | 2020-02-21 | not yet calculated | CVE-2020-9329 MISC |
| golang -- go | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | 2020-02-20 | not yet calculated | CVE-2020-9283 CONFIRM |
| google -- android | btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | 2020-02-21 | not yet calculated | CVE-2014-7914 MISC |
| google -- android | Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. | 2020-02-20 | not yet calculated | CVE-2014-7951 MISC MISC MISC MISC MISC |
| goverlan -- reach_console_ and_reach_server_and_client_agent | Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | 2020-02-16 | not yet calculated | CVE-2019-20456 MISC |
| hitron -- coda-4582u-devices | Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. | 2020-02-19 | not yet calculated | CVE-2020-8824 MISC |
| honeywell -- inncom_inncontrol_3_device | Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | 2020-02-20 | not yet calculated | CVE-2020-6968 MISC |
| hp -- forfity_sca | The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | 2020-02-19 | not yet calculated | CVE-2014-2228 CONFIRM |
| huawei -- p10_plus_smartphones | Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. | 2020-02-18 | not yet calculated | CVE-2020-1872 CONFIRM |
| ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. | 2020-02-19 | not yet calculated | CVE-2020-4230 XF CONFIRM |
| ibm -- db2_for_linux_and_unix_and_windows | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914. | 2020-02-19 | not yet calculated | CVE-2020-4200 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. | 2020-02-19 | not yet calculated | CVE-2019-4429 XF CONFIRM |
| ibm -- security_secret_server | IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | 2020-02-19 | not yet calculated | CVE-2019-4640 XF CONFIRM |
| ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. | 2020-02-18 | not yet calculated | CVE-2012-0718 MISC |
| jackweb -- gecko_cms | JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities | 2020-02-18 | not yet calculated | CVE-2015-1425 MISC |
| jetbrains -- scala_plugin | In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | 2020-02-21 | not yet calculated | CVE-2020-7907 MISC MISC |
| jyaml -- jyaml | JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | 2020-02-19 | not yet calculated | CVE-2020-8441 MISC MISC MISC MISC |
| kaseya -- traverse | Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data. | 2020-02-17 | not yet calculated | CVE-2020-8427 CONFIRM |
| kaseya -- virtual_system_administrator | Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. | 2020-02-17 | not yet calculated | CVE-2015-6922 MISC MISC MISC MISC MISC |
| labvantage_solutions -- labvantage_laboratory_information_management | LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist. | 2020-02-17 | not yet calculated | CVE-2020-7959 MISC EXPLOIT-DB |
| libarchive -- libarchive | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | 2020-02-20 | not yet calculated | CVE-2020-9308 MISC MISC MISC |
| libnsfig -- libnsfig | Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file. | 2020-02-18 | not yet calculated | CVE-2015-7505 MISC MISC |
| libnsfig -- libnsfig | The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file. | 2020-02-18 | not yet calculated | CVE-2015-7506 MISC |
| linux -- linux_kernel | OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. | 2020-02-19 | not yet calculated | CVE-2012-0055 MLIST CONFIRM CONFIRM CONFIRM MISC CONFIRM MISC |
| linux -- linux_kernel | fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | 2020-02-20 | not yet calculated | CVE-2011-4915 MISC MISC MISC MISC MISC MISC MISC MISC |
| linux -- linux_kernel | Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. | 2020-02-20 | not yet calculated | CVE-2011-0699 MISC MISC MISC MISC |
| linux -- linux_kernel | The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | 2020-02-20 | not yet calculated | CVE-2011-2498 MISC MISC MISC MISC MISC |
| longtail_video -- jw_player | Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. | 2020-02-20 | not yet calculated | CVE-2012-3351 MISC MISC MISC MISC MISC MISC |
| mcafee -- data_exchange_layer_framework | Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | 2020-02-17 | not yet calculated | CVE-2020-7252 CONFIRM |
| microsemi -- symmetricom_syncserver | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | 2020-02-17 | not yet calculated | CVE-2020-9034 MISC |
| microsoft -- windows_7 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 2020-02-20 | not yet calculated | CVE-2012-5364 MISC BID |
| mitsubishi_electric -- multiple_controller_modules | Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. | 2020-02-17 | not yet calculated | CVE-2020-5531 MISC MISC |
| moped_gem_for_ruby_on_rails -- moped_gem_for_ruby_on_rails | The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | 2020-02-20 | not yet calculated | CVE-2015-4411 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| moped_gem_for_ruby_on_rails -- moped_gem_for_ruby_on_rails | The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. | 2020-02-20 | not yet calculated | CVE-2015-4410 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| mozilla -- firefox | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | 2020-02-18 | not yet calculated | CVE-2013-5594 MISC MISC |
| multiple_vendors -- multiple_products | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. | 2020-02-20 | not yet calculated | CVE-2012-5362 MISC BID |
| multiple_vendors -- multiple_products | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. | 2020-02-20 | not yet calculated | CVE-2012-5363 MISC BID |
| multiple_vendors -- multiple_products | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | 2020-02-21 | not yet calculated | CVE-2012-6277 MISC MISC MISC MISC MISC MISC MISC MISC |
| multiple_vendors -- multiple_products | Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices allow attackers to bypass intended TACACS+ shell restrictions via a | character. | 2020-02-20 | not yet calculated | CVE-2020-9015 MISC MISC |
| multiple_vendors -- multiple_products | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 2020-02-20 | not yet calculated | CVE-2012-5365 MISC BID |
| musl -- libc | Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. | 2020-02-20 | not yet calculated | CVE-2014-3484 MISC MISC |
| netsurf -- netsurf | Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | 2020-02-21 | not yet calculated | CVE-2012-0844 MISC MISC MISC BID |
| nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails | Nokogiri before 1.5.4 is vulnerable to XXE attacks | 2020-02-19 | not yet calculated | CVE-2012-6685 MISC CONFIRM CONFIRM |
| open-xchange -- open-xchange_appsuite | OX App Suite through 7.10.2 allows SSRF. | 2020-02-21 | not yet calculated | CVE-2019-18846 MISC |
| open_dynamics -- collabtive | Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | 2020-02-17 | not yet calculated | CVE-2015-0258 MISC MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16302 MISC |
| open_networking_foundation -- open_network_operating_system | Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy. | 2020-02-20 | not yet calculated | CVE-2019-11189 MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16299 MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16300 MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16301 MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16298 MISC |
| open_networking_foundation -- open_network_operating_system | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | 2020-02-20 | not yet calculated | CVE-2019-16297 MISC |
| openhab -- openhab | openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. | 2020-02-20 | not yet calculated | CVE-2020-5242 MISC CONFIRM |
| openjpeg -- openjpeg | The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. | 2020-02-20 | not yet calculated | CVE-2016-3182 MISC MISC MISC CONFIRM |
| openpam -- nummularia | OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | 2020-02-18 | not yet calculated | CVE-2014-3879 MISC CONFIRM BID MISC |
| openshift -- servicemesh | An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-02-17 | not yet calculated | CVE-2020-1704 CONFIRM |
| openstack -- nova | An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | 2020-02-19 | not yet calculated | CVE-2015-9543 MLIST MISC MISC CONFIRM |
| openstack -- swift | OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE | 2020-02-20 | not yet calculated | CVE-2013-7109 MISC MISC MISC MISC MISC MISC MISC |
| otrs -- otrs | Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 2020-02-21 | not yet calculated | CVE-2013-4088 MISC MISC MISC MISC |
| otrs -- otrs_itsm | Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 2020-02-21 | not yet calculated | CVE-2013-3551 MISC MISC |
| owncloud -- owncloud_server | The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 2020-02-17 | not yet calculated | CVE-2015-4715 MISC MISC CONFIRM MISC |
| patriot -- viper_rgb | A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. | 2020-02-21 | not yet calculated | CVE-2019-19452 MISC MISC |
| phoenix_contact -- axl_f_bk_pn_and_axl_f_bk_eth_and_axl_f_bk_xc_devices | An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices. Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. | 2020-02-18 | not yet calculated | CVE-2018-16994 CONFIRM |
| phoenix_contact -- emalytics_controller_ilc | An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. | 2020-02-17 | not yet calculated | CVE-2020-8768 MISC |
| phoenix_contact -- fl_nat_2208_and_fl_nat_2304-2gc-2sfp_devices | Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. | 2020-02-18 | not yet calculated | CVE-2019-18352 MISC |
| php_group -- hypertext_preprocessor | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | 2020-02-19 | not yet calculated | CVE-2014-3622 MISC MISC MISC |
| phpmychat-plus -- phpmychat-plus | phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. | 2020-02-18 | not yet calculated | CVE-2020-9265 MISC |
| puppet -- puppet_and_puppet_agent | Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. | 2020-02-19 | not yet calculated | CVE-2020-7942 CONFIRM |
| python -- python | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | 2020-02-20 | not yet calculated | CVE-2014-4650 MISC MISC REDHAT |
| red_gate_software -- sql_monitor | Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15. | 2020-02-20 | not yet calculated | CVE-2020-9318 MISC |
| samsung -- galaxy_s10_devices | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. | 2020-02-22 | not yet calculated | CVE-2020-8860 N/A N/A |
| solarwinds -- network_performance_monitor | SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | 2020-02-17 | not yet calculated | CVE-2019-12954 MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. | 2020-02-22 | not yet calculated | CVE-2020-9338 MISC |
| soplanning -- simple_online_planning | SOPlanning 1.45 allows XSS via the Name or Comment to status.php. | 2020-02-22 | not yet calculated | CVE-2020-9339 MISC |
| sqlite -- sqlite | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | 2020-02-21 | not yet calculated | CVE-2020-9327 MISC MISC MISC |
| synacor -- zimbra_collaboration_suite | An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. | 2020-02-18 | not yet calculated | CVE-2020-8633 CONFIRM |
| synacor -- zimbra_collaboration_suite | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 2020-02-18 | not yet calculated | CVE-2020-7796 CONFIRM |
| taffy -- taffy | taffy through 2.6.2 allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. | 2020-02-17 | not yet calculated | CVE-2019-10790 MISC |
| tibco_software -- ebx | The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. | 2020-02-19 | not yet calculated | CVE-2019-17333 CONFIRM CONFIRM |
| topmanage -- olk_2020 | In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. | 2020-02-18 | not yet calculated | CVE-2020-6844 MISC EXPLOIT-DB |
| topmanage -- olk_2020 | An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | 2020-02-18 | not yet calculated | CVE-2020-6845 MISC EXPLOIT-DB |
| trend_micro -- multiple_products | Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | 2020-02-20 | not yet calculated | CVE-2019-14688 MISC |
| trend_micro -- security_2019 | The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.. | 2020-02-20 | not yet calculated | CVE-2019-19694 MISC MISC MISC MISC |
| trend_micro -- vulnerability_protection | Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | 2020-02-20 | not yet calculated | CVE-2020-8601 MISC |
| trustwave -- mailmarshal | The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 2020-02-19 | not yet calculated | CVE-2014-2727 MISC |
| tucan -- tucan | Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. | 2020-02-21 | not yet calculated | CVE-2012-0063 MLIST MISC MISC MISC |
| ua-parser -- ua-core | uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. | 2020-02-21 | not yet calculated | CVE-2020-5243 MISC CONFIRM |
| undefsafe -- undefsafe | undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | 2020-02-18 | not yet calculated | CVE-2019-10795 MISC MISC |
| valve -- dota_2 | meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled. | 2020-02-17 | not yet calculated | CVE-2020-9005 MISC |
| vmware -- vrealize_operations_for_horizon_adapter | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. | 2020-02-19 | not yet calculated | CVE-2020-3943 CONFIRM |
| vmware -- vrealize_operations_for_horizon_adapter | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. | 2020-02-19 | not yet calculated | CVE-2020-3944 CONFIRM |
| vmware -- vrealize_operations_for_horizon_adapter | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information | 2020-02-19 | not yet calculated | CVE-2020-3945 CONFIRM |
| webkit-gtk -- webkit-gtk | Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | 2020-02-17 | not yet calculated | CVE-2013-7324 MISC MISC MISC |
| western_digital -- multiple_products | Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. | 2020-02-19 | not yet calculated | CVE-2020-8959 MISC MISC |
| western_digital -- my_cloud_home | Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | 2020-02-20 | not yet calculated | CVE-2020-8990 MISC MISC |
| wordpress -- wordpress | A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. | 2020-02-20 | not yet calculated | CVE-2020-9003 MISC MISC MISC MISC |
| world_wide_web_consortium -- hypertext_transfer_protocol_secure | The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 2020-02-21 | not yet calculated | CVE-2013-3587 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wso2 -- transport-http | Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. | 2020-02-19 | not yet calculated | CVE-2019-10797 CONFIRM |
| xchat-wdk -- xchat-wdk | Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | 2020-02-21 | not yet calculated | CVE-2012-0828 MISC MISC MISC MISC |
| xerox -- workcentre_printers | Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices. | 2020-02-21 | not yet calculated | CVE-2020-9330 MISC MISC |
| yaml_project -- pyyaml | PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. | 2020-02-19 | not yet calculated | CVE-2019-20477 MISC MISC |
| yaml_project -- ruamel.yaml | In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. | 2020-02-19 | not yet calculated | CVE-2019-20478 MISC |
| zmartzone -- mod_auth_openidc | A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | 2020-02-20 | not yet calculated | CVE-2019-20479 MISC MISC |
| zte -- zxv10_w300_router | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | 2020-02-20 | not yet calculated | CVE-2014-4019 MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.