Vulnerability Summary for the Week of March 16, 2020
Released
Mar 23, 2020
Document ID
SB20-083
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anttix_linux_and_mx_linux -- anttix_linux_and_mx_linux | antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | 2020-03-14 | 7.2 | CVE-2020-10587 MISC MISC |
| apache -- commons_configuration | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application. | 2020-03-13 | 7.5 | CVE-2020-1953 MISC MLIST |
| armorx -- lisomail | LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation. | 2020-03-18 | 7.5 | CVE-2020-3922 MISC MISC MISC |
| atlassian -- onap | An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12115 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12118 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | 2020-03-18 | 7.5 | CVE-2019-12112 MISC |
| atlassian -- onap | In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | 7.5 | CVE-2019-12127 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12116 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12117 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12119 MISC |
| atlassian -- onap | An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12120 MISC |
| atlassian -- onap | In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | 7.5 | CVE-2019-12125 MISC |
| atlassian -- onap | In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | 7.5 | CVE-2019-12126 MISC |
| atlassian -- onap | An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-18 | 7.5 | CVE-2019-12114 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | 2020-03-18 | 7.5 | CVE-2019-12132 MISC |
| brother -- multiple_printers | Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. | 2020-03-13 | 9 | CVE-2019-13193 MISC MISC MISC |
| brother -- multiple_printers | Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13192 MISC MISC MISC |
| centos-webpanel -- centos_web_panel | CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | 2020-03-16 | 7.5 | CVE-2020-10230 MISC MISC |
| closure-compiler-stream -- closure-compiler-stream | closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization. | 2020-03-15 | 7.5 | CVE-2020-7603 MISC |
| codiad -- web_ide | Codiad Web IDE through 2.8.4 allows PHP Code injection. | 2020-03-16 | 7.5 | CVE-2019-19208 MISC MISC MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | 2020-03-17 | 7.5 | CVE-2020-10119 MISC |
| cpanel -- cpanel | cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). | 2020-03-17 | 9 | CVE-2020-10115 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | 2020-03-17 | 9 | CVE-2020-10120 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | 2020-03-17 | 7.5 | CVE-2019-20498 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | 2020-03-17 | 7.5 | CVE-2020-10121 MISC |
| dell -- emc_xtremio_xms | Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. | 2020-03-13 | 7.2 | CVE-2019-18577 MISC |
| devome -- grr | An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | 2020-03-13 | 7.5 | CVE-2020-10563 MISC MISC MISC |
| docker-compose-remote-api -- docker-compose-remote-api | docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. | 2020-03-15 | 7.5 | CVE-2020-7606 MISC |
| dolibarr -- dolibarr | Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | 2020-03-16 | 7.5 | CVE-2019-19212 MISC MISC MISC |
| fortiguard -- fortiap-s/w2_and_fortiap_and_fortiap-u | A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | 2020-03-15 | 7.2 | CVE-2019-15708 CONFIRM |
| freebsd -- bhyve | grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. | 2020-03-14 | 7.2 | CVE-2020-10565 MISC |
| gitlab -- gitlab | GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. | 2020-03-13 | 7.5 | CVE-2020-10074 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | 2020-03-13 | 7.5 | CVE-2020-10077 MISC CONFIRM |
| golang -- go | Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | 2020-03-16 | 7.8 | CVE-2020-7919 MISC CONFIRM MISC |
| gulp-scss-lint -- gulp-scss-lint | gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. | 2020-03-15 | 7.5 | CVE-2020-7601 MISC |
| gulp-styledocco -- gulp-styledocco | gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization. | 2020-03-15 | 7.5 | CVE-2020-7607 MISC |
| gulp-tape -- gulp-tape | gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options. | 2020-03-15 | 7.5 | CVE-2020-7605 MISC |
| hp -- multiple_printers | A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | 2020-03-16 | 7.5 | CVE-2019-18917 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | 2020-03-16 | 7.5 | CVE-2020-10243 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13202 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13201 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 2020-03-13 | 9 | CVE-2019-13203 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13204 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 2020-03-13 | 9 | CVE-2019-13206 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13197 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 2020-03-13 | 9 | CVE-2019-13196 MISC |
| logicaldoc -- logicaldoc | LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges. | 2020-03-18 | 10 | CVE-2020-9423 MISC |
| meetecho -- janus | An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation. | 2020-03-14 | 7.5 | CVE-2020-10574 MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 7.5 | CVE-2020-5545 MISC MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 7.5 | CVE-2020-5547 MISC MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 7.5 | CVE-2020-5542 MISC MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 7.5 | CVE-2020-5544 MISC MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 7.5 | CVE-2020-5543 MISC MISC |
| node-prompot-here -- node-prompt-here | node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. | 2020-03-15 | 7.5 | CVE-2020-7602 MISC |
| perlspeak -- perlspeak | PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | 2020-03-18 | 7.5 | CVE-2020-10674 MISC MISC |
| psd-tools -- psd-tools | An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. | 2020-03-14 | 7.5 | CVE-2020-10571 MISC MISC |
| pulverizr -- pulverizr | pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command. | 2020-03-15 | 7.5 | CVE-2020-7604 MISC |
| responsive_filemanager -- responsive_filemanager | An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.) | 2020-03-14 | 7.5 | CVE-2020-10567 MISC |
| ricoh -- sp_c250dn_devices | Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets | 2020-03-13 | 10 | CVE-2019-14310 MISC MISC |
| rmysql -- rmysql | RMySQL through 0.10.19 allows SQL Injection. | 2020-03-17 | 7.5 | CVE-2020-10380 CONFIRM |
| rockwell_automation -- multiple_products | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | 2020-03-16 | 10 | CVE-2020-6990 MISC |
| safescan -- timemoto | Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | 2020-03-13 | 7.5 | CVE-2019-12182 MISC MISC MISC MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | 2020-03-16 | 7.5 | CVE-2020-8784 CONFIRM CONFIRM |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | 2020-03-16 | 7.5 | CVE-2020-8783 CONFIRM CONFIRM |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | 2020-03-16 | 7.5 | CVE-2020-8785 CONFIRM CONFIRM |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | 2020-03-16 | 7.5 | CVE-2020-8786 CONFIRM CONFIRM |
| swisscom -- centro_grande | Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection. | 2020-03-16 | 9 | CVE-2019-19940 CONFIRM MISC |
| trend_micro -- worry-free_business_security | Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | 2020-03-18 | 7.5 | CVE-2020-8600 MISC MISC MISC |
| trend_micro -- apex_one_and_officescan_xg | Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. | 2020-03-18 | 10 | CVE-2020-8599 MISC MISC |
| trend_micro -- multiple_products | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | 2020-03-18 | 9.4 | CVE-2020-8470 MISC MISC MISC MISC |
| trend_micro -- multiple_products | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | 2020-03-18 | 10 | CVE-2020-8598 MISC MISC MISC MISC |
| unraid -- unraid | Unraid through 6.8.0 allows Remote Code Execution. | 2020-03-16 | 10 | CVE-2020-5847 MISC MISC MISC |
| v2rayl -- v2rayl | v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. | 2020-03-15 | 7.2 | CVE-2020-10588 MISC |
| v2rayl -- v2rayl | v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo. | 2020-03-15 | 7.2 | CVE-2020-10589 MISC |
| vmware -- multiple_products | For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. | 2020-03-16 | 7.2 | CVE-2019-5543 CONFIRM |
| vmware -- workstation_and_fusion | VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. | 2020-03-16 | 7.2 | CVE-2020-3947 CONFIRM |
| wordpress -- wordpress | An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. | 2020-03-13 | 7.5 | CVE-2020-10564 MISC MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13165 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13168 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13172 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. | 2020-03-13 | 10 | CVE-2019-13171 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | 2020-03-13 | 10 | CVE-2019-13169 MISC MISC |
| zoho -- manageengine_opmanager | Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | 2020-03-13 | 7.5 | CVE-2020-10541 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 9folders -- nine_for_android | The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12366 MISC MISC MISC |
| administrate_gem_for_ruby_on_rails -- administrate_gem_for_ruby_on_rails | In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0. | 2020-03-13 | 5.5 | CVE-2020-5257 MISC CONFIRM |
| apache -- geode | When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack. | 2020-03-16 | 4 | CVE-2019-10091 MISC |
| aquaforest -- tiff_server | Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. | 2020-03-18 | 5 | CVE-2020-9323 MISC MISC MISC |
| aquaforest -- tiff_server | Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. | 2020-03-18 | 5 | CVE-2020-9325 MISC MISC MISC |
| aquaforest -- tiff_server | Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. | 2020-03-18 | 5 | CVE-2020-9324 MISC MISC MISC |
| artica -- pandora_fms | index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020. | 2020-03-16 | 6.5 | CVE-2020-5844 MISC MISC |
| arxes-tolina -- arxes-tolina | arxes-tolina 3.0.0 allows User Enumeration. | 2020-03-18 | 4 | CVE-2019-19677 MISC |
atlassian -- onap | An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | 2020-03-18 | 6.4 | CVE-2019-12131 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | 2020-03-18 | 6.5 | CVE-2019-12123 MISC |
atlassian -- onap | An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | 2020-03-18 | 5 | CVE-2019-12121 MISC |
| atlassian -- onap | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | 2020-03-18 | 6.5 | CVE-2019-12113 MISC |
| atlassian -- onap | An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected. | 2020-03-18 | 4 | CVE-2019-12122 MISC |
| atlassian -- onap | An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected. | 2020-03-18 | 6.4 | CVE-2019-12124 MISC |
| atutor -- acontent | An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. | 2020-03-16 | 6.5 | CVE-2020-10557 MISC MISC |
| blix -- bluemail_for_android | The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12367 MISC MISC MISC |
| brother -- multiple_printers | Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. | 2020-03-13 | 5 | CVE-2019-13194 MISC MISC MISC |
| citrix -- sd-wan_appliances | Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | 2020-03-16 | 4.3 | CVE-2020-6175 CONFIRM MISC |
| combodo -- itop | A post-authentication privilege escalation in the web application of Combodo iTop before 2.7 allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. | 2020-03-16 | 5.5 | CVE-2019-19821 MISC MISC |
| contao -- contao | Contao before 4.5.7 has XSS in the system log. | 2020-03-16 | 4.3 | CVE-2018-10125 CONFIRM |
| cpanel -- cpane | cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | 2020-03-17 | 4.3 | CVE-2019-20493 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). | 2020-03-17 | 4.9 | CVE-2019-20496 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531). | 2020-03-17 | 4 | CVE-2019-20495 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). | 2020-03-16 | 5.5 | CVE-2019-20491 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | 2020-03-17 | 4.3 | CVE-2020-10114 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | 2020-03-17 | 5 | CVE-2020-10116 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | 2020-03-17 | 4.3 | CVE-2020-10113 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). | 2020-03-17 | 6.5 | CVE-2019-20492 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | 2020-03-17 | 6.4 | CVE-2020-10122 MISC |
| cpanel -- cpanel | cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). | 2020-03-17 | 6.5 | CVE-2019-20490 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). | 2020-03-17 | 6.4 | CVE-2020-10117 MISC |
| cpanel -- cpanel | cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). | 2020-03-17 | 6.4 | CVE-2020-10118 MISC |
| dell -- emc_xtremio_xms | Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. | 2020-03-13 | 6 | CVE-2019-18578 MISC |
| delta_electronics -- industrial_automation_cncsoft_screeneditor | Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. | 2020-03-18 | 6.8 | CVE-2020-7002 MISC |
| delta_electronics -- industrial_automation_cncsoft_screeneditor | Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. | 2020-03-18 | 4.3 | CVE-2020-6976 MISC |
| devome -- grr | An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | 2020-03-13 | 6.5 | CVE-2020-10562 MISC MISC MISC |
| django-nopassword -- django-nopassword | django-nopassword before 5.0.0 stores cleartext secrets in the database. | 2020-03-18 | 5 | CVE-2019-10682 MISC CONFIRM MISC |
| dolibarr -- dolibarr | Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | 2020-03-16 | 4.3 | CVE-2019-19211 MISC MISC MISC |
| dolibarr -- dolibarr | Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | 2020-03-16 | 5 | CVE-2019-19209 MISC MISC MISC |
| dot_project -- dot | The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype. | 2020-03-15 | 6.5 | CVE-2020-8141 MISC |
| dradis -- dradis_pro | The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | 2020-03-16 | 4 | CVE-2019-19946 MISC MISC |
| drf-jwt -- drf-jwt | An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained. | 2020-03-15 | 5.8 | CVE-2020-10594 MISC MISC MISC |
| easy!appointments -- easy!appointments | Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts. | 2020-03-16 | 5 | CVE-2018-13063 MISC MISC |
| easy!appointments -- easy!appointments | Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. | 2020-03-16 | 5 | CVE-2018-13060 MISC MISC |
| edison_software -- edison_mail | The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12368 MISC MISC MISC |
| edx -- open_edx | Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. | 2020-03-18 | 4.3 | CVE-2019-20512 MISC |
| edx -- open_edx | Open edX Ironwood.1 allows support/certificates?user= reflected XSS. | 2020-03-19 | 4.3 | CVE-2019-20513 MISC |
| facebook -- thrift | Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | 2020-03-18 | 5 | CVE-2019-11939 MISC CONFIRM |
| fortinet -- forticlient_ems | An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 2020-03-15 | 6.9 | CVE-2020-9287 CONFIRM |
| fortinet -- forticlient_for_windows | An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 2020-03-15 | 6.9 | CVE-2020-9290 CONFIRM |
| fortinet -- fortimanager | An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | 2020-03-15 | 6.8 | CVE-2019-17654 CONFIRM |
| fortinet -- fortiweb | An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | 2020-03-13 | 4 | CVE-2019-16157 CONFIRM |
| fortinet -- fortios | An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | 2020-03-15 | 5.8 | CVE-2019-6696 CONFIRM |
frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | 2020-03-19 | 4.3 | CVE-2019-20519 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | 2020-03-19 | 4.3 | CVE-2019-20515 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | 2020-03-19 | 4.3 | CVE-2019-20516 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows blog?blog_category= Frame Injection. | 2020-03-18 | 4.3 | CVE-2019-20511 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | 2020-03-19 | 4.3 | CVE-2019-20520 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | 2020-03-19 | 4.3 | CVE-2019-20517 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. | 2020-03-19 | 4.3 | CVE-2019-20521 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | 2020-03-19 | 4.3 | CVE-2019-20514 MISC |
| frappe -- erpnext | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | 2020-03-19 | 4.3 | CVE-2019-20518 MISC |
| freebsd -- bhyve | grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | 2020-03-14 | 4.6 | CVE-2020-10566 MISC |
| gitlab -- gitlab | GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | 2020-03-13 | 6.4 | CVE-2020-10083 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace | 2020-03-13 | 5 | CVE-2020-10084 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. | 2020-03-13 | 4.3 | CVE-2020-10092 MISC CONFIRM |
| gitlab -- gitlab | GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | 2020-03-13 | 5 | CVE-2020-10087 MISC CONFIRM |
| gitlab -- gitlab | GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | 2020-03-13 | 5 | CVE-2020-10089 MISC CONFIRM |
| gitlab -- gitlab | GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. | 2020-03-13 | 4.3 | CVE-2020-10091 MISC CONFIRM |
| gitlab -- gitlab | GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | 2020-03-13 | 5 | CVE-2020-10086 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | 2020-03-13 | 5 | CVE-2020-10085 MISC CONFIRM |
| gitlab -- gitlab | GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. | 2020-03-13 | 5 | CVE-2020-10080 MISC CONFIRM |
| gitlab -- gitlab | GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. | 2020-03-13 | 5 | CVE-2020-10079 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. | 2020-03-13 | 4.3 | CVE-2020-10076 MISC CONFIRM |
| gitlab -- gitlab | GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | 2020-03-13 | 5 | CVE-2020-10090 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. | 2020-03-13 | 5.8 | CVE-2020-10075 MISC CONFIRM |
| gitlab -- gitlab | GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | 2020-03-13 | 4 | CVE-2020-10081 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | 2020-03-13 | 5.5 | CVE-2020-10088 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. | 2020-03-13 | 4.3 | CVE-2020-10078 MISC CONFIRM |
| gitlab -- gitlab | GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | 2020-03-13 | 5 | CVE-2020-10082 MISC CONFIRM |
| gitlab -- gitlab_enterprise_edition | GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | 2020-03-13 | 5 | CVE-2020-10073 MISC CONFIRM |
| gnome -- gthumb | A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | 2020-03-16 | 6.8 | CVE-2019-20326 MISC CONFIRM CONFIRM CONFIRM |
| google -- android | In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-136089102 | 2020-03-15 | 4.3 | CVE-2019-2058 CONFIRM |
| google -- android | In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-116608833 | 2020-03-15 | 4.4 | CVE-2019-2089 CONFIRM |
| google -- android | In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-38390530 | 2020-03-15 | 4.4 | CVE-2019-2216 CONFIRM |
| google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-79996267 | 2020-03-15 | 5 | CVE-2019-9474 CONFIRM |
| google -- android | In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-124389881 | 2020-03-15 | 4.3 | CVE-2020-0088 CONFIRM |
| google -- android | In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347 | 2020-03-15 | 6.8 | CVE-2020-0086 CONFIRM |
| google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-115363533 | 2020-03-15 | 5 | CVE-2019-9473 CONFIRM |
| graphicsmagick -- graphicsmagick | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | 2020-03-18 | 4.3 | CVE-2019-12921 MISC MISC MLIST |
| halvotec -- raquest | An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. | 2020-03-13 | 5 | CVE-2019-19611 MISC |
| ibm -- mq_and_mq_appliance | IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | 2020-03-16 | 4 | CVE-2019-4656 XF CONFIRM |
| ibm -- datapower_gateway | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956. | 2020-03-19 | 4 | CVE-2020-4203 XF CONFIRM |
| ibm -- datapower_gaweway | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. | 2020-03-19 | 6.5 | CVE-2020-4205 XF CONFIRM |
| ibm -- netcool_omnibus | IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910. | 2020-03-18 | 4.3 | CVE-2020-4199 XF CONFIRM |
| ignite_realtime -- openfire | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. | 2020-03-19 | 4.3 | CVE-2019-20526 MISC |
| ignite_realtime -- openfire | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. | 2020-03-19 | 4.3 | CVE-2019-20527 MISC |
| ignite_realtime -- openfire | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. | 2020-03-19 | 4.3 | CVE-2019-20525 MISC |
| ignite_realtime -- openfire | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. | 2020-03-18 | 4.3 | CVE-2019-20528 MISC |
| ilch -- ilch_cms | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. | 2020-03-19 | 4.3 | CVE-2019-20524 MISC |
| ilch -- ilch_cms | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. | 2020-03-19 | 4.3 | CVE-2019-20523 MISC |
| ilch -- ilch_cms | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. | 2020-03-19 | 4.3 | CVE-2019-20522 MISC |
| intelliants -- subrion_cms | Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | 2020-03-17 | 6.8 | CVE-2018-21037 MISC |
| invision_power_services -- invision_power_board | Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | 2020-03-13 | 4.3 | CVE-2009-5159 MISC MISC MISC MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. | 2020-03-16 | 5 | CVE-2020-10240 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | 2020-03-16 | 5 | CVE-2020-10238 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | 2020-03-16 | 6.8 | CVE-2020-10241 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. | 2020-03-16 | 6.5 | CVE-2020-10239 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | 2020-03-16 | 4.3 | CVE-2020-10242 MISC |
| kyocera -- ecosys_m5526cdw_printers | All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. | 2020-03-13 | 5 | CVE-2019-13205 MISC |
| kyocera -- ecosys_m5526cdw_printers | The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | 2020-03-13 | 4.3 | CVE-2019-13198 MISC |
| kyocera -- ecosys_m5526cdw_printers | The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | 2020-03-13 | 4.3 | CVE-2019-13200 MISC |
| kyocera -- ecosys_m5526cdw_printers | The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | 2020-03-13 | 5 | CVE-2019-13195 MISC |
| kyocera -- ecosys_m5526cdw_printers | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | 2020-03-13 | 4.3 | CVE-2019-13199 MISC |
| limesurvey -- limesurvey | LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | 2020-03-16 | 4.3 | CVE-2019-14512 CONFIRM CONFIRM MISC MISC |
| meetecho -- janus | An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. | 2020-03-14 | 5.8 | CVE-2020-10577 MISC |
| meetecho -- janus | An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. | 2020-03-14 | 4.3 | CVE-2020-10576 MISC |
| meetecho -- janus | An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. | 2020-03-14 | 5 | CVE-2020-10573 MISC |
| meetecho -- janus | An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. | 2020-03-14 | 4 | CVE-2020-10575 MISC |
| micro_focus -- micro_focus_service_manager | HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | 2020-03-16 | 5 | CVE-2020-9519 MISC |
| micro_focus -- micro_focus_service_manager | Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | 2020-03-16 | 5 | CVE-2020-9518 MISC |
| mitsubishi_electric -- melqic_iu1_series_devices | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. | 2020-03-16 | 5.8 | CVE-2020-5546 MISC MISC |
| moodle -- moodle | A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | 2020-03-18 | 5.8 | CVE-2019-14882 CONFIRM CONFIRM |
| moodle -- moodle | A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | 2020-03-18 | 4.3 | CVE-2019-14884 CONFIRM CONFIRM |
| moodle -- moodle | A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | 2020-03-18 | 4.3 | CVE-2019-14881 CONFIRM CONFIRM |
| nagios -- nagios_log_server | Nagios Log Server 2.1.3 has CSRF. | 2020-03-16 | 6.8 | CVE-2020-6585 MISC MISC MISC |
| nagios -- nagios_log_server | Nagios Log Server 2.1.3 has Incorrect Access Control. | 2020-03-16 | 4 | CVE-2020-6584 MISC MISC MISC |
| nagios -- nagios_remote_plugin_executor | Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection. | 2020-03-16 | 6.8 | CVE-2020-6581 MISC MISC |
| nagios -- nagios_remote_plugin_executor | Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | 2020-03-16 | 5 | CVE-2020-6582 MISC MISC |
| netgear -- cg3700b_voo_device | The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. | 2020-03-13 | 5 | CVE-2019-13393 MISC |
| netgear -- cg3700b_voo_device | The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | 2020-03-13 | 5 | CVE-2019-13394 MISC |
| netgear -- cg3700b_voo_device | The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. | 2020-03-13 | 6.8 | CVE-2019-13395 MISC |
| netsas -- enigma_network_management_solution | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs. | 2020-03-19 | 4.3 | CVE-2019-16070 MISC |
| netsas -- enigma_network_management_solution | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol. | 2020-03-19 | 4.3 | CVE-2019-16069 MISC |
| netsas -- enigma_network_management_solution | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data. | 2020-03-19 | 4 | CVE-2019-16062 MISC |
| newton -- newton_for_android | The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12365 MISC MISC MISC |
| opc_foundation -- opc_ua_net_standard | In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | 2020-03-16 | 5.8 | CVE-2019-19135 MISC CONFIRM |
| openwrt_project -- openwrt | libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | 2020-03-16 | 5 | CVE-2020-7248 MISC CONFIRM |
| openwrt_project -- openwrt | uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | 2020-03-16 | 5 | CVE-2019-19945 MISC CONFIRM |
| osquery -- osquery | Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | 2020-03-13 | 5.8 | CVE-2020-1887 CONFIRM CONFIRM |
| primetek -- primefaces | An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation. | 2020-03-13 | 4.3 | CVE-2020-10544 MISC |
| pydio -- pydio_core_and_pydio_enterprise | A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. | 2020-03-17 | 6.5 | CVE-2019-20452 MISC MISC |
| pydio -- pydio_core_and_pydio_enterprise | A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. | 2020-03-17 | 6.5 | CVE-2019-20453 MISC MISC |
| qcms -- qcms | An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | 2020-03-14 | 5 | CVE-2020-10578 MISC |
| readdle -- spark_for_android | The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12370 MISC MISC MISC |
| red_hat -- ansible_engine | A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | 2020-03-16 | 4.4 | CVE-2020-1738 CONFIRM CONFIRM |
| red_hat -- openshift | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | 2020-03-18 | 4.4 | CVE-2019-19351 CONFIRM |
| red_hat --wildfly | A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. | 2020-03-16 | 6.4 | CVE-2019-14887 CONFIRM CONFIRM |
| ricoh -- sp_c250dn_devices | Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | 2020-03-13 | 5 | CVE-2019-14309 MISC MISC |
| ricoh -- sp_c250dn_devices | Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. | 2020-03-13 | 5 | CVE-2019-14303 MISC MISC |
| ricoh -- sp_c250dn_devices | Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | 2020-03-13 | 5 | CVE-2019-14299 MISC MISC |
| rockwell_automation -- multiple_products | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | 2020-03-16 | 5 | CVE-2020-6984 MISC |
| rockwell_automation -- multiple_products | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. | 2020-03-16 | 5 | CVE-2020-6988 MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. | 2020-03-16 | 5 | CVE-2020-8787 CONFIRM CONFIRM |
| sangoma -- freepbx | In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation. | 2020-03-16 | 6.5 | CVE-2019-19538 MISC CONFIRM |
| sapplica -- sentrifugo | A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | 2020-03-13 | 4 | CVE-2020-10218 MISC EXPLOIT-DB |
| solarwinds -- serv-u_managed_file_transfer | SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | 2020-03-18 | 6.8 | CVE-2019-12769 MISC MISC |
| storagegrid-- storagegrid | StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | 2020-03-13 | 5 | CVE-2020-8571 CONFIRM |
| swisscom -- multiple_products | Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests. | 2020-03-16 | 5 | CVE-2019-19942 CONFIRM MISC |
| sync -- oxygen_xml_editor | Oxygen XML Editor 21.1.1 allows XXE to read any file. | 2020-03-16 | 5 | CVE-2019-20191 MISC |
| tcpdump -- tcpdump | tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization. | 2020-03-16 | 5 | CVE-2018-19325 MISC |
| trend_micro -- apex_one | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. | 2020-03-18 | 6.5 | CVE-2020-8468 MISC MISC MISC MISC |
| trend_micro -- apex_one | A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. | 2020-03-18 | 6.5 | CVE-2020-8467 MISC MISC |
| typeapp -- typeapp | The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | 2020-03-18 | 4.3 | CVE-2019-12369 MISC MISC MISC |
| umbraco -- cloud | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | 2020-03-16 | 6.5 | CVE-2020-9471 MISC |
| umbraco -- umbraco_cms | Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. | 2020-03-16 | 4 | CVE-2020-9472 MISC |
| unraid -- unraid | Unraid 6.8.0 allows authentication bypass. | 2020-03-16 | 5 | CVE-2020-5849 MISC MISC MISC |
| untis -- webuntis | Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules. | 2020-03-13 | 6.8 | CVE-2020-10540 MISC |
| vmware -- harbor_container_registry_for_pivotal_platform | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | 2020-03-20 | 6.5 | CVE-2019-19023 MISC CONFIRM |
| vmware -- harbor_container_registry_for_pivotal_platform | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | 2020-03-20 | 4 | CVE-2019-19026 MISC MISC CONFIRM |
| vmware -- harbor_container_registry_for_pivotal_platform | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | 2020-03-20 | 6.5 | CVE-2019-19029 MISC MISC CONFIRM |
| vmware -- harbor_container_registry_for_pivotal_platform | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | 2020-03-20 | 6.8 | CVE-2019-19025 MISC MISC CONFIRM |
| vmware -- multiple_products | Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM. | 2020-03-16 | 4.6 | CVE-2020-3948 CONFIRM |
| wagtail-2fa -- wagtail-2fa | In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. | 2020-03-13 | 5.5 | CVE-2020-5240 MISC CONFIRM |
| walmart -- concord | An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | 2020-03-15 | 5 | CVE-2020-10591 MISC MISC |
| wordpress -- wordpress | The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | 2020-03-17 | 5 | CVE-2018-18576 MISC MISC |
| wordpress -- wordpress | be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. | 2020-03-16 | 4 | CVE-2020-7916 CONFIRM |
| wordpress -- wordpress | An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications. | 2020-03-13 | 4.3 | CVE-2020-10196 MISC MISC |
| wordpress -- wordpress | The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. | 2020-03-14 | 6.8 | CVE-2020-10568 MISC MISC |
| wordpress -- wordpress | The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. | 2020-03-13 | 6.5 | CVE-2020-10195 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | 2020-03-13 | 4.3 | CVE-2019-13170 MISC MISC |
| xerox -- phaser_3320_printers | Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | 2020-03-13 | 4.3 | CVE-2019-13167 MISC MISC |
| xerox -- phaser_3320_printers | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | 2020-03-13 | 5 | CVE-2019-13166 MISC MISC |
| yargs_parser -- yargs_parser | yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | 2020-03-16 | 6.4 | CVE-2020-7608 MISC |
| yarnpkg -- yarn | The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | 2020-03-15 | 4.3 | CVE-2019-15608 MISC MISC MISC |
| zoho -- manageengine_applications_manager | Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 2020-03-13 | 5 | CVE-2019-19799 MISC CONFIRM |
| zoho -- manageengine_password_manager_pro | Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | 2020-03-16 | 6.8 | CVE-2020-9346 MISC MISC |
| zulip -- zulip_desktop | Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. | 2020-03-18 | 4.3 | CVE-2020-9443 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cpanel -- cpanel | cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | 2020-03-17 | 3.5 | CVE-2019-20497 MISC |
| cpanel -- cpanel | In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | 2020-03-17 | 2.1 | CVE-2019-20494 MISC |
| dell -- emc_xtremio_xms | Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. | 2020-03-13 | 2.1 | CVE-2019-18576 MISC |
| dell -- wyse_management_suite | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | 2020-03-13 | 3.5 | CVE-2019-3769 MISC |
| dell -- wyse_management_suite | Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | 2020-03-13 | 3.5 | CVE-2019-3770 MISC |
| dolibarr -- dolibarr | Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | 2020-03-16 | 3.5 | CVE-2019-19210 MISC MISC MISC |
| fortinet -- fortiadc | An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | 2020-03-13 | 3.5 | CVE-2019-6699 CONFIRM |
| fortinet -- fortiweb | An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | 2020-03-17 | 3.5 | CVE-2020-6646 MISC |
| google -- android | In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-143895055 | 2020-03-15 | 1.9 | CVE-2019-2088 CONFIRM |
| ibm -- cloud_automation_manager | IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | 2020-03-16 | 3.6 | CVE-2019-4617 XF CONFIRM |
| ibm -- mq_and_mq_appliance | IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. | 2020-03-16 | 2.1 | CVE-2019-4619 XF CONFIRM |
| ibm -- mq_and_mq_appliance | IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. | 2020-03-16 | 2.1 | CVE-2019-4719 XF CONFIRM |
| lenovo -- xclarity_administrator | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. | 2020-03-13 | 3.6 | CVE-2019-19756 CONFIRM |
| libvirt -- libvirt | qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 2020-03-19 | 2.7 | CVE-2019-20485 MISC MISC CONFIRM MISC MISC |
| mcafee -- network_security_manager | Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | 2020-03-18 | 3.5 | CVE-2020-7256 CONFIRM |
| mcafee -- network_security_manager | Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | 2020-03-18 | 3.5 | CVE-2020-7258 CONFIRM |
| nagios -- nagios_log_server | Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered. | 2020-03-16 | 3.5 | CVE-2020-6586 MISC MISC MISC |
| opencart -- opencart | OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. | 2020-03-17 | 3.5 | CVE-2020-10596 MISC |
| pki-core -- pki-core | A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser. | 2020-03-18 | 2.6 | CVE-2019-10146 CONFIRM |
| red_hat -- ansible_and_ansible_engine | A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. | 2020-03-16 | 2.1 | CVE-2020-1753 CONFIRM CONFIRM |
| red_hat -- ansible_engine | A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | 2020-03-16 | 3.6 | CVE-2020-1735 CONFIRM CONFIRM |
| red_hat -- ansible_engine | A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | 2020-03-16 | 1.9 | CVE-2020-1740 CONFIRM CONFIRM |
| red_hat -- ansible_engine | A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | 2020-03-16 | 2.1 | CVE-2020-1736 CONFIRM CONFIRM |
| rockwell_automation -- micrologix_1400_controllers_series_b | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. | 2020-03-16 | 2.1 | CVE-2020-6980 MISC |
| sangoma -- freepbx | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4. | 2020-03-16 | 3.5 | CVE-2019-19852 CONFIRM MISC |
| sangoma -- freepbx | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20. | 2020-03-16 | 3.5 | CVE-2019-19851 CONFIRM MISC |
| sangoma -- freepbx | Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account. | 2020-03-16 | 3.5 | CVE-2019-19615 MISC CONFIRM |
| swisscom -- centro_grande_router | Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS. | 2020-03-16 | 3.5 | CVE-2019-19941 CONFIRM MISC |
| team_password_manager -- team_password_manager | Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title. | 2020-03-16 | 3.5 | CVE-2019-19461 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
actionview_gem_for_ruby_on_rails -- actionview_gem_for_ruby_on_rails | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. | 2020-03-19 | not yet calculated | CVE-2020-5267 MLIST MISC CONFIRM MLIST |
| adaware -- adaware_antivirus | Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | 2020-03-18 | not yet calculated | CVE-2019-18979 MISC |
| apache -- deltaspike | we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | 2020-03-19 | not yet calculated | CVE-2019-12416 MISC |
| arxes-tolina -- arxes-tolina | A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | 2020-03-18 | not yet calculated | CVE-2019-19676 MISC |
| asus -- multiple_routers | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. | 2020-03-20 | not yet calculated | CVE-2018-20333 MISC |
| asus -- multiple_routers | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. | 2020-03-20 | not yet calculated | CVE-2018-20335 MISC |
| asus -- multiple_routers | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. | 2020-03-20 | not yet calculated | CVE-2018-20334 MISC |
| asustor -- exfat_driver | An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root. | 2020-03-18 | not yet calculated | CVE-2019-11689 MISC MISC |
| asustor -- exfat_driver | An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation. | 2020-03-18 | not yet calculated | CVE-2019-11688 MISC MISC |
| atlassian -- atlassian | The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability. | 2020-03-17 | not yet calculated | CVE-2019-20105 MISC MISC |
| atlassian -- jira_software_and_jira_software_data_center | The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check. | 2020-03-17 | not yet calculated | CVE-2019-20407 N/A |
| atlassian -- onap | In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | not yet calculated | CVE-2019-12128 MISC |
| atlassian -- onap | In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | not yet calculated | CVE-2019-12129 MISC |
| atlassian -- onap | In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 2020-03-19 | not yet calculated | CVE-2019-12130 MISC |
beyondtrust -- privilege_management_for_windows_and_mac | BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash. | 2020-03-18 | not yet calculated | CVE-2020-9326 CONFIRM |
| bitcoin -- core | Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount. | 2020-03-16 | not yet calculated | CVE-2017-12842 MISC MISC MISC |
| blamer -- blamer | Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | 2020-03-20 | not yet calculated | CVE-2020-8137 MISC |
| canon -- oce_colorwave_500_printer | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. | 2020-03-19 | not yet calculated | CVE-2020-10670 MISC MISC |
| canon -- oce_colorwave_500_printer | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version. | 2020-03-19 | not yet calculated | CVE-2020-10669 MISC FULLDISC MISC |
| canon -- oce_colorwave_500_printer | The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version. | 2020-03-19 | not yet calculated | CVE-2020-10671 MISC MISC |
| canon -- oce_colorwave_500_printer | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. | 2020-03-19 | not yet calculated | CVE-2020-10668 MISC FULLDISC MISC |
| canon -- oce_colorwave_500_printer | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. | 2020-03-19 | not yet calculated | CVE-2020-10667 MISC FULLDISC MISC |
| centreon -- centreon | Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | 2020-03-20 | not yet calculated | CVE-2019-19487 MISC |
| centreon -- centreon | Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | 2020-03-20 | not yet calculated | CVE-2019-19484 MISC |
| centreon -- centreon | Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | 2020-03-20 | not yet calculated | CVE-2019-19486 MISC |
| cisco -- sd-wan_solution_software | A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | 2020-03-19 | not yet calculated | CVE-2020-3266 CISCO |
| cisco -- sd-wan_solution_software | A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | 2020-03-19 | not yet calculated | CVE-2020-3265 CISCO |
| cisco -- sd-wan_solution_software | A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make. | 2020-03-19 | not yet calculated | CVE-2020-3264 CISCO |
| cisco -- sd_wan_vmanage_software | A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-03-19 | not yet calculated | CVE-2019-16010 CISCO |
| cisco -- sd_wan_vmanage_software | A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system. | 2020-03-19 | not yet calculated | CVE-2019-16012 CISCO |
| cms_made_simple -- cms_made_simple | The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | 2020-03-20 | not yet calculated | CVE-2020-10681 MISC |
| cms_made_simple -- cms_made_simple | The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | 2020-03-20 | not yet calculated | CVE-2020-10682 MISC |
| comba -- ap2600-i_devices | Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. | 2020-03-19 | not yet calculated | CVE-2019-15654 MISC MISC |
| comba -- ap2600-i_devices | Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). | 2020-03-19 | not yet calculated | CVE-2019-15653 MISC MISC |
| containous -- traefik_and_traefik_enterprise_edition | configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. | 2020-03-16 | not yet calculated | CVE-2020-9321 MISC MISC |
| d-link -- dap-1650_devices | An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. | 2020-03-21 | not yet calculated | CVE-2019-12767 CONFIRM |
| d-link -- dsl-2875al_devices | D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | 2020-03-19 | not yet calculated | CVE-2019-15656 MISC MISC |
| d-link -- dsl-2875al_devices | D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext. | 2020-03-19 | not yet calculated | CVE-2019-15655 MISC MISC |
| das_u-boot -- das_u-boot | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | 2020-03-19 | not yet calculated | CVE-2020-10648 MISC MISC MISC |
| dell -- emc_data_protection_advisor | Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. | 2020-03-18 | not yet calculated | CVE-2019-18582 MISC |
| dell -- emc_data_protection_advisor | Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. | 2020-03-18 | not yet calculated | CVE-2019-18581 MISC |
| dell -- emc_data_protection_central | Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | 2020-03-18 | not yet calculated | CVE-2019-3762 MISC |
| docker -- docker_desktop | Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | 2020-03-18 | not yet calculated | CVE-2020-10665 MISC MISC |
| easybuild -- easybuild | In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | 2020-03-19 | not yet calculated | CVE-2020-5262 MISC MISC CONFIRM |
| entrust -- entelligence_security_provider | Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | 2020-03-18 | not yet calculated | CVE-2020-10659 MISC MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | 2020-03-18 | not yet calculated | CVE-2020-10673 MISC MLIST MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | 2020-03-18 | not yet calculated | CVE-2020-10672 MISC MLIST MISC |
| fastify -- fastify-multipart | Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | 2020-03-20 | not yet calculated | CVE-2020-8136 MISC |
| fortinet --fortibalancer | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | 2020-03-19 | not yet calculated | CVE-2014-2723 CONFIRM |
| fortinet --fortibalancer | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | 2020-03-19 | not yet calculated | CVE-2014-2722 CONFIRM |
| fortinet --fortibalancer | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | 2020-03-19 | not yet calculated | CVE-2014-2721 CONFIRM |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. | 2020-03-20 | not yet calculated | CVE-2020-8881 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625. | 2020-03-20 | not yet calculated | CVE-2020-8878 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811. | 2020-03-20 | not yet calculated | CVE-2020-8882 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880. | 2020-03-20 | not yet calculated | CVE-2020-8883 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. | 2020-03-20 | not yet calculated | CVE-2020-8877 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. | 2020-03-20 | not yet calculated | CVE-2020-8880 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. | 2020-03-20 | not yet calculated | CVE-2020-8879 MISC MISC |
| frappe -- frappe | In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | 2020-03-18 | not yet calculated | CVE-2019-20529 MISC MISC |
| freeradius -- freeradius | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | 2020-03-21 | not yet calculated | CVE-2019-17185 MISC CONFIRM |
| ghost -- ghost_cms | Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | 2020-03-20 | not yet calculated | CVE-2020-8134 MISC |
| gnupg -- gnupg | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | 2020-03-20 | not yet calculated | CVE-2019-14855 CONFIRM MISC MISC MISC |
| hancom -- hancom_office | The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | 2020-03-19 | not yet calculated | CVE-2019-16338 MISC MISC |
| hancom -- hancom_office | The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | 2020-03-19 | not yet calculated | CVE-2019-16337 MISC MISC |
| homee -- brain_cube | The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. | 2020-03-20 | not yet calculated | CVE-2019-16258 MISC MISC |
| huawei -- campusinsight_and_manageone | There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050. | 2020-03-20 | not yet calculated | CVE-2020-1862 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | not yet calculated | CVE-2020-1796 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | not yet calculated | CVE-2020-1793 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | not yet calculated | CVE-2020-1795 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones
| There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | not yet calculated | CVE-2020-1794 MISC |
huawei -- multiple_products | There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). | 2020-03-20 | not yet calculated | CVE-2020-1879 MISC |
| huawei -- oxfords-an00a_smartphone | Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. | 2020-03-20 | not yet calculated | CVE-2020-1878 MISC |
| huawei -- secocspace_antiddos8000 | Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. | 2020-03-20 | not yet calculated | CVE-2020-1864 MISC |
| inextrix -- astpp | An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | 2020-03-20 | not yet calculated | CVE-2019-15075 MISC |
| insulet -- omnipod_insulet_management_system | The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | 2020-03-20 | not yet calculated | CVE-2020-10597 MISC |
| it-novum -- openitcockpit | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | 2020-03-20 | not yet calculated | CVE-2020-10792 MISC |
| ivanti -- workspace_control | An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | 2020-03-19 | not yet calculated | CVE-2019-16382 CONFIRM MISC |
| jfrog -- artifactory | In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | 2020-03-16 | not yet calculated | CVE-2019-19937 MISC MISC MISC |
| jsonparser -- jsonparser | The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. | 2020-03-19 | not yet calculated | CVE-2020-10675 MISC |
| liferay -- liferay_portal | Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). | 2020-03-20 | not yet calculated | CVE-2020-7961 MISC CONFIRM |
| linbit -- csync2 | An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | 2020-03-20 | not yet calculated | CVE-2019-15522 MISC |
| lix-pm -- lix | lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field. | 2020-03-21 | not yet calculated | CVE-2020-10800 MISC |
| logicaldoc -- logicaldoc | LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | 2020-03-18 | not yet calculated | CVE-2020-10365 MISC |
| mantisbt -- mantisbt | The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. | 2020-03-19 | not yet calculated | CVE-2019-15539 CONFIRM MISC |
| marketplace_expert_sl -- subversion_alm_for_enterprise | Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | 2020-03-20 | not yet calculated | CVE-2020-9344 MISC MISC |
| mediawiki -- mediawiki | In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. | 2020-03-19 | not yet calculated | CVE-2019-15124 MISC |
| mediawiki -- mediawiki | An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model. | 2020-03-19 | not yet calculated | CVE-2019-16529 CONFIRM MISC |
| mediawiki -- mediawiki | An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | 2020-03-20 | not yet calculated | CVE-2019-16528 MISC MISC MISC MISC |
| moodle -- moodle | A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | 2020-03-18 | not yet calculated | CVE-2019-14883 CONFIRM CONFIRM |
| netsas -- enigma_network_management_solution | NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | 2020-03-19 | not yet calculated | CVE-2019-16067 MISC |
| netsas -- enigma_network_management_solution | NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance. | 2020-03-19 | not yet calculated | CVE-2019-16064 MISC |
| netsas -- enigma_network_management_solution | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data. | 2020-03-19 | not yet calculated | CVE-2019-16063 MISC |
| netsas -- enigma_network_management_solution | A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system. | 2020-03-19 | not yet calculated | CVE-2019-16061 MISC |
| netsas -- enigma_network_management_solution | A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script. | 2020-03-19 | not yet calculated | CVE-2019-16065 MISC |
| netsas -- enigma_network_management_solution | An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system. | 2020-03-19 | not yet calculated | CVE-2019-16066 MISC |
| netsas -- enigma_network_management_solution | Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator. | 2020-03-20 | not yet calculated | CVE-2019-16071 MISC |
| netsas -- enigma_network_management_solution | A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site. | 2020-03-19 | not yet calculated | CVE-2019-16068 MISC |
| netsas -- enigma_network_management_solution | An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. | 2020-03-20 | not yet calculated | CVE-2019-16072 MISC |
newlib -- newlib | The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference. | 2020-03-19 | not yet calculated | CVE-2019-14872 CONFIRM |
| newlib -- newlib | The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds). | 2020-03-18 | not yet calculated | CVE-2019-14871 CONFIRM |
| newlib -- newlib | In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14874 CONFIRM |
| newlib -- newlib | In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14876 CONFIRM |
| newlib -- newlib | In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14878 CONFIRM |
| newlib -- newlib | In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14875 CONFIRM |
| newlib -- newlib | In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14877 CONFIRM |
| newlib -- newlib | In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure. | 2020-03-19 | not yet calculated | CVE-2019-14873 CONFIRM |
| nextcloud -- nextcloud_desktop_client | A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 2020-03-20 | not yet calculated | CVE-2020-8140 MISC CONFIRM |
| nextcloud -- nextcloud_server | A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 2020-03-20 | not yet calculated | CVE-2020-8139 MISC CONFIRM |
| nextcloud -- nextcloud_server | A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 2020-03-20 | not yet calculated | CVE-2020-8138 MISC CONFIRM |
| octopus -- deploy | In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges. | 2020-03-19 | not yet calculated | CVE-2020-10678 MISC |
| openwrt_project -- openwrt | An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | 2020-03-16 | not yet calculated | CVE-2020-7982 MISC CONFIRM |
| otrs -- open_ticket_request_system | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. | 2020-03-19 | not yet calculated | CVE-2019-16375 MISC CONFIRM |
| ovirt -- engine | A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. | 2020-03-19 | not yet calculated | CVE-2019-19336 CONFIRM |
| paessler -- prtg_network_monitor | A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed. | 2020-03-16 | not yet calculated | CVE-2019-11073 MISC MISC MISC |
| paessler -- prtg_network_monitor | A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | 2020-03-17 | not yet calculated | CVE-2019-11074 MISC MISC MISC |
| phpbb -- phpbb | phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | 2020-03-20 | not yet calculated | CVE-2019-16108 CONFIRM |
| pki-core -- pki-core | A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | 2020-03-20 | not yet calculated | CVE-2019-10179 CONFIRM |
| pki-core -- pki-core | A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. | 2020-03-20 | not yet calculated | CVE-2020-1696 CONFIRM |
| pki-core -- pki-core | A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. | 2020-03-20 | not yet calculated | CVE-2019-10221 CONFIRM |
| pki-tps --pki-tps | It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable. | 2020-03-18 | not yet calculated | CVE-2019-10178 CONFIRM |
| postgresql -- postgresql | A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. | 2020-03-17 | not yet calculated | CVE-2020-1720 CONFIRM MISC |
| python -- python | The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | 2020-03-20 | not yet calculated | CVE-2020-10799 MISC |
| rainloop -- webmail | RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | 2020-03-20 | not yet calculated | CVE-2019-13389 MISC |
| rconfig -- rconfig | An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | 2020-03-20 | not yet calculated | CVE-2020-9425 MISC CONFIRM |
| red_hat -- openshift | During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | 2020-03-18 | not yet calculated | CVE-2019-19335 CONFIRM |
| red_hat -- openshift/postgresql-apb | A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | not yet calculated | CVE-2020-1707 CONFIRM |
| red_hat -- openshift/template-service-broker-operator | A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-19 | not yet calculated | CVE-2020-1705 CONFIRM |
| red_hat -- openshift_container_platform | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | 2020-03-18 | not yet calculated | CVE-2019-19355 CONFIRM |
| red_hat -- openshift_container_platform | A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | not yet calculated | CVE-2019-19345 CONFIRM |
| red_hat -- openshift_container_platform | A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | not yet calculated | CVE-2020-1709 CONFIRM |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges. | 2020-03-20 | not yet calculated | CVE-2019-15661 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges. | 2020-03-20 | not yet calculated | CVE-2019-15662 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2). | 2020-03-20 | not yet calculated | CVE-2019-15663 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges. | 2020-03-20 | not yet calculated | CVE-2019-15665 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2). | 2020-03-20 | not yet calculated | CVE-2019-15664 MISC CONFIRM MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | 2020-03-20 | not yet calculated | CVE-2019-18785 CONFIRM CONFIRM |
| salesagility -- suitecrm | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | 2020-03-20 | not yet calculated | CVE-2019-18782 CONFIRM CONFIRM |
| signotec -- signopad-api/web | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. | 2020-03-20 | not yet calculated | CVE-2020-9343 MISC |
| signotec -- signopad-api/web | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. | 2020-03-20 | not yet calculated | CVE-2020-9345 MISC |
| simple_machines -- simple_machines_forum | An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | 2020-03-20 | not yet calculated | CVE-2019-11574 MISC MISC |
| spark_development_network -- rock_rms | Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | 2020-03-20 | not yet calculated | CVE-2019-18641 CONFIRM MISC |
| squid -- squid | Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 2020-03-20 | not yet calculated | CVE-2019-18860 CONFIRM MISC |
| swann -- multiple_devices | On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | 2020-03-21 | not yet calculated | CVE-2013-7487 MISC |
| synacor -- zimbra_zm-mailbox | cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. | 2020-03-20 | not yet calculated | CVE-2020-10194 MISC MISC CONFIRM |
| systech_corporation -- nds5000_terminal_server | Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | 2020-03-19 | not yet calculated | CVE-2020-7006 MISC |
| tellabs -- optical_line_terminal_1150_devices | Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. | 2020-03-20 | not yet calculated | CVE-2019-19148 MISC |
| tesla -- tesla_model_3_vehicles | The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. | 2020-03-20 | not yet calculated | CVE-2020-10558 MISC |
| transloadit -- uppy | The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | 2020-03-20 | not yet calculated | CVE-2020-8135 MISC |
| univalue -- univalue | UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. | 2020-03-21 | not yet calculated | CVE-2019-18936 MISC MISC |
| vmware -- multiple_products | VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed. | 2020-03-17 | not yet calculated | CVE-2020-3951 MISC |
| vmware -- multiple_products | VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | 2020-03-17 | not yet calculated | CVE-2020-3950 MISC MISC |
| wordpress -- wordpress | An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | 2020-03-20 | not yet calculated | CVE-2019-13463 MISC MISC |
| wordpress -- wordpress | The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 2020-03-20 | not yet calculated | CVE-2019-12498 CONFIRM CONFIRM MISC |
| xmidt -- cjwt | Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance. | 2020-03-20 | not yet calculated | CVE-2019-19324 MISC MISC |
| zoho -- manageengine_remote_access_plus | Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | 2020-03-19 | not yet calculated | CVE-2019-11361 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.