Vulnerability Summary for the Week of March 23, 2020

Released
Mar 30, 2020
Document ID
SB20-090

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3797
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3793
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-2510CVE-2020-3805
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3795
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3799
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3807
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3801
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-257.5CVE-2020-3792
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3787
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3775
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3785
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3788
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3784
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3783
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3789
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-257.5CVE-2020-3786
CONFIRM
apache -- traffic_serverThere is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.2020-03-237.5CVE-2019-17559
MISC
apache -- traffic_serverThere is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.2020-03-237.5CVE-2019-17565
MISC
apache -- traffic_serverThere is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.2020-03-237.5CVE-2020-1944
MISC
asus -- asuswrtAn issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.2020-03-207.8CVE-2018-20335
MISC
asus -- asuswrtAn issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.2020-03-2010CVE-2018-20334
MISC
autoupdater.net -- autoupdater.netAutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.2020-03-237.5CVE-2019-20627
MISC
MISC
blamer -- blamerCode injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.2020-03-207.5CVE-2020-8137
MISC
cutephp -- cutenewsCuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.2020-03-259CVE-2020-5558
MISC
d-link -- dap-1650_devicesAn issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.2020-03-217.5CVE-2019-12767
CONFIRM
d-link -- multiple_routersThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.2020-03-238.3CVE-2020-8864
MISC
MISC
d-link -- multiple_routersThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470.2020-03-238.3CVE-2020-8863
MISC
MISC
ekakin -- shihonkanri_plus_gooutShihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2020-03-2510CVE-2020-5556
MISC
ez_platform -- ez_publish_kerneleZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.2020-03-227.5CVE-2020-10806
MISC
google -- chromeUse after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6428
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeUse after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6427
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeUse after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6424
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeUse after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6449
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeUse after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6422
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeUse after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-239.3CVE-2020-6429
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
grandstream -- ucm6200_series_devicesThe HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.2020-03-2310CVE-2020-5722
MISC
MISC
graphicsmagick -- graphicsmagickGraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.2020-03-247.5CVE-2020-10938
MISC
homee -- brain_cubeThe bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface.2020-03-207.2CVE-2019-16258
MISC
MISC
it-novum -- openitcockpitopenITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.2020-03-2510CVE-2020-10789
MISC
CONFIRM
keijiban_tsumiki_project -- keijiban_tsumikiKeijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2020-03-2510CVE-2020-5561
MISC
keitai-site.net -- maliformmailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.2020-03-2510CVE-2020-5553
MISC
liferay -- liferay_portalDeserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).2020-03-207.5CVE-2020-7961
MISC
CONFIRM
linbit -- csync2An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.2020-03-207.5CVE-2019-15522
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.2020-03-2410CVE-2020-7007
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.2020-03-2410CVE-2020-6981
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.2020-03-2410CVE-2020-6985
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.2020-03-247.5CVE-2020-6989
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.2020-03-247.5CVE-2020-6995
MISC
naver -- cloud_explorerNaver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.2020-03-237.5CVE-2020-9752
CONFIRM
netsas -- eigma_network_management_solutionAn OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.2020-03-2010CVE-2019-16072
MISC
parallels -- parallels_desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10028.2020-03-237.2CVE-2020-8875
MISC
quest -- foglight_evolve
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553.2020-03-2310CVE-2020-8868
MISC
MISC
rconfig-- rconfigrConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.2020-03-237.5CVE-2020-10879
MISC
EXPLOIT-DB
rivet_networks -- killer_control_centerAn issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges.2020-03-209CVE-2019-15665
MISC
CONFIRM
MISC
rivet_networks -- killer_control_centerAn issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges.2020-03-209CVE-2019-15661
MISC
CONFIRM
MISC
rockwell_automation -- factorytalk_diagnosticsIn Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.2020-03-2310CVE-2020-6967
MISC
s9y -- serendipitySerendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.2020-03-257.5CVE-2020-10964
MISC
MISC
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).2020-03-247.5CVE-2019-20561
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).2020-03-2410CVE-2019-20622
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The BIOSUB Trustlet has an out of bounds write. The Samsung ID is SVE-2019-15261 (October 2019).2020-03-247.5CVE-2019-20560
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020).2020-03-247.5CVE-2020-10836
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).2020-03-2410CVE-2019-20583
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019).2020-03-247.5CVE-2019-20571
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).2020-03-247.5CVE-2019-20558
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019).2020-03-247.5CVE-2019-20582
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019).2020-03-247.5CVE-2019-20562
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).2020-03-247.5CVE-2019-20556
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019).2020-03-247.5CVE-2019-20553
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).2020-03-247.5CVE-2019-20578
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).2020-03-2410CVE-2019-20584
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020).2020-03-2410CVE-2020-10848
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).2020-03-2410CVE-2019-20585
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019).2020-03-247.5CVE-2019-20567
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019).2020-03-247.5CVE-2019-20572
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).2020-03-2410CVE-2019-20621
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019).2020-03-2410CVE-2019-20545
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).2020-03-247.5CVE-2019-20566
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).2020-03-2410CVE-2019-20586
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).2020-03-2410CVE-2019-20587
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019).2020-03-247.5CVE-2019-20581
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020).2020-03-2410CVE-2020-10835
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November 2019).2020-03-2410CVE-2019-20537
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).2020-03-2410CVE-2020-10837
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019).2020-03-247.5CVE-2019-20563
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019).2020-03-247.5CVE-2019-20530
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).2020-03-247.5CVE-2019-20536
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019).2020-03-247.5CVE-2019-20548
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019).2020-03-247.5CVE-2019-20544
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).2020-03-2410CVE-2020-10850
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019).2020-03-247.5CVE-2019-20549
CONFIRM
schneider_electric -- andover_continuum_controllersA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.2020-03-237.5CVE-2020-7480
MISC

schneider_electric -- multiple_products

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.2020-03-237.5CVE-2020-7475
MISC
simple_machines -- simple_machines_forumAn issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.2020-03-207.5CVE-2019-11574
MISC
MISC
spark_development_network -- rock_rmsRock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.2020-03-207.5CVE-2019-18641
CONFIRM
MISC
svglib--svglibThe svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.2020-03-207.5CVE-2020-10799
MISC
tellabs -- optical_line_terminal_1150_devicesTellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH.2020-03-2010CVE-2019-19148
MISC
tesla -- tesla_model_3_vehiclesThe driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.2020-03-207.1CVE-2020-10558
MISC
uppy -- uppyThe uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.2020-03-207.5CVE-2020-8135
MISC
vesta -- vesta_control_panelVesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.2020-03-229CVE-2020-10808
MISC
MISC
MISC
videolabs -- libmicrodnsAn exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.2020-03-247.5CVE-2020-6072
MISC
weechat -- weechatAn issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.2020-03-237.5CVE-2020-9760
MISC
MLIST
GENTOO
MISC
wonderlink -- wl-enqWL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.2020-03-2510CVE-2020-5560
MISC
wordpress -- wordpressAn issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.2020-03-237.5CVE-2020-9392
MISC
wordpress -- wordpressThe WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.2020-03-207.5CVE-2019-12498
CONFIRM
CONFIRM
MISC
zendto -- zendtolib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.2020-03-247.5CVE-2020-8986
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acyba -- acymailingAcyba AcyMailing before 6.9.2 mishandles file uploads by admins.2020-03-246.5CVE-2020-10934
MISC
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure .2020-03-255CVE-2020-3800
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .2020-03-256.8CVE-2020-3802
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .2020-03-255CVE-2020-3804
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .2020-03-255CVE-2020-3806
CONFIRM
adobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.2020-03-254.4CVE-2020-3803
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-9552
CONFIRM
adobe -- bridgeAdobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-9551
CONFIRM
adobe -- creative_cloud_desktop_applicationCreative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.2020-03-255.8CVE-2020-3808
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-03-255CVE-2020-3769
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3780
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-255CVE-2020-3777
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-254.3CVE-2020-3778
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-254.3CVE-2020-3771
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-254.3CVE-2020-3782
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-254.3CVE-2020-3781
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3773
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3790
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2020-03-254.3CVE-2020-3791
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3776
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3774
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3772
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3770
CONFIRM
adobe -- photoshop_cc_2019_and_2020Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-03-256.8CVE-2020-3779
CONFIRM
apache -- tikaA carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.2020-03-234.3CVE-2020-1950
CONFIRM
MLIST
apache -- tikaA carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.2020-03-234.3CVE-2020-1951
MISC
MLIST
arm -- mbed_tlsArm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.2020-03-244.3CVE-2020-10941
MISC
artica -- artica_proxyArtica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.2020-03-226.5CVE-2020-10818
MISC
artica -- pandora_fmsArtica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.2020-03-236.5CVE-2020-7935
MISC
artica -- pandora_fmsIn Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.2020-03-235CVE-2020-8497
MISC
artica -- pandora_fmsIn Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.2020-03-236.5CVE-2020-8511
MISC
asus -- asuswrtAn issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.2020-03-205CVE-2018-20333
MISC
auto-maskin -- multiple_devicesIn Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.2020-03-236.4CVE-2019-6560
MISC
auto-maskin -- multiple_productsIn Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.2020-03-235CVE-2019-6558
MISC
centreon -- centreonCommand Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.2020-03-206.5CVE-2019-19487
MISC
centreon -- centreonLocal File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.2020-03-204CVE-2019-19486
MISC
centreon -- centreonOpen redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior.2020-03-205.8CVE-2019-19484
MISC
cmsmadesimple -- cms_made_simpleThe Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).2020-03-206.8CVE-2020-10682
MISC
cutephp -- cutenewsCross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-03-254.3CVE-2020-5557
MISC
druva -- insync_clientImproper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.2020-03-244.6CVE-2019-4001
MISC
eaton -- ups_companion_softwareUPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.&#x201D;eval&#x201D; in &#x201C;Update Manager&#x201D; class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.2020-03-235.8CVE-2020-6650
MISC
ekakin -- shihonkanri_plus_gooutShihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.2020-03-256.4CVE-2020-5555
MISC
ekakin -- shihonkanri_plus_gooutDirectory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.2020-03-256.4CVE-2020-5554
MISC
elog -- electronic_logbookThis vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115.2020-03-235CVE-2020-8859
MISC
MISC
fastify -- fastify-multipartPrototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.2020-03-205CVE-2020-8136
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.2020-03-206.8CVE-2020-8881
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.2020-03-206.8CVE-2020-8878
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624.2020-03-204.3CVE-2020-8877
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773.2020-03-206.8CVE-2020-8880
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626.2020-03-204.3CVE-2020-8879
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880.2020-03-204.3CVE-2020-8883
MISC
MISC
foxit -- studio_photoThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811.2020-03-206.8CVE-2020-8882
MISC
MISC
freeradius -- freeradiusIn FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.2020-03-215CVE-2019-17185
MISC
CONFIRM
frozennode -- laravel_administratorFrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.2020-03-256.5CVE-2020-10963
MISC
ghost -- ghost_cmsServer-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.2020-03-205.5CVE-2020-8134
MISC
gnupg -- gnupgA flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.2020-03-205CVE-2019-14855
CONFIRM
MISC
MISC
MISC
google -- chromeInappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-03-234.3CVE-2020-6426
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeInsufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.2020-03-235.8CVE-2020-6425
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN
google -- chromeInsufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.2020-03-236.8CVE-2020-6420
MISC
MISC
FEDORA
gpac -- gpacAn issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.2020-03-244.3CVE-2019-20632
MISC
gpac -- gpacAn issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.2020-03-244.3CVE-2019-20631
MISC
gpac -- gpacAn issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.2020-03-244.3CVE-2019-20630
MISC
MISC
gpac -- gpacAn issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.2020-03-244.3CVE-2019-20629
MISC
MISC
gpac -- gpacAn issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.2020-03-244.3CVE-2019-20628
MISC
MISC
MISC
hashicorp -- vault_and_vault_enterpriseHashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.2020-03-235.8CVE-2020-10661
CONFIRM
MISC
hdf_group -- hdf5An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.2020-03-224.3CVE-2020-10811
MISC
MISC
MISC
hdf_group -- hdf5An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.2020-03-224.3CVE-2020-10809
MISC
MISC
MISC
hdf_group -- hdf5An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.2020-03-224.3CVE-2020-10810
MISC
MISC
MISC
hdf_group -- hdf5An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.2020-03-225CVE-2020-10812
MISC
MISC
MISC
honeywell -- notifier_web_serverIn Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.2020-03-246.4CVE-2020-6972
MISC
honeywell -- win-pak_devicesIn Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.2020-03-246.4CVE-2020-6978
MISC
honeywell -- win-pak_devicesIn Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.2020-03-245.8CVE-2020-6982
MISC
honeywell -- win-pak_devicesIn Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.2020-03-246.8CVE-2020-7005
MISC
horde -- groupware_webmail_editionThis vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.2020-03-234CVE-2020-8866
MLIST
MISC
MISC
horde -- groupware_webmail_editionThis vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.2020-03-236.5CVE-2020-8865
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-204.6CVE-2020-1796
MISC
huawei -- secospace_antiddos8000_versionsSome Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.2020-03-206.8CVE-2020-1864
MISC
ibm -- api_connectIBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.2020-03-245CVE-2019-4553
XF
CONFIRM
ibm -- content_navigatorIBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080.2020-03-245CVE-2020-4309
XF
CONFIRM
ibm -- content_navigatorIBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.2020-03-246.5CVE-2020-4253
XF
CONFIRM
ibm -- tivoli_netcool_impactIBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.2020-03-244.3CVE-2019-4681
XF
CONFIRM
inextrix_technologies -- astppAn issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.2020-03-205CVE-2019-15075
MISC
insulet -- omnipod_insulin_management_systemThe affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.2020-03-204.6CVE-2020-10597
MISC
it-novum -- openitcockpitopenITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.2020-03-205CVE-2020-10792
MISC
CONFIRM
it-novum -- openitcockpitapp/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.2020-03-254CVE-2020-10791
MISC
CONFIRM
jenkins -- jenkinsJenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.2020-03-255CVE-2020-2165
MLIST
CONFIRM
jenkins -- jenkinsA form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.2020-03-254.3CVE-2020-2169
MLIST
CONFIRM
jenkins -- jenkinsJenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.2020-03-254CVE-2020-2164
MLIST
CONFIRM
kde -- okularKDE Okular before 1.10.0 allows code execution via an action link in a PDF document.2020-03-246.8CVE-2020-9359
CONFIRM
CONFIRM
MLIST
FEDORA
keitai-site.net -- mailformCross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-03-254.3CVE-2020-5552
MISC
linux -- linux_kernelIn the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.2020-03-244.9CVE-2020-10942
MISC
MISC
MISC
lix-pm -- lixlix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.2020-03-216.8CVE-2020-10800
MISC
marketplace_expert -- subversion_almSubversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.2020-03-204.3CVE-2020-9344
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33.2020-03-205CVE-2019-16528
MISC
MISC
MISC
MISC
memcached -- memcachedMemcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.2020-03-245CVE-2020-10931
MISC
MISC
MISC
mikrotik -- multiple_routersThe SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.2020-03-235CVE-2020-10364
MISC
MISC
mitre -- calderaauth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.2020-03-225CVE-2020-10807
MISC
MISC
MISC
MISC
motorola -- fx9500_devicesMotorola FX9500 devices allow remote attackers to read database files.2020-03-235CVE-2020-10874
MISC
motorola -- fx9500_devicesMotorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.2020-03-235CVE-2020-10875
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.2020-03-245CVE-2020-6979
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.2020-03-245CVE-2020-7001
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.2020-03-245CVE-2020-6991
MISC
moxa -- eds-g516e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.2020-03-245CVE-2020-6997
MISC

moxa -- iologik_2500_series_controllers_and_ioexpress_configuration_utility

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.2020-03-245CVE-2019-18242
MISC

moxa -- iologik_2500_series_controllers_and_ioxpres_configuration_utility

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.2020-03-245CVE-2020-7003
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.2020-03-245CVE-2020-6983
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.2020-03-245CVE-2020-6987
MISC
moxa -- pt-7528_series_devicesIn Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.2020-03-245CVE-2020-6993
MISC
mozilla -- bleachIn Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.2020-03-244.3CVE-2020-6816
MISC
mozilla -- bleachIn Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.2020-03-244.3CVE-2020-6802
MISC
mozilla -- firefoxWhen a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74.2020-03-254.3CVE-2020-6808
MISC
MISC
mozilla -- thunderbird_and_firefox_and_firefox_esrWhen removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-256.8CVE-2020-6805
MISC
MISC
MISC
MISC
mozilla -- thunderbird_and_firefox_and_firefox_esrWhen a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-256.8CVE-2020-6807
MISC
MISC
MISC
MISC
mozilla -- thunderbird_and_firefox_and_firefox_esrBy carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-256.8CVE-2020-6806
MISC
MISC
MISC
MISC
netgear -- gs728tps_devicesOn NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication.2020-03-234CVE-2019-19964
CONFIRM
netgear -- multiple_prosafe_devicesNETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.2020-03-236.5CVE-2016-11022
MISC
MISC
MISC
netsas -- enigma_network_management_solutionEnigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator.2020-03-206.5CVE-2019-16071
MISC
nextcloud -- nextcloud_desktop_clientA code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.2020-03-204.6CVE-2020-8140
MISC
CONFIRM
nextcloud -- nextcloud_serverA missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.2020-03-204CVE-2020-8139
MISC
CONFIRM
nextcloud -- nextcloud_serverA missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.2020-03-204CVE-2020-8138
MISC
CONFIRM
parallells -- parallels_desktopThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032.2020-03-234.6CVE-2020-8874
MISC
parallells -- parallels_desktopThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031.2020-03-234.6CVE-2020-8873
MISC
parallells -- parallels_desktopThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403.2020-03-234.6CVE-2020-8871
MISC
phpbb -- phpbbphpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.2020-03-205CVE-2019-16108
CONFIRM
phpmyadmin -- phpmyadminIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).2020-03-226CVE-2020-10804
SUSE
MISC
phpmyadmin -- phpmyadminIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.2020-03-226CVE-2020-10802
SUSE
MLIST
MISC
pki-core -- pki-coreA Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.2020-03-204.3CVE-2019-10221
CONFIRM
pki-core -- pki-coreA vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.2020-03-204.3CVE-2019-10179
CONFIRM
rainloop -- webmailRainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.2020-03-204.3CVE-2019-13389
MISC
rconfig -- rconfigAn issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.2020-03-205CVE-2020-9425
MISC
CONFIRM
red_hat -- jboss_keycloakA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.2020-03-245CVE-2020-1744
CONFIRM
CONFIRM
red_hat -- openshift/mediawikiA vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-204.6CVE-2020-1709
CONFIRM
red_hat -- openshift/mediawiki-apbA vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-204.6CVE-2019-19345
CONFIRM
red_hat -- openshift/postgresql-apbA vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-204.4CVE-2020-1707
CONFIRM
rivet_networks -- killer_control_centerAn issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2).2020-03-204CVE-2019-15663
MISC
CONFIRM
MISC
rivet_networks -- killer_control_centerAn issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2).2020-03-204CVE-2019-15664
MISC
CONFIRM
MISC
rivet_networks -- killer_control_centerAn issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.2020-03-204CVE-2019-15662
MISC
CONFIRM
MISC
salesagility -- suitecrmSuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.2020-03-205CVE-2019-18785
CONFIRM
CONFIRM
salesagility -- suitecrmSuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.2020-03-205CVE-2019-18782
CONFIRM
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019).2020-03-245CVE-2019-20619
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).2020-03-245CVE-2019-20612
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020).2020-03-245CVE-2020-10854
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020).2020-03-244.6CVE-2020-10829
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020).2020-03-245CVE-2020-10849
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019).2020-03-245CVE-2019-20555
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020).2020-03-245CVE-2020-10834
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).2020-03-245CVE-2019-20564
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019).2020-03-245CVE-2019-20618
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).2020-03-245CVE-2019-20616
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020).2020-03-245CVE-2020-10831
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020).2020-03-244.6CVE-2020-10841
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020).2020-03-245CVE-2020-10853
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019).2020-03-245CVE-2019-20602
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019).2020-03-244.6CVE-2019-20594
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019).2020-03-244.6CVE-2019-20574
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019).2020-03-244.6CVE-2019-20573
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019).2020-03-244.6CVE-2019-20542
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019).2020-03-245CVE-2019-20603
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).2020-03-244.8CVE-2019-20575
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. There is a heap overflow in the knox_kap driver. The Samsung ID is SVE-2019-14857 (November 2019).2020-03-244.6CVE-2019-20538
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019).2020-03-245CVE-2019-20599
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).2020-03-244.6CVE-2020-10838
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020).2020-03-244.6CVE-2020-10852
MISC
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019).2020-03-245CVE-2019-20570
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).2020-03-246.4CVE-2019-20596
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019).2020-03-245CVE-2019-20551
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019).2020-03-245CVE-2019-20552
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020).2020-03-244.6CVE-2020-10842
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020).2020-03-244.6CVE-2020-10851
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019).2020-03-246.4CVE-2019-20597
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020).2020-03-244.4CVE-2020-10843
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).2020-03-244.4CVE-2020-10845
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019).2020-03-245CVE-2019-20617
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020).2020-03-246.4CVE-2020-10844
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020).2020-03-244.6CVE-2020-10839
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019).2020-03-245CVE-2019-20624
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019).2020-03-245CVE-2019-20547
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020).2020-03-244.6CVE-2020-10832
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).2020-03-246.8CVE-2019-20568
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).2020-03-245CVE-2019-20565
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019).2020-03-245CVE-2019-20620
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019).2020-03-245CVE-2019-20539
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019).2020-03-245CVE-2019-20532
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020).2020-03-245CVE-2020-10833
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).2020-03-245CVE-2019-20601
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019).2020-03-244.6CVE-2019-20541
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019).2020-03-245CVE-2019-20614
CONFIRM
schneider_electric -- andover_continuum_controllersA CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.2020-03-234.3CVE-2020-7482
MISC
schneider_electric -- andover_continuum_controllersA CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.2020-03-234.3CVE-2020-7481
MISC
schneider_electric -- interactive_graphical_scada_systemA CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.2020-03-235CVE-2020-7478
MISC
schneider_electric -- interactive_graphical_scada_systemA CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.2020-03-234.6CVE-2020-7479
MISC
schneider_electric -- multiple_devicesA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.2020-03-235CVE-2020-7477
MISC
schneider_electric -- pmepxm0100_devicesA CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.2020-03-234.4CVE-2020-7474
MISC
schneider_electric -- zigbee_installation_kitA CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.2020-03-234.4CVE-2020-7476
MISC
signotec -- signopad-api/webAn issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.2020-03-204.3CVE-2020-9343
MISC
signotec -- signopad-api/webAn issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.2020-03-204.3CVE-2020-9345
MISC
squid -- squidSquid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.2020-03-204.3CVE-2019-18860
CONFIRM
MISC
sustainsys -- saml2Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.2020-03-254.9CVE-2020-5261
MISC
MISC
CONFIRM
swann -- multiple_dvr_devicesOn Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to &#x201C;system&#x201D;, which allows remote attackers to execute arbitrary code via TCP port 9000.2020-03-216.8CVE-2013-7487
MISC
synacor -- zimbra_zm-mailboxcs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.2020-03-204CVE-2020-10194
MISC
MISC
CONFIRM
tor_project -- torTor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.2020-03-235CVE-2020-10593
SUSE
GENTOO
MISC
tor_project -- torTor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.2020-03-235CVE-2020-10592
SUSE
GENTOO
MISC
univalue -- univalueUniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.2020-03-215CVE-2019-18936
MISC
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.2020-03-245CVE-2020-6078
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].2020-03-245CVE-2020-6080
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.2020-03-245CVE-2020-6079
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.2020-03-245CVE-2020-6073
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.2020-03-245CVE-2020-6071
MISC
videolabs -- libmicrodnsAn exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.2020-03-245CVE-2020-6077
MISC
wago -- pfc200_devicesAn exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.2020-03-234.6CVE-2019-5184
MISC
wago -- pfc200_devicesAn exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash.2020-03-234.4CVE-2019-5185
MISC
wago -- pfc200_devicesAn exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash.2020-03-234.4CVE-2019-5186
MISC
weechat -- weechatAn issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash.2020-03-235CVE-2020-9759
MISC
MLIST
GENTOO
MISC
wonderlink -- wl-enqCross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-03-254.3CVE-2020-5559
MISC
wordpress -- wordpressAn XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.2020-03-204.3CVE-2019-13463
MISC
MISC
xmidt -- cjwtXmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.2020-03-205CVE-2019-19324
MISC
MISC
zendto -- zendtoZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.2020-03-246.8CVE-2020-8985
MISC
zendto -- zendtolib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.2020-03-245CVE-2020-8984
MISC
MISC
zoho -- manageengine_asset_explorerZoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.2020-03-236.5CVE-2019-19034
CONFIRM
zoho -- manageengine_assetexplorerAn issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.2020-03-234.9CVE-2020-8838
CONFIRM
zoho -- manageengine_desktop_centralManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.2020-03-234.3CVE-2019-15510
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cmsmadesimple -- cms_made_simpleThe Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.2020-03-203.5CVE-2020-10681
MISC
honda -- hr-v_2017_vehiclesThe remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.2020-03-233.3CVE-2019-20626
MISC
huawei -- campusinsight_and_manageoneThere is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.2020-03-202.1CVE-2020-1862
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-202.1CVE-2020-1794
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-202.1CVE-2020-1795
MISC
huawei -- mate_20_and_mate_30_pro_smartphonesThere is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-202.1CVE-2020-1793
MISC
huawei -- multiple_productsThere is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3).2020-03-203.6CVE-2020-1879
MISC
huawei -- oxfords-an00a_smartphoneHuawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.2020-03-202.1CVE-2020-1878
MISC
ibm -- jazz_for_service_managementIBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123.2020-03-233.5CVE-2019-4718
XF
CONFIRM
it-novum -- openitcockpitopenITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.2020-03-253.5CVE-2020-10790
MISC
MISC
CONFIRM
jenkins -- jenkinsJenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.2020-03-253.5CVE-2020-2163
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.2020-03-253.5CVE-2020-2162
MLIST
CONFIRM
jenkins -- jenkinsJenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.2020-03-253.5CVE-2020-2170
MLIST
CONFIRM
micro_focus -- vibeA stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.2020-03-253.5CVE-2020-9520
FULLDISC
MISC
nagios -- nagios_xiNagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.2020-03-223.5CVE-2020-10819
MISC
nagios -- nagios_xiNagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.2020-03-223.5CVE-2020-10820
MISC
nagios -- nagios_xiNagios XI 5.6.11 allows XSS via the account/main.php theme parameter.2020-03-223.5CVE-2020-10821
MISC
netapp -- oncommand_system_managerOnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.2020-03-243.5CVE-2019-17276
MISC
parallels -- parallells_desktopThis vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428.2020-03-232.1CVE-2020-8872
MISC
parallels -- parallells_desktopThis vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029.2020-03-232.1CVE-2020-8876
MISC
phpmyadmin -- phpmyadminIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.2020-03-223.5CVE-2020-10803
SUSE
MLIST
MISC
piwigo -- piwigoPiwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.2020-03-263.5CVE-2020-9467
CONFIRM
pki-core -- pki-coreA flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.2020-03-203.5CVE-2020-1696
CONFIRM
prestashop -- prestashopPrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.02020-03-253.5CVE-2020-5277
MISC
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019).2020-03-242.1CVE-2019-20550
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020).2020-03-242.1CVE-2020-10830
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).2020-03-242.1CVE-2019-20625
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020).2020-03-241.9CVE-2020-10846
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020).2020-03-243.6CVE-2020-10840
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).2020-03-242.1CVE-2019-20533
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019).2020-03-243.6CVE-2019-20600
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).2020-03-242.1CVE-2019-20535
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019).2020-03-242.1CVE-2019-20540
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019).2020-03-242.1CVE-2019-20543
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).2020-03-242.1CVE-2019-20557
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).2020-03-242.1CVE-2019-20554
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).2020-03-243.3CVE-2019-20546
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).2020-03-242.1CVE-2019-20559
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).2020-03-242.1CVE-2019-20569
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).2020-03-242.1CVE-2019-20595
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).2020-03-242.1CVE-2019-20534
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).2020-03-242.1CVE-2019-20615
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).2020-03-241.9CVE-2019-20623
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019).2020-03-242.1CVE-2019-20598
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020).2020-03-242.1CVE-2020-10855
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019).2020-03-243.6CVE-2019-20531
CONFIRM
telegram -- telegram_for_androidThe Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.2020-03-243.6CVE-2020-10570
MISC
wordpress -- wordpressA stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.2020-03-243.5CVE-2020-10385
MISC
MISC
MISC
MISC
MISC
zim -- zimZim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.2020-03-232.1CVE-2020-10870
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3s-smart_software_solutions -- codesys_gatewayserviceAn exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.2020-03-26not yet calculatedCVE-2019-5105
MISC
accenture -- mercuryAn XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.2020-03-27not yet calculatedCVE-2020-10990
MISC
MISC

adobe -- coldfusion

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.2020-03-25not yet calculatedCVE-2020-3794
CONFIRM
adobe -- coldfusionColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.2020-03-25not yet calculatedCVE-2020-3761
CONFIRM
adobe -- genuine_integrity_serviceAdobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.2020-03-25not yet calculatedCVE-2020-3766
CONFIRM
advantech -- webaccessIn Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.2020-03-27not yet calculatedCVE-2020-10607
MISC
apache -- shiroApache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.2020-03-25not yet calculatedCVE-2020-1957
MISC
MLIST
asus -- asus_device_activationDevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.2020-03-25not yet calculatedCVE-2020-10649
MISC
MISC
MISC
MISC
azkaban -- azkabanAzkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.2020-03-27not yet calculatedCVE-2020-10992
MISC
canonical -- ubuntuPython-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.2020-03-26not yet calculatedCVE-2019-15796
UBUNTU
UBUNTU
canonical -- ubuntupython-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.2020-03-26not yet calculatedCVE-2019-15795
UBUNTU
UBUNTU
cesnet -- perunIn Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.2020-03-25not yet calculatedCVE-2020-5281
MISC
MISC
CONFIRM
dart -- dartAn improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.2020-03-26not yet calculatedCVE-2020-8923
CONFIRM
draytek -- multiple_devicesA stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.2020-03-26not yet calculatedCVE-2020-10828
MISC
draytek -- multiple_devices/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.2020-03-26not yet calculatedCVE-2020-10826
MISC
draytek -- multiple_devicesA stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).2020-03-26not yet calculatedCVE-2020-10825
MISC
draytek -- multiple_devicesA stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).2020-03-26not yet calculatedCVE-2020-10824
MISC
draytek -- multiple_devicesA stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).2020-03-26not yet calculatedCVE-2020-10823
MISC
draytek -- multiple_devicesA stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.2020-03-26not yet calculatedCVE-2020-10827
MISC
f5 -- big-ipOn BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).2020-03-27not yet calculatedCVE-2020-5860
MISC
f5 -- big-ipOn BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.2020-03-27not yet calculatedCVE-2020-5861
MISC
f5 -- big-ipOn BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.2020-03-27not yet calculatedCVE-2020-5862
MISC
f5 -- big-ipOn BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.2020-03-27not yet calculatedCVE-2020-5857
MISC
f5 -- big-ipOn BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.2020-03-27not yet calculatedCVE-2020-5858
MISC
f5 -- big-ipOn BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.2020-03-27not yet calculatedCVE-2020-5859
MISC
f5 -- nginx_controllerIn NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.2020-03-27not yet calculatedCVE-2020-5863
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.2020-03-26not yet calculatedCVE-2020-10969
MISC
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).2020-03-26not yet calculatedCVE-2020-10968
MISC
MISC
finalwire -- aida64An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7244
MISC
gigabyte -- app_centerAn issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7630
MISC

gitlab -- gillab_enterprise_and_community_editions

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.2020-03-27not yet calculatedCVE-2020-10955
CONFIRM
MISC
gitlab -- gitlabGitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.2020-03-27not yet calculatedCVE-2020-10956
CONFIRM
MISC
gitlab -- gitlabGitLab through 12.9 is affected by a potential DoS in repository archive download.2020-03-27not yet calculatedCVE-2020-10954
CONFIRM
MISC

gitlab -- gitlab_enterprise_and_community_editions

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.2020-03-27not yet calculatedCVE-2020-10952
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionIn GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.2020-03-27not yet calculatedCVE-2020-10953
CONFIRM
MISC
gnu_patch -- gnu_patchGNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.2020-03-25not yet calculatedCVE-2019-20633
MISC
google -- closure-libraryA URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.2020-03-26not yet calculatedCVE-2020-8910
CONFIRM
CONFIRM
gstreamer -- gst-rtsp-serverAn exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.2020-03-27not yet calculatedCVE-2020-6095
MISC
harris_ormed_self_service -- harris_ormed_self_serviceHarris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.2020-03-25not yet calculatedCVE-2019-18626
MISC
hashicorp -- vault_and_vault_enterpriseHashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.2020-03-23not yet calculatedCVE-2020-10660
CONFIRM
MISC
http4s -- http4shttp4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported.2020-03-25not yet calculatedCVE-2020-5280
MISC
MISC
MISC
CONFIRM
huawei -- oxfordp-an10b_smartphonesHuawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.2020-03-26not yet calculatedCVE-2020-9066
MISC
huawei -- p30_smartphonesHUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.2020-03-26not yet calculatedCVE-2020-1800
MISC
huawei -- taurus-al00b_smartphonesHuawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.2020-03-26not yet calculatedCVE-2020-9065
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.2020-03-26not yet calculatedCVE-2020-4276
XF
CONFIRM
it-novum -- openitcockpitopenITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.2020-03-25not yet calculatedCVE-2020-10788
MISC
CONFIRM
jenkins -- jenkinsJenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2166
MLIST
CONFIRM
jenkins -- jenkinsJenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2168
MLIST
CONFIRM
jenkins -- jenkinsJenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-03-25not yet calculatedCVE-2020-2171
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.2020-03-25not yet calculatedCVE-2020-2160
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.2020-03-25not yet calculatedCVE-2020-2161
MLIST
CONFIRM
jenkins -- jenkinsJenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.2020-03-25not yet calculatedCVE-2020-2167
MLIST
CONFIRM
kiali -- kialiA hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.2020-03-26not yet calculatedCVE-2020-1764
CONFIRM
MISC
kubernetes -- api_serverThe Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.2020-03-27not yet calculatedCVE-2020-8552
MISC
MISC
kubernetes -- kubeletThe Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.2020-03-27not yet calculatedCVE-2020-8551
MISC
MISC
lenovo -- multiple_notebooksMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.2020-03-27not yet calculatedCVE-2015-5684
MISC
lenovo -- solution_centerMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-8534
MISC
lenovo -- solution_centerMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.2020-03-27not yet calculatedCVE-2015-8536
MISC
lenovo -- solution_centerMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-8535
MISC
lenovo -- system_updateMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7334
MISC
lenovo -- system_updateMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7335
MISC
lenovo -- system_updateMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.2020-03-27not yet calculatedCVE-2015-7336
MISC
lenovo -- system_updateMITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.2020-03-27not yet calculatedCVE-2015-7333
MISC

mcafee -- mcafee_application_and_change_control

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.2020-03-26not yet calculatedCVE-2020-7260
CONFIRM
micro_focus -- service_manager_automationAn SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.2020-03-26not yet calculatedCVE-2020-9521
MISC
moo0 -- moo0_system_monitorAn issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7240
MISC
moxa -- eds-g16e_series_devicesIn Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.2020-03-26not yet calculatedCVE-2020-6999
MISC
mozilla -- firefoxWhen protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6813
MISC
MISC
mozilla -- firefoxMozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6815
MISC
MISC
mozilla -- firefoxAfter a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6810
MISC
MISC
mozilla -- firefoxWhen a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.2020-03-25not yet calculatedCVE-2020-6809
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6812
MISC
MISC
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6814
MISC
MISC
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.2020-03-25not yet calculatedCVE-2020-6811
MISC
MISC
MISC
MISC
mulesoft -- apikitMulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java2020-03-27not yet calculatedCVE-2020-10991
MISC
nick_chan_bot -- nick_chan_botIn Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta2020-03-25not yet calculatedCVE-2020-5282
MISC
CONFIRM
osmand -- osmandOsmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.2020-03-27not yet calculatedCVE-2020-10993
MISC
otrs -- open_ticket_request_systemIt's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1773
MISC
otrs -- open_ticket_request_systemAttacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1771
MISC
otrs -- open_ticket_request_systemIt's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1772
MISC
otrs -- open_ticket_request_systemSupport bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1770
MISC
otrs -- open_ticket_request_systemIn the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.2020-03-27not yet calculatedCVE-2020-1769
MISC
phoenix_contact -- pc_worx_srtInsecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.2020-03-27not yet calculatedCVE-2020-10939
CONFIRM
phoenix_contact -- portico_serverLocal Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.2020-03-27not yet calculatedCVE-2020-10940
CONFIRM
piwigo -- piwigoThe Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.2020-03-26not yet calculatedCVE-2020-9468
MISC
MISC
puppet -- continuous_delivery_for_puppet_enterpriseIn Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.2020-03-26not yet calculatedCVE-2020-7944
MISC
pyup -- pyup_safety_toolThe command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to &#x201C;poison-pill&#x201D; command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.2020-03-23not yet calculatedCVE-2020-5252
CONFIRM
CONFIRM
CONFIRM
red_hat -- ansible_engineA flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.2020-03-24not yet calculatedCVE-2020-10684
CONFIRM
rsa -- authentication_managerRSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.2020-03-26not yet calculatedCVE-2020-5340
MISC
rsa -- authentication_managerRSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.2020-03-26not yet calculatedCVE-2020-5339
MISC
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).2020-03-24not yet calculatedCVE-2019-20606
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).2020-03-24not yet calculatedCVE-2019-20613
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019).2020-03-24not yet calculatedCVE-2019-20605
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019).2020-03-24not yet calculatedCVE-2019-20604
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).2020-03-24not yet calculatedCVE-2019-20610
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).2020-03-24not yet calculatedCVE-2019-20611
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).2020-03-24not yet calculatedCVE-2019-20607
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019).2020-03-24not yet calculatedCVE-2019-20580
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).2020-03-24not yet calculatedCVE-2019-20608
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).2020-03-24not yet calculatedCVE-2019-20589
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).2020-03-24not yet calculatedCVE-2019-20576
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019).2020-03-24not yet calculatedCVE-2019-20592
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019).2020-03-24not yet calculatedCVE-2019-20577
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019).2020-03-24not yet calculatedCVE-2019-20591
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).2020-03-24not yet calculatedCVE-2020-10847
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019).2020-03-24not yet calculatedCVE-2019-20590
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).2020-03-24not yet calculatedCVE-2019-20579
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).2020-03-24not yet calculatedCVE-2019-20588
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).2020-03-24not yet calculatedCVE-2019-20593
CONFIRM
samsung -- multiple_mobile_devicesAn issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019).2020-03-24not yet calculatedCVE-2019-20609
CONFIRM
sonicwall -- sma1000_http_extraweb_serverA vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.2020-03-26not yet calculatedCVE-2020-5129
CONFIRM
sunnet -- sunnet_ehrdSunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.2020-03-27not yet calculatedCVE-2020-10509
MISC
sunnet -- sunnet_ehrdSunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.2020-03-27not yet calculatedCVE-2020-10508
MISC
sunnet -- sunnet_ehrdSunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.2020-03-27not yet calculatedCVE-2020-10510
MISC
techpowerup -- gpu-zAn issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.2020-03-25not yet calculatedCVE-2019-7245
MISC
tenable -- codesys_controlCODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.2020-03-26not yet calculatedCVE-2020-10245
CONFIRM
MISC
teradici -- pcoip_mangement_consoleTeradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.2020-03-25not yet calculatedCVE-2020-10965
MISC
MISC
totemo -- totemomailAn insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.2020-03-27not yet calculatedCVE-2020-7918
MISC
MISC
tp-link -- archer_a7_devicesThis vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.2020-03-25not yet calculatedCVE-2020-10887
MISC
tp-link -- archer_a7_devicesThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.2020-03-25not yet calculatedCVE-2020-10882
MISC
tp-link -- archer_a7_devicesThis vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.2020-03-25not yet calculatedCVE-2020-10881
MISC
tp-link -- archer_a7_devicesThis vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.2020-03-25not yet calculatedCVE-2020-10885
MISC
tp-link -- archer_a7_devicesThis vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.2020-03-25not yet calculatedCVE-2020-10888
MISC
tp-link -- archer_a7_devicesThis vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.2020-03-25not yet calculatedCVE-2020-10884
MISC
tp-link -- archer_a7_devicesThis vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.2020-03-25not yet calculatedCVE-2020-10883
MISC
tp-link -- archer_a7_devicesThis vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.2020-03-25not yet calculatedCVE-2020-10886
MISC
tp-link -- archer_c50_devicesTP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.2020-03-25not yet calculatedCVE-2020-9375
MISC
MISC
CONFIRM
tribal_group -- sits:visionAn authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.2020-03-25not yet calculatedCVE-2019-19127
MISC
FULLDISC
unisoon -- ultralog_expressUltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.2020-03-27not yet calculatedCVE-2020-3936
MISC
unisoon -- ultralog_expressUltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.2020-03-27not yet calculatedCVE-2020-3920
MISC
unisoon -- ultralog_expressUltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.2020-03-27not yet calculatedCVE-2020-3921
MISC
vesta_and_hestia -- vesta_control_panel_and_hestia_control_panelIn the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.2020-03-25not yet calculatedCVE-2020-10966
MISC
CONFIRM
MISC
wordpress -- wordpressThe custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.2020-03-27not yet calculatedCVE-2020-10817
MISC
MISC
yaml_project -- pyyamlA vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.2020-03-24not yet calculatedCVE-2020-1747
CONFIRM
MISC
FEDORA
FEDORA
FEDORA

Back to top

 

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.