Vulnerability Summary for the Week of March 23, 2020
Released
Mar 30, 2020
Document ID
SB20-090
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3797 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3793 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 10 | CVE-2020-3805 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3795 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3799 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3807 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3801 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 7.5 | CVE-2020-3792 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3787 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3775 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3785 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3788 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3784 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3783 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3789 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 7.5 | CVE-2020-3786 CONFIRM |
| apache -- traffic_server | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | 2020-03-23 | 7.5 | CVE-2019-17559 MISC |
| apache -- traffic_server | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | 2020-03-23 | 7.5 | CVE-2019-17565 MISC |
| apache -- traffic_server | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | 2020-03-23 | 7.5 | CVE-2020-1944 MISC |
| asus -- asuswrt | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. | 2020-03-20 | 7.8 | CVE-2018-20335 MISC |
| asus -- asuswrt | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. | 2020-03-20 | 10 | CVE-2018-20334 MISC |
| autoupdater.net -- autoupdater.net | AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | 2020-03-23 | 7.5 | CVE-2019-20627 MISC MISC |
| blamer -- blamer | Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | 2020-03-20 | 7.5 | CVE-2020-8137 MISC |
| cutephp -- cutenews | CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | 2020-03-25 | 9 | CVE-2020-5558 MISC |
| d-link -- dap-1650_devices | An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. | 2020-03-21 | 7.5 | CVE-2019-12767 CONFIRM |
| d-link -- multiple_routers | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. | 2020-03-23 | 8.3 | CVE-2020-8864 MISC MISC |
| d-link -- multiple_routers | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | 2020-03-23 | 8.3 | CVE-2020-8863 MISC MISC |
| ekakin -- shihonkanri_plus_goout | Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2020-03-25 | 10 | CVE-2020-5556 MISC |
| ez_platform -- ez_publish_kernel | eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | 2020-03-22 | 7.5 | CVE-2020-10806 MISC |
| google -- chrome | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6428 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6427 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6424 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6449 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6422 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 9.3 | CVE-2020-6429 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| grandstream -- ucm6200_series_devices | The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. | 2020-03-23 | 10 | CVE-2020-5722 MISC MISC |
| graphicsmagick -- graphicsmagick | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | 2020-03-24 | 7.5 | CVE-2020-10938 MISC |
| homee -- brain_cube | The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. | 2020-03-20 | 7.2 | CVE-2019-16258 MISC MISC |
| it-novum -- openitcockpit | openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | 2020-03-25 | 10 | CVE-2020-10789 MISC CONFIRM |
| keijiban_tsumiki_project -- keijiban_tsumiki | Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2020-03-25 | 10 | CVE-2020-5561 MISC |
| keitai-site.net -- maliform | mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 2020-03-25 | 10 | CVE-2020-5553 MISC |
| liferay -- liferay_portal | Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). | 2020-03-20 | 7.5 | CVE-2020-7961 MISC CONFIRM |
| linbit -- csync2 | An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | 2020-03-20 | 7.5 | CVE-2019-15522 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | 2020-03-24 | 10 | CVE-2020-7007 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | 2020-03-24 | 10 | CVE-2020-6981 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | 2020-03-24 | 10 | CVE-2020-6985 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. | 2020-03-24 | 7.5 | CVE-2020-6989 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. | 2020-03-24 | 7.5 | CVE-2020-6995 MISC |
| naver -- cloud_explorer | Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | 2020-03-23 | 7.5 | CVE-2020-9752 CONFIRM |
| netsas -- eigma_network_management_solution | An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. | 2020-03-20 | 10 | CVE-2019-16072 MISC |
| parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10028. | 2020-03-23 | 7.2 | CVE-2020-8875 MISC |
| quest -- foglight_evolve | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | 2020-03-23 | 10 | CVE-2020-8868 MISC MISC |
| rconfig-- rconfig | rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 2020-03-23 | 7.5 | CVE-2020-10879 MISC EXPLOIT-DB |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges. | 2020-03-20 | 9 | CVE-2019-15665 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges. | 2020-03-20 | 9 | CVE-2019-15661 MISC CONFIRM MISC |
| rockwell_automation -- factorytalk_diagnostics | In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. | 2020-03-23 | 10 | CVE-2020-6967 MISC |
| s9y -- serendipity | Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | 2020-03-25 | 7.5 | CVE-2020-10964 MISC MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20561 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019). | 2020-03-24 | 10 | CVE-2019-20622 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The BIOSUB Trustlet has an out of bounds write. The Samsung ID is SVE-2019-15261 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20560 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020). | 2020-03-24 | 7.5 | CVE-2020-10836 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019). | 2020-03-24 | 10 | CVE-2019-20583 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019). | 2020-03-24 | 7.5 | CVE-2019-20571 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20558 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019). | 2020-03-24 | 7.5 | CVE-2019-20582 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20562 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20556 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20553 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019). | 2020-03-24 | 7.5 | CVE-2019-20578 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019). | 2020-03-24 | 10 | CVE-2019-20584 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020). | 2020-03-24 | 10 | CVE-2020-10848 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019). | 2020-03-24 | 10 | CVE-2019-20585 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019). | 2020-03-24 | 7.5 | CVE-2019-20567 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019). | 2020-03-24 | 7.5 | CVE-2019-20572 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019). | 2020-03-24 | 10 | CVE-2019-20621 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019). | 2020-03-24 | 10 | CVE-2019-20545 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019). | 2020-03-24 | 7.5 | CVE-2019-20566 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019). | 2020-03-24 | 10 | CVE-2019-20586 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019). | 2020-03-24 | 10 | CVE-2019-20587 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019). | 2020-03-24 | 7.5 | CVE-2019-20581 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020). | 2020-03-24 | 10 | CVE-2020-10835 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November 2019). | 2020-03-24 | 10 | CVE-2019-20537 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020). | 2020-03-24 | 10 | CVE-2020-10837 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019). | 2020-03-24 | 7.5 | CVE-2019-20563 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019). | 2020-03-24 | 7.5 | CVE-2019-20530 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). | 2020-03-24 | 7.5 | CVE-2019-20536 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019). | 2020-03-24 | 7.5 | CVE-2019-20548 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019). | 2020-03-24 | 7.5 | CVE-2019-20544 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020). | 2020-03-24 | 10 | CVE-2020-10850 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019). | 2020-03-24 | 7.5 | CVE-2019-20549 CONFIRM |
| schneider_electric -- andover_continuum_controllers | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | 2020-03-23 | 7.5 | CVE-2020-7480 MISC |
schneider_electric -- multiple_products | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | 2020-03-23 | 7.5 | CVE-2020-7475 MISC |
| simple_machines -- simple_machines_forum | An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | 2020-03-20 | 7.5 | CVE-2019-11574 MISC MISC |
| spark_development_network -- rock_rms | Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | 2020-03-20 | 7.5 | CVE-2019-18641 CONFIRM MISC |
| svglib--svglib | The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | 2020-03-20 | 7.5 | CVE-2020-10799 MISC |
| tellabs -- optical_line_terminal_1150_devices | Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. | 2020-03-20 | 10 | CVE-2019-19148 MISC |
| tesla -- tesla_model_3_vehicles | The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. | 2020-03-20 | 7.1 | CVE-2020-10558 MISC |
| uppy -- uppy | The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. | 2020-03-20 | 7.5 | CVE-2020-8135 MISC |
| vesta -- vesta_control_panel | Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. | 2020-03-22 | 9 | CVE-2020-10808 MISC MISC MISC |
| videolabs -- libmicrodns | An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. | 2020-03-24 | 7.5 | CVE-2020-6072 MISC |
| weechat -- weechat | An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. | 2020-03-23 | 7.5 | CVE-2020-9760 MISC MLIST GENTOO MISC |
| wonderlink -- wl-enq | WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | 2020-03-25 | 10 | CVE-2020-5560 MISC |
| wordpress -- wordpress | An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. | 2020-03-23 | 7.5 | CVE-2020-9392 MISC |
| wordpress -- wordpress | The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 2020-03-20 | 7.5 | CVE-2019-12498 CONFIRM CONFIRM MISC |
| zendto -- zendto | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests. | 2020-03-24 | 7.5 | CVE-2020-8986 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acyba -- acymailing | Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | 2020-03-24 | 6.5 | CVE-2020-10934 MISC |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . | 2020-03-25 | 5 | CVE-2020-3800 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | 2020-03-25 | 6.8 | CVE-2020-3802 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | 2020-03-25 | 5 | CVE-2020-3804 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | 2020-03-25 | 5 | CVE-2020-3806 CONFIRM |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | 2020-03-25 | 4.4 | CVE-2020-3803 CONFIRM |
| adobe -- bridge | Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-9552 CONFIRM |
| adobe -- bridge | Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-9551 CONFIRM |
| adobe -- creative_cloud_desktop_application | Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. | 2020-03-25 | 5.8 | CVE-2020-3808 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-03-25 | 5 | CVE-2020-3769 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3780 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 5 | CVE-2020-3777 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 4.3 | CVE-2020-3778 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 4.3 | CVE-2020-3771 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 4.3 | CVE-2020-3782 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 4.3 | CVE-2020-3781 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3773 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3790 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2020-03-25 | 4.3 | CVE-2020-3791 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3776 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3774 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3772 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3770 CONFIRM |
| adobe -- photoshop_cc_2019_and_2020 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-03-25 | 6.8 | CVE-2020-3779 CONFIRM |
| apache -- tika | A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | 2020-03-23 | 4.3 | CVE-2020-1950 CONFIRM MLIST |
| apache -- tika | A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | 2020-03-23 | 4.3 | CVE-2020-1951 MISC MLIST |
| arm -- mbed_tls | Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | 2020-03-24 | 4.3 | CVE-2020-10941 MISC |
| artica -- artica_proxy | Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | 2020-03-22 | 6.5 | CVE-2020-10818 MISC |
| artica -- pandora_fms | Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. | 2020-03-23 | 6.5 | CVE-2020-7935 MISC |
| artica -- pandora_fms | In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | 2020-03-23 | 5 | CVE-2020-8497 MISC |
| artica -- pandora_fms | In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | 2020-03-23 | 6.5 | CVE-2020-8511 MISC |
| asus -- asuswrt | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. | 2020-03-20 | 5 | CVE-2018-20333 MISC |
| auto-maskin -- multiple_devices | In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 2020-03-23 | 6.4 | CVE-2019-6560 MISC |
| auto-maskin -- multiple_products | In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 2020-03-23 | 5 | CVE-2019-6558 MISC |
| centreon -- centreon | Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | 2020-03-20 | 6.5 | CVE-2019-19487 MISC |
| centreon -- centreon | Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | 2020-03-20 | 4 | CVE-2019-19486 MISC |
| centreon -- centreon | Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | 2020-03-20 | 5.8 | CVE-2019-19484 MISC |
| cmsmadesimple -- cms_made_simple | The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | 2020-03-20 | 6.8 | CVE-2020-10682 MISC |
| cutephp -- cutenews | Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-03-25 | 4.3 | CVE-2020-5557 MISC |
| druva -- insync_client | Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. | 2020-03-24 | 4.6 | CVE-2019-4001 MISC |
| eaton -- ups_companion_software | UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. | 2020-03-23 | 5.8 | CVE-2020-6650 MISC |
| ekakin -- shihonkanri_plus_goout | Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. | 2020-03-25 | 6.4 | CVE-2020-5555 MISC |
| ekakin -- shihonkanri_plus_goout | Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. | 2020-03-25 | 6.4 | CVE-2020-5554 MISC |
| elog -- electronic_logbook | This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115. | 2020-03-23 | 5 | CVE-2020-8859 MISC MISC |
| fastify -- fastify-multipart | Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | 2020-03-20 | 5 | CVE-2020-8136 MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. | 2020-03-20 | 6.8 | CVE-2020-8881 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625. | 2020-03-20 | 6.8 | CVE-2020-8878 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. | 2020-03-20 | 4.3 | CVE-2020-8877 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. | 2020-03-20 | 6.8 | CVE-2020-8880 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. | 2020-03-20 | 4.3 | CVE-2020-8879 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880. | 2020-03-20 | 4.3 | CVE-2020-8883 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811. | 2020-03-20 | 6.8 | CVE-2020-8882 MISC MISC |
| freeradius -- freeradius | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | 2020-03-21 | 5 | CVE-2019-17185 MISC CONFIRM |
| frozennode -- laravel_administrator | FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. | 2020-03-25 | 6.5 | CVE-2020-10963 MISC |
| ghost -- ghost_cms | Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | 2020-03-20 | 5.5 | CVE-2020-8134 MISC |
| gnupg -- gnupg | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | 2020-03-20 | 5 | CVE-2019-14855 CONFIRM MISC MISC MISC |
| google -- chrome | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2020-03-23 | 4.3 | CVE-2020-6426 SUSE SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | 2020-03-23 | 5.8 | CVE-2020-6425 SUSE MISC MISC FEDORA FEDORA FEDORA GENTOO DEBIAN |
| google -- chrome | Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 2020-03-23 | 6.8 | CVE-2020-6420 MISC MISC FEDORA |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. | 2020-03-24 | 4.3 | CVE-2019-20632 MISC |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. | 2020-03-24 | 4.3 | CVE-2019-20631 MISC |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. | 2020-03-24 | 4.3 | CVE-2019-20630 MISC MISC |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | 2020-03-24 | 4.3 | CVE-2019-20629 MISC MISC |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | 2020-03-24 | 4.3 | CVE-2019-20628 MISC MISC MISC |
| hashicorp -- vault_and_vault_enterprise | HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | 2020-03-23 | 5.8 | CVE-2020-10661 CONFIRM MISC |
| hdf_group -- hdf5 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. | 2020-03-22 | 4.3 | CVE-2020-10811 MISC MISC MISC |
| hdf_group -- hdf5 | An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. | 2020-03-22 | 4.3 | CVE-2020-10809 MISC MISC MISC |
| hdf_group -- hdf5 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. | 2020-03-22 | 4.3 | CVE-2020-10810 MISC MISC MISC |
| hdf_group -- hdf5 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. | 2020-03-22 | 5 | CVE-2020-10812 MISC MISC MISC |
| honeywell -- notifier_web_server | In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | 2020-03-24 | 6.4 | CVE-2020-6972 MISC |
| honeywell -- win-pak_devices | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | 2020-03-24 | 6.4 | CVE-2020-6978 MISC |
| honeywell -- win-pak_devices | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | 2020-03-24 | 5.8 | CVE-2020-6982 MISC |
| honeywell -- win-pak_devices | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | 2020-03-24 | 6.8 | CVE-2020-7005 MISC |
| horde -- groupware_webmail_edition | This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125. | 2020-03-23 | 4 | CVE-2020-8866 MLIST MISC MISC |
| horde -- groupware_webmail_edition | This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469. | 2020-03-23 | 6.5 | CVE-2020-8865 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | 4.6 | CVE-2020-1796 MISC |
| huawei -- secospace_antiddos8000_versions | Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. | 2020-03-20 | 6.8 | CVE-2020-1864 MISC |
| ibm -- api_connect | IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | 2020-03-24 | 5 | CVE-2019-4553 XF CONFIRM |
| ibm -- content_navigator | IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. | 2020-03-24 | 5 | CVE-2020-4309 XF CONFIRM |
| ibm -- content_navigator | IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. | 2020-03-24 | 6.5 | CVE-2020-4253 XF CONFIRM |
| ibm -- tivoli_netcool_impact | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. | 2020-03-24 | 4.3 | CVE-2019-4681 XF CONFIRM |
| inextrix_technologies -- astpp | An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | 2020-03-20 | 5 | CVE-2019-15075 MISC |
| insulet -- omnipod_insulin_management_system | The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | 2020-03-20 | 4.6 | CVE-2020-10597 MISC |
| it-novum -- openitcockpit | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | 2020-03-20 | 5 | CVE-2020-10792 MISC CONFIRM |
| it-novum -- openitcockpit | app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | 2020-03-25 | 4 | CVE-2020-10791 MISC CONFIRM |
| jenkins -- jenkins | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 2020-03-25 | 5 | CVE-2020-2165 MLIST CONFIRM |
| jenkins -- jenkins | A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | 2020-03-25 | 4.3 | CVE-2020-2169 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 2020-03-25 | 4 | CVE-2020-2164 MLIST CONFIRM |
| kde -- okular | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 2020-03-24 | 6.8 | CVE-2020-9359 CONFIRM CONFIRM MLIST FEDORA |
| keitai-site.net -- mailform | Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-03-25 | 4.3 | CVE-2020-5552 MISC |
| linux -- linux_kernel | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | 2020-03-24 | 4.9 | CVE-2020-10942 MISC MISC MISC |
| lix-pm -- lix | lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field. | 2020-03-21 | 6.8 | CVE-2020-10800 MISC |
| marketplace_expert -- subversion_alm | Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | 2020-03-20 | 4.3 | CVE-2020-9344 MISC MISC |
| mediawiki -- mediawiki | An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | 2020-03-20 | 5 | CVE-2019-16528 MISC MISC MISC MISC |
| memcached -- memcached | Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. | 2020-03-24 | 5 | CVE-2020-10931 MISC MISC MISC |
| mikrotik -- multiple_routers | The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | 2020-03-23 | 5 | CVE-2020-10364 MISC MISC |
| mitre -- caldera | auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. | 2020-03-22 | 5 | CVE-2020-10807 MISC MISC MISC MISC |
| motorola -- fx9500_devices | Motorola FX9500 devices allow remote attackers to read database files. | 2020-03-23 | 5 | CVE-2020-10874 MISC |
| motorola -- fx9500_devices | Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. | 2020-03-23 | 5 | CVE-2020-10875 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | 2020-03-24 | 5 | CVE-2020-6979 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | 2020-03-24 | 5 | CVE-2020-7001 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | 2020-03-24 | 5 | CVE-2020-6991 MISC |
| moxa -- eds-g516e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | 2020-03-24 | 5 | CVE-2020-6997 MISC |
moxa -- iologik_2500_series_controllers_and_ioexpress_configuration_utility | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. | 2020-03-24 | 5 | CVE-2019-18242 MISC |
moxa -- iologik_2500_series_controllers_and_ioxpres_configuration_utility | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | 2020-03-24 | 5 | CVE-2020-7003 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | 2020-03-24 | 5 | CVE-2020-6983 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | 2020-03-24 | 5 | CVE-2020-6987 MISC |
| moxa -- pt-7528_series_devices | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. | 2020-03-24 | 5 | CVE-2020-6993 MISC |
| mozilla -- bleach | In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | 2020-03-24 | 4.3 | CVE-2020-6816 MISC |
| mozilla -- bleach | In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | 2020-03-24 | 4.3 | CVE-2020-6802 MISC |
| mozilla -- firefox | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. | 2020-03-25 | 4.3 | CVE-2020-6808 MISC MISC |
| mozilla -- thunderbird_and_firefox_and_firefox_esr | When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | 6.8 | CVE-2020-6805 MISC MISC MISC MISC |
| mozilla -- thunderbird_and_firefox_and_firefox_esr | When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | 6.8 | CVE-2020-6807 MISC MISC MISC MISC |
| mozilla -- thunderbird_and_firefox_and_firefox_esr | By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | 6.8 | CVE-2020-6806 MISC MISC MISC MISC |
| netgear -- gs728tps_devices | On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. | 2020-03-23 | 4 | CVE-2019-19964 CONFIRM |
| netgear -- multiple_prosafe_devices | NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | 2020-03-23 | 6.5 | CVE-2016-11022 MISC MISC MISC |
| netsas -- enigma_network_management_solution | Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator. | 2020-03-20 | 6.5 | CVE-2019-16071 MISC |
| nextcloud -- nextcloud_desktop_client | A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 2020-03-20 | 4.6 | CVE-2020-8140 MISC CONFIRM |
| nextcloud -- nextcloud_server | A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 2020-03-20 | 4 | CVE-2020-8139 MISC CONFIRM |
| nextcloud -- nextcloud_server | A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 2020-03-20 | 4 | CVE-2020-8138 MISC CONFIRM |
| parallells -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032. | 2020-03-23 | 4.6 | CVE-2020-8874 MISC |
| parallells -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031. | 2020-03-23 | 4.6 | CVE-2020-8873 MISC |
| parallells -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403. | 2020-03-23 | 4.6 | CVE-2020-8871 MISC |
| phpbb -- phpbb | phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | 2020-03-20 | 5 | CVE-2019-16108 CONFIRM |
| phpmyadmin -- phpmyadmin | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | 2020-03-22 | 6 | CVE-2020-10804 SUSE MISC |
| phpmyadmin -- phpmyadmin | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. | 2020-03-22 | 6 | CVE-2020-10802 SUSE MLIST MISC |
| pki-core -- pki-core | A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. | 2020-03-20 | 4.3 | CVE-2019-10221 CONFIRM |
| pki-core -- pki-core | A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | 2020-03-20 | 4.3 | CVE-2019-10179 CONFIRM |
| rainloop -- webmail | RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | 2020-03-20 | 4.3 | CVE-2019-13389 MISC |
| rconfig -- rconfig | An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | 2020-03-20 | 5 | CVE-2020-9425 MISC CONFIRM |
| red_hat -- jboss_keycloak | A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. | 2020-03-24 | 5 | CVE-2020-1744 CONFIRM CONFIRM |
| red_hat -- openshift/mediawiki | A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | 4.6 | CVE-2020-1709 CONFIRM |
| red_hat -- openshift/mediawiki-apb | A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | 4.6 | CVE-2019-19345 CONFIRM |
| red_hat -- openshift/postgresql-apb | A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | 2020-03-20 | 4.4 | CVE-2020-1707 CONFIRM |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2). | 2020-03-20 | 4 | CVE-2019-15663 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2). | 2020-03-20 | 4 | CVE-2019-15664 MISC CONFIRM MISC |
| rivet_networks -- killer_control_center | An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges. | 2020-03-20 | 4 | CVE-2019-15662 MISC CONFIRM MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | 2020-03-20 | 5 | CVE-2019-18785 CONFIRM CONFIRM |
| salesagility -- suitecrm | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | 2020-03-20 | 5 | CVE-2019-18782 CONFIRM CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019). | 2020-03-24 | 5 | CVE-2019-20619 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019). | 2020-03-24 | 5 | CVE-2019-20612 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). | 2020-03-24 | 5 | CVE-2020-10854 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020). | 2020-03-24 | 4.6 | CVE-2020-10829 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | 2020-03-24 | 5 | CVE-2020-10849 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). | 2020-03-24 | 5 | CVE-2019-20555 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). | 2020-03-24 | 5 | CVE-2020-10834 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019). | 2020-03-24 | 5 | CVE-2019-20564 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019). | 2020-03-24 | 5 | CVE-2019-20618 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). | 2020-03-24 | 5 | CVE-2019-20616 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). | 2020-03-24 | 5 | CVE-2020-10831 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020). | 2020-03-24 | 4.6 | CVE-2020-10841 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). | 2020-03-24 | 5 | CVE-2020-10853 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019). | 2020-03-24 | 5 | CVE-2019-20602 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019). | 2020-03-24 | 4.6 | CVE-2019-20594 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). | 2020-03-24 | 4.6 | CVE-2019-20574 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). | 2020-03-24 | 4.6 | CVE-2019-20573 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019). | 2020-03-24 | 4.6 | CVE-2019-20542 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019). | 2020-03-24 | 5 | CVE-2019-20603 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). | 2020-03-24 | 4.8 | CVE-2019-20575 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. There is a heap overflow in the knox_kap driver. The Samsung ID is SVE-2019-14857 (November 2019). | 2020-03-24 | 4.6 | CVE-2019-20538 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). | 2020-03-24 | 5 | CVE-2019-20599 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020). | 2020-03-24 | 4.6 | CVE-2020-10838 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020). | 2020-03-24 | 4.6 | CVE-2020-10852 MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019). | 2020-03-24 | 5 | CVE-2019-20570 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019). | 2020-03-24 | 6.4 | CVE-2019-20596 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019). | 2020-03-24 | 5 | CVE-2019-20551 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019). | 2020-03-24 | 5 | CVE-2019-20552 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020). | 2020-03-24 | 4.6 | CVE-2020-10842 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020). | 2020-03-24 | 4.6 | CVE-2020-10851 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019). | 2020-03-24 | 6.4 | CVE-2019-20597 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020). | 2020-03-24 | 4.4 | CVE-2020-10843 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020). | 2020-03-24 | 4.4 | CVE-2020-10845 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019). | 2020-03-24 | 5 | CVE-2019-20617 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020). | 2020-03-24 | 6.4 | CVE-2020-10844 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). | 2020-03-24 | 4.6 | CVE-2020-10839 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). | 2020-03-24 | 5 | CVE-2019-20624 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019). | 2020-03-24 | 5 | CVE-2019-20547 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020). | 2020-03-24 | 4.6 | CVE-2020-10832 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019). | 2020-03-24 | 6.8 | CVE-2019-20568 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). | 2020-03-24 | 5 | CVE-2019-20565 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019). | 2020-03-24 | 5 | CVE-2019-20620 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019). | 2020-03-24 | 5 | CVE-2019-20539 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019). | 2020-03-24 | 5 | CVE-2019-20532 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020). | 2020-03-24 | 5 | CVE-2020-10833 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). | 2020-03-24 | 5 | CVE-2019-20601 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019). | 2020-03-24 | 4.6 | CVE-2019-20541 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | 2020-03-24 | 5 | CVE-2019-20614 CONFIRM |
| schneider_electric -- andover_continuum_controllers | A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server. | 2020-03-23 | 4.3 | CVE-2020-7482 MISC |
| schneider_electric -- andover_continuum_controllers | A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. | 2020-03-23 | 4.3 | CVE-2020-7481 MISC |
| schneider_electric -- interactive_graphical_scada_system | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | 2020-03-23 | 5 | CVE-2020-7478 MISC |
| schneider_electric -- interactive_graphical_scada_system | A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. | 2020-03-23 | 4.6 | CVE-2020-7479 MISC |
| schneider_electric -- multiple_devices | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus. | 2020-03-23 | 5 | CVE-2020-7477 MISC |
| schneider_electric -- pmepxm0100_devices | A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. | 2020-03-23 | 4.4 | CVE-2020-7474 MISC |
| schneider_electric -- zigbee_installation_kit | A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | 2020-03-23 | 4.4 | CVE-2020-7476 MISC |
| signotec -- signopad-api/web | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. | 2020-03-20 | 4.3 | CVE-2020-9343 MISC |
| signotec -- signopad-api/web | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. | 2020-03-20 | 4.3 | CVE-2020-9345 MISC |
| squid -- squid | Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 2020-03-20 | 4.3 | CVE-2019-18860 CONFIRM MISC |
| sustainsys -- saml2 | Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use. | 2020-03-25 | 4.9 | CVE-2020-5261 MISC MISC CONFIRM |
| swann -- multiple_dvr_devices | On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | 2020-03-21 | 6.8 | CVE-2013-7487 MISC |
| synacor -- zimbra_zm-mailbox | cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. | 2020-03-20 | 4 | CVE-2020-10194 MISC MISC CONFIRM |
| tor_project -- tor | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. | 2020-03-23 | 5 | CVE-2020-10593 SUSE GENTOO MISC |
| tor_project -- tor | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | 2020-03-23 | 5 | CVE-2020-10592 SUSE GENTOO MISC |
| univalue -- univalue | UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. | 2020-03-21 | 5 | CVE-2019-18936 MISC MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. | 2020-03-24 | 5 | CVE-2020-6078 MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. | 2020-03-24 | 5 | CVE-2020-6080 MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. | 2020-03-24 | 5 | CVE-2020-6079 MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 2020-03-24 | 5 | CVE-2020-6073 MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 2020-03-24 | 5 | CVE-2020-6071 MISC |
| videolabs -- libmicrodns | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 2020-03-24 | 5 | CVE-2020-6077 MISC |
| wago -- pfc200_devices | An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. | 2020-03-23 | 4.6 | CVE-2019-5184 MISC |
| wago -- pfc200_devices | An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. | 2020-03-23 | 4.4 | CVE-2019-5185 MISC |
| wago -- pfc200_devices | An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. | 2020-03-23 | 4.4 | CVE-2019-5186 MISC |
| weechat -- weechat | An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash. | 2020-03-23 | 5 | CVE-2020-9759 MISC MLIST GENTOO MISC |
| wonderlink -- wl-enq | Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2020-03-25 | 4.3 | CVE-2020-5559 MISC |
| wordpress -- wordpress | An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | 2020-03-20 | 4.3 | CVE-2019-13463 MISC MISC |
| xmidt -- cjwt | Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance. | 2020-03-20 | 5 | CVE-2019-19324 MISC MISC |
| zendto -- zendto | ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | 2020-03-24 | 6.8 | CVE-2020-8985 MISC |
| zendto -- zendto | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | 2020-03-24 | 5 | CVE-2020-8984 MISC MISC |
| zoho -- manageengine_asset_explorer | Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges. | 2020-03-23 | 6.5 | CVE-2019-19034 CONFIRM |
| zoho -- manageengine_assetexplorer | An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. | 2020-03-23 | 4.9 | CVE-2020-8838 CONFIRM |
| zoho -- manageengine_desktop_central | ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | 2020-03-23 | 4.3 | CVE-2019-15510 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cmsmadesimple -- cms_made_simple | The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | 2020-03-20 | 3.5 | CVE-2020-10681 MISC |
| honda -- hr-v_2017_vehicles | The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | 2020-03-23 | 3.3 | CVE-2019-20626 MISC |
| huawei -- campusinsight_and_manageone | There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050. | 2020-03-20 | 2.1 | CVE-2020-1862 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | 2.1 | CVE-2020-1794 MISC |
huawei -- mate_20_and_mate_30_pro_smartphones | There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | 2.1 | CVE-2020-1795 MISC |
| huawei -- mate_20_and_mate_30_pro_smartphones | There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | 2020-03-20 | 2.1 | CVE-2020-1793 MISC |
| huawei -- multiple_products | There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). | 2020-03-20 | 3.6 | CVE-2020-1879 MISC |
| huawei -- oxfords-an00a_smartphone | Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. | 2020-03-20 | 2.1 | CVE-2020-1878 MISC |
| ibm -- jazz_for_service_management | IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. | 2020-03-23 | 3.5 | CVE-2019-4718 XF CONFIRM |
| it-novum -- openitcockpit | openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | 2020-03-25 | 3.5 | CVE-2020-10790 MISC MISC CONFIRM |
| jenkins -- jenkins | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | 2020-03-25 | 3.5 | CVE-2020-2163 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | 2020-03-25 | 3.5 | CVE-2020-2162 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | 2020-03-25 | 3.5 | CVE-2020-2170 MLIST CONFIRM |
| micro_focus -- vibe | A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | 2020-03-25 | 3.5 | CVE-2020-9520 FULLDISC MISC |
| nagios -- nagios_xi | Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | 2020-03-22 | 3.5 | CVE-2020-10819 MISC |
| nagios -- nagios_xi | Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | 2020-03-22 | 3.5 | CVE-2020-10820 MISC |
| nagios -- nagios_xi | Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | 2020-03-22 | 3.5 | CVE-2020-10821 MISC |
| netapp -- oncommand_system_manager | OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | 2020-03-24 | 3.5 | CVE-2019-17276 MISC |
| parallels -- parallells_desktop | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428. | 2020-03-23 | 2.1 | CVE-2020-8872 MISC |
| parallels -- parallells_desktop | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029. | 2020-03-23 | 2.1 | CVE-2020-8876 MISC |
| phpmyadmin -- phpmyadmin | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | 2020-03-22 | 3.5 | CVE-2020-10803 SUSE MLIST MISC |
| piwigo -- piwigo | Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. | 2020-03-26 | 3.5 | CVE-2020-9467 CONFIRM |
| pki-core -- pki-core | A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. | 2020-03-20 | 3.5 | CVE-2020-1696 CONFIRM |
| prestashop -- prestashop | PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0 | 2020-03-25 | 3.5 | CVE-2020-5277 MISC CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019). | 2020-03-24 | 2.1 | CVE-2019-20550 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020). | 2020-03-24 | 2.1 | CVE-2020-10830 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | 2020-03-24 | 2.1 | CVE-2019-20625 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020). | 2020-03-24 | 1.9 | CVE-2020-10846 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020). | 2020-03-24 | 3.6 | CVE-2020-10840 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019). | 2020-03-24 | 2.1 | CVE-2019-20533 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). | 2020-03-24 | 3.6 | CVE-2019-20600 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019). | 2020-03-24 | 2.1 | CVE-2019-20535 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019). | 2020-03-24 | 2.1 | CVE-2019-20540 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019). | 2020-03-24 | 2.1 | CVE-2019-20543 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019). | 2020-03-24 | 2.1 | CVE-2019-20557 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019). | 2020-03-24 | 2.1 | CVE-2019-20554 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). | 2020-03-24 | 3.3 | CVE-2019-20546 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). | 2020-03-24 | 2.1 | CVE-2019-20559 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019). | 2020-03-24 | 2.1 | CVE-2019-20569 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019). | 2020-03-24 | 2.1 | CVE-2019-20595 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019). | 2020-03-24 | 2.1 | CVE-2019-20534 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019). | 2020-03-24 | 2.1 | CVE-2019-20615 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). | 2020-03-24 | 1.9 | CVE-2019-20623 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). | 2020-03-24 | 2.1 | CVE-2019-20598 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). | 2020-03-24 | 2.1 | CVE-2020-10855 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019). | 2020-03-24 | 3.6 | CVE-2019-20531 CONFIRM |
| telegram -- telegram_for_android | The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | 2020-03-24 | 3.6 | CVE-2020-10570 MISC |
| wordpress -- wordpress | A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | 2020-03-24 | 3.5 | CVE-2020-10385 MISC MISC MISC MISC MISC |
| zim -- zim | Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. | 2020-03-23 | 2.1 | CVE-2020-10870 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_gatewayservice | An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. | 2020-03-26 | not yet calculated | CVE-2019-5105 MISC |
| accenture -- mercury | An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | 2020-03-27 | not yet calculated | CVE-2020-10990 MISC MISC |
adobe -- coldfusion | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. | 2020-03-25 | not yet calculated | CVE-2020-3794 CONFIRM |
| adobe -- coldfusion | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. | 2020-03-25 | not yet calculated | CVE-2020-3761 CONFIRM |
| adobe -- genuine_integrity_service | Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | 2020-03-25 | not yet calculated | CVE-2020-3766 CONFIRM |
| advantech -- webaccess | In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | 2020-03-27 | not yet calculated | CVE-2020-10607 MISC |
| apache -- shiro | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 2020-03-25 | not yet calculated | CVE-2020-1957 MISC MLIST |
| asus -- asus_device_activation | DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | 2020-03-25 | not yet calculated | CVE-2020-10649 MISC MISC MISC MISC |
| azkaban -- azkaban | Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | 2020-03-27 | not yet calculated | CVE-2020-10992 MISC |
| canonical -- ubuntu | Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | 2020-03-26 | not yet calculated | CVE-2019-15796 UBUNTU UBUNTU |
| canonical -- ubuntu | python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | 2020-03-26 | not yet calculated | CVE-2019-15795 UBUNTU UBUNTU |
| cesnet -- perun | In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. | 2020-03-25 | not yet calculated | CVE-2020-5281 MISC MISC CONFIRM |
| dart -- dart | An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. | 2020-03-26 | not yet calculated | CVE-2020-8923 CONFIRM |
| draytek -- multiple_devices | A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | 2020-03-26 | not yet calculated | CVE-2020-10828 MISC |
| draytek -- multiple_devices | /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | 2020-03-26 | not yet calculated | CVE-2020-10826 MISC |
| draytek -- multiple_devices | A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). | 2020-03-26 | not yet calculated | CVE-2020-10825 MISC |
| draytek -- multiple_devices | A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). | 2020-03-26 | not yet calculated | CVE-2020-10824 MISC |
| draytek -- multiple_devices | A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). | 2020-03-26 | not yet calculated | CVE-2020-10823 MISC |
| draytek -- multiple_devices | A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | 2020-03-26 | not yet calculated | CVE-2020-10827 MISC |
| f5 -- big-ip | On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). | 2020-03-27 | not yet calculated | CVE-2020-5860 MISC |
| f5 -- big-ip | On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. | 2020-03-27 | not yet calculated | CVE-2020-5861 MISC |
| f5 -- big-ip | On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS. | 2020-03-27 | not yet calculated | CVE-2020-5862 MISC |
| f5 -- big-ip | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. | 2020-03-27 | not yet calculated | CVE-2020-5857 MISC |
| f5 -- big-ip | On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command. | 2020-03-27 | not yet calculated | CVE-2020-5858 MISC |
| f5 -- big-ip | On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. | 2020-03-27 | not yet calculated | CVE-2020-5859 MISC |
| f5 -- nginx_controller | In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. | 2020-03-27 | not yet calculated | CVE-2020-5863 MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | 2020-03-26 | not yet calculated | CVE-2020-10969 MISC MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | 2020-03-26 | not yet calculated | CVE-2020-10968 MISC MISC |
| finalwire -- aida64 | An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-03-25 | not yet calculated | CVE-2019-7244 MISC |
| gigabyte -- app_center | An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-03-25 | not yet calculated | CVE-2019-7630 MISC |
gitlab -- gillab_enterprise_and_community_editions | GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | 2020-03-27 | not yet calculated | CVE-2020-10955 CONFIRM MISC |
| gitlab -- gitlab | GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | 2020-03-27 | not yet calculated | CVE-2020-10956 CONFIRM MISC |
| gitlab -- gitlab | GitLab through 12.9 is affected by a potential DoS in repository archive download. | 2020-03-27 | not yet calculated | CVE-2020-10954 CONFIRM MISC |
gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | 2020-03-27 | not yet calculated | CVE-2020-10952 CONFIRM MISC |
| gitlab -- gitlab_enterprise_edition | In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | 2020-03-27 | not yet calculated | CVE-2020-10953 CONFIRM MISC |
| gnu_patch -- gnu_patch | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | 2020-03-25 | not yet calculated | CVE-2019-20633 MISC |
| google -- closure-library | A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315. | 2020-03-26 | not yet calculated | CVE-2020-8910 CONFIRM CONFIRM |
| gstreamer -- gst-rtsp-server | An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 2020-03-27 | not yet calculated | CVE-2020-6095 MISC |
| harris_ormed_self_service -- harris_ormed_self_service | Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more. | 2020-03-25 | not yet calculated | CVE-2019-18626 MISC |
| hashicorp -- vault_and_vault_enterprise | HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. | 2020-03-23 | not yet calculated | CVE-2020-10660 CONFIRM MISC |
| http4s -- http4s | http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. | 2020-03-25 | not yet calculated | CVE-2020-5280 MISC MISC MISC CONFIRM |
| huawei -- oxfordp-an10b_smartphones | Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | 2020-03-26 | not yet calculated | CVE-2020-9066 MISC |
| huawei -- p30_smartphones | HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations. | 2020-03-26 | not yet calculated | CVE-2020-1800 MISC |
| huawei -- taurus-al00b_smartphones | Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. | 2020-03-26 | not yet calculated | CVE-2020-9065 MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. | 2020-03-26 | not yet calculated | CVE-2020-4276 XF CONFIRM |
| it-novum -- openitcockpit | openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. | 2020-03-25 | not yet calculated | CVE-2020-10788 MISC CONFIRM |
| jenkins -- jenkins | Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 2020-03-25 | not yet calculated | CVE-2020-2166 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 2020-03-25 | not yet calculated | CVE-2020-2168 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-03-25 | not yet calculated | CVE-2020-2171 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | 2020-03-25 | not yet calculated | CVE-2020-2160 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | 2020-03-25 | not yet calculated | CVE-2020-2161 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 2020-03-25 | not yet calculated | CVE-2020-2167 MLIST CONFIRM |
| kiali -- kiali | A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | 2020-03-26 | not yet calculated | CVE-2020-1764 CONFIRM MISC |
| kubernetes -- api_server | The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | 2020-03-27 | not yet calculated | CVE-2020-8552 MISC MISC |
| kubernetes -- kubelet | The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | 2020-03-27 | not yet calculated | CVE-2020-8551 MISC MISC |
| lenovo -- multiple_notebooks | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. | 2020-03-27 | not yet calculated | CVE-2015-5684 MISC |
| lenovo -- solution_center | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | 2020-03-27 | not yet calculated | CVE-2015-8534 MISC |
| lenovo -- solution_center | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | 2020-03-27 | not yet calculated | CVE-2015-8536 MISC |
| lenovo -- solution_center | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | 2020-03-27 | not yet calculated | CVE-2015-8535 MISC |
| lenovo -- system_update | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | 2020-03-27 | not yet calculated | CVE-2015-7334 MISC |
| lenovo -- system_update | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | 2020-03-27 | not yet calculated | CVE-2015-7335 MISC |
| lenovo -- system_update | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | 2020-03-27 | not yet calculated | CVE-2015-7336 MISC |
| lenovo -- system_update | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | 2020-03-27 | not yet calculated | CVE-2015-7333 MISC |
mcafee -- mcafee_application_and_change_control | DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | 2020-03-26 | not yet calculated | CVE-2020-7260 CONFIRM |
| micro_focus -- service_manager_automation | An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | 2020-03-26 | not yet calculated | CVE-2020-9521 MISC |
| moo0 -- moo0_system_monitor | An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-03-25 | not yet calculated | CVE-2019-7240 MISC |
| moxa -- eds-g16e_series_devices | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. | 2020-03-26 | not yet calculated | CVE-2020-6999 MISC |
| mozilla -- firefox | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. | 2020-03-25 | not yet calculated | CVE-2020-6813 MISC MISC |
| mozilla -- firefox | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. | 2020-03-25 | not yet calculated | CVE-2020-6815 MISC MISC |
| mozilla -- firefox | After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74. | 2020-03-25 | not yet calculated | CVE-2020-6810 MISC MISC |
| mozilla -- firefox | When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | 2020-03-25 | not yet calculated | CVE-2020-6809 MISC MISC |
mozilla -- thunderbird_and_firefox_and_firefox_esr | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | not yet calculated | CVE-2020-6812 MISC MISC MISC MISC |
mozilla -- thunderbird_and_firefox_and_firefox_esr | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | not yet calculated | CVE-2020-6814 MISC MISC MISC MISC |
mozilla -- thunderbird_and_firefox_and_firefox_esr | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | 2020-03-25 | not yet calculated | CVE-2020-6811 MISC MISC MISC MISC |
| mulesoft -- apikit | Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java | 2020-03-27 | not yet calculated | CVE-2020-10991 MISC |
| nick_chan_bot -- nick_chan_bot | In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta | 2020-03-25 | not yet calculated | CVE-2020-5282 MISC CONFIRM |
| osmand -- osmand | Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. | 2020-03-27 | not yet calculated | CVE-2020-10993 MISC |
| otrs -- open_ticket_request_system | It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. | 2020-03-27 | not yet calculated | CVE-2020-1773 MISC |
| otrs -- open_ticket_request_system | Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | 2020-03-27 | not yet calculated | CVE-2020-1771 MISC |
| otrs -- open_ticket_request_system | It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | 2020-03-27 | not yet calculated | CVE-2020-1772 MISC |
| otrs -- open_ticket_request_system | Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | 2020-03-27 | not yet calculated | CVE-2020-1770 MISC |
| otrs -- open_ticket_request_system | In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | 2020-03-27 | not yet calculated | CVE-2020-1769 MISC |
| phoenix_contact -- pc_worx_srt | Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | 2020-03-27 | not yet calculated | CVE-2020-10939 CONFIRM |
| phoenix_contact -- portico_server | Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. | 2020-03-27 | not yet calculated | CVE-2020-10940 CONFIRM |
| piwigo -- piwigo | The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 2020-03-26 | not yet calculated | CVE-2020-9468 MISC MISC |
| puppet -- continuous_delivery_for_puppet_enterprise | In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | 2020-03-26 | not yet calculated | CVE-2020-7944 MISC |
| pyup -- pyup_safety_tool | The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker. | 2020-03-23 | not yet calculated | CVE-2020-5252 CONFIRM CONFIRM CONFIRM |
| red_hat -- ansible_engine | A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. | 2020-03-24 | not yet calculated | CVE-2020-10684 CONFIRM |
| rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. | 2020-03-26 | not yet calculated | CVE-2020-5340 MISC |
| rsa -- authentication_manager | RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser. | 2020-03-26 | not yet calculated | CVE-2020-5339 MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019). | 2020-03-24 | not yet calculated | CVE-2019-20606 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019). | 2020-03-24 | not yet calculated | CVE-2019-20613 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019). | 2020-03-24 | not yet calculated | CVE-2019-20605 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019). | 2020-03-24 | not yet calculated | CVE-2019-20604 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). | 2020-03-24 | not yet calculated | CVE-2019-20610 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019). | 2020-03-24 | not yet calculated | CVE-2019-20611 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019). | 2020-03-24 | not yet calculated | CVE-2019-20607 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20580 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019). | 2020-03-24 | not yet calculated | CVE-2019-20608 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20589 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20576 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019). | 2020-03-24 | not yet calculated | CVE-2019-20592 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20577 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019). | 2020-03-24 | not yet calculated | CVE-2019-20591 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020). | 2020-03-24 | not yet calculated | CVE-2020-10847 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019). | 2020-03-24 | not yet calculated | CVE-2019-20590 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20579 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019). | 2020-03-24 | not yet calculated | CVE-2019-20588 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). | 2020-03-24 | not yet calculated | CVE-2019-20593 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). | 2020-03-24 | not yet calculated | CVE-2019-20609 CONFIRM |
| sonicwall -- sma1000_http_extraweb_server | A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. | 2020-03-26 | not yet calculated | CVE-2020-5129 CONFIRM |
| sunnet -- sunnet_ehrd | Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | 2020-03-27 | not yet calculated | CVE-2020-10509 MISC |
| sunnet -- sunnet_ehrd | Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | 2020-03-27 | not yet calculated | CVE-2020-10508 MISC |
| sunnet -- sunnet_ehrd | Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | 2020-03-27 | not yet calculated | CVE-2020-10510 MISC |
| techpowerup -- gpu-z | An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | 2020-03-25 | not yet calculated | CVE-2019-7245 MISC |
| tenable -- codesys_control | CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. | 2020-03-26 | not yet calculated | CVE-2020-10245 CONFIRM MISC |
| teradici -- pcoip_mangement_console | Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2. | 2020-03-25 | not yet calculated | CVE-2020-10965 MISC MISC |
| totemo -- totemomail | An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | 2020-03-27 | not yet calculated | CVE-2020-7918 MISC MISC |
| tp-link -- archer_a7_devices | This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. | 2020-03-25 | not yet calculated | CVE-2020-10887 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. | 2020-03-25 | not yet calculated | CVE-2020-10882 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. | 2020-03-25 | not yet calculated | CVE-2020-10881 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. | 2020-03-25 | not yet calculated | CVE-2020-10885 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. | 2020-03-25 | not yet calculated | CVE-2020-10888 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. | 2020-03-25 | not yet calculated | CVE-2020-10884 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651. | 2020-03-25 | not yet calculated | CVE-2020-10883 MISC |
| tp-link -- archer_a7_devices | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. | 2020-03-25 | not yet calculated | CVE-2020-10886 MISC |
| tp-link -- archer_c50_devices | TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | 2020-03-25 | not yet calculated | CVE-2020-9375 MISC MISC CONFIRM |
| tribal_group -- sits:vision | An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does. | 2020-03-25 | not yet calculated | CVE-2019-19127 MISC FULLDISC |
| unisoon -- ultralog_express | UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | 2020-03-27 | not yet calculated | CVE-2020-3936 MISC |
| unisoon -- ultralog_express | UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. | 2020-03-27 | not yet calculated | CVE-2020-3920 MISC |
| unisoon -- ultralog_express | UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | 2020-03-27 | not yet calculated | CVE-2020-3921 MISC |
| vesta_and_hestia -- vesta_control_panel_and_hestia_control_panel | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | 2020-03-25 | not yet calculated | CVE-2020-10966 MISC CONFIRM MISC |
| wordpress -- wordpress | The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. | 2020-03-27 | not yet calculated | CVE-2020-10817 MISC MISC |
| yaml_project -- pyyaml | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. | 2020-03-24 | not yet calculated | CVE-2020-1747 CONFIRM MISC FEDORA FEDORA FEDORA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.