Weekly Vulnerabilities Reports > January 13 to 19, 2020
Overview
499 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 181 high severity vulnerabilities. This weekly summary report vulnerabilities in 837 products from 141 vendors including Oracle, Microsoft, Canonical, Netapp, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Privilege Management", "Out-of-bounds Write", and "Cross-Site Request Forgery (CSRF)".
- 372 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 101 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 259 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 211 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
33 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-01-16 | CVE-2019-10940 | Siemens | Improper Privilege Management vulnerability in Siemens Sinema Server 12.0/13.0/14.0 A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). | 9.9 |
2020-01-15 | CVE-2020-2587 | Oracle | Unspecified vulnerability in Oracle Human Resources Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). | 9.9 |
2020-01-15 | CVE-2020-2586 | Oracle | Unspecified vulnerability in Oracle Human Resources Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). | 9.9 |
2020-01-19 | CVE-2020-7233 | Kmccontrols | Insufficiently Protected Credentials vulnerability in Kmccontrols Bac-A1616Bc Firmware KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | 9.8 |
2020-01-17 | CVE-2014-5007 | Zohocorp | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 9.8 |
2020-01-17 | CVE-2019-17361 | Saltstack Debian Opensuse Canonical | Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. | 9.8 |
2020-01-15 | CVE-2009-1120 | Dell | Unspecified vulnerability in Dell EMC Replistor EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. | 9.8 |
2020-01-15 | CVE-2020-2555 | Oracle | Deserialization of Untrusted Data vulnerability in Oracle products Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). | 9.8 |
2020-01-15 | CVE-2020-2551 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 9.8 |
2020-01-15 | CVE-2020-2546 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). | 9.8 |
2020-01-15 | CVE-2019-9493 | Mycarcontrols | Use of Hard-coded Credentials vulnerability in Mycarcontrols Mycar Controls The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. | 9.8 |
2020-01-15 | CVE-2015-5952 | Thomsonreuters | Path Traversal vulnerability in Thomsonreuters Fatca Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter. | 9.8 |
2020-01-15 | CVE-2007-4773 | Systrace Project | Double Free vulnerability in Systrace Project Systrace Systrace before 1.6.0 has insufficient escape policy enforcement. | 9.8 |
2020-01-15 | CVE-2005-4891 | Simplemachines | SQL Injection vulnerability in Simplemachines Simple Machine Forum Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | 9.8 |
2020-01-15 | CVE-2015-7874 | Portapps | Classic Buffer Overflow vulnerability in Portapps Kitty Portable 0.65.0.2P Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname. | 9.8 |
2020-01-14 | CVE-2020-0646 | Microsoft | XML Injection (aka Blind XPath Injection) vulnerability in Microsoft .Net Framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | 9.8 |
2020-01-14 | CVE-2020-0610 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
2020-01-14 | CVE-2020-0609 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
2020-01-14 | CVE-2011-2715 | Drupal | SQL Injection vulnerability in Drupal Data and Drupal An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | 9.8 |
2020-01-14 | CVE-2011-3203 | Jcow | Improper Input Validation vulnerability in Jcow CMS 4.2/5.2 A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | 9.8 |
2020-01-14 | CVE-2020-5505 | Vaaip | OS Command Injection vulnerability in Vaaip Freelancy 1.0.0 Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | 9.8 |
2020-01-14 | CVE-2015-8367 | Libraw | Improper Initialization vulnerability in Libraw The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | 9.8 |
2020-01-14 | CVE-2015-8366 | Libraw | Improper Validation of Array Index vulnerability in Libraw Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | 9.8 |
2020-01-14 | CVE-2019-0219 | Apache Oracle | A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. | 9.8 |
2020-01-13 | CVE-2012-4750 | Ezhometech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ezhometech Ezserver 7.0 A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service | 9.8 |
2020-01-13 | CVE-2020-6948 | Hashbrowncms | OS Command Injection vulnerability in Hashbrowncms Hashbrown CMS A remote code execution issue was discovered in HashBrown CMS through 1.3.3. | 9.8 |
2020-01-13 | CVE-2013-6225 | Livezilla | Path Traversal vulnerability in Livezilla 5.0.1.4 LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | 9.8 |
2020-01-13 | CVE-2014-5381 | Granding | Insufficiently Protected Credentials vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows a brute-force attack on the PIN. | 9.8 |
2020-01-17 | CVE-2019-15855 | Maarch | Path Traversal vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 9.1 |
2020-01-16 | CVE-2020-7048 | Webfactoryltd | Missing Authentication for Critical Function vulnerability in Webfactoryltd WP Database Reset The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. | 9.1 |
2020-01-14 | CVE-2020-0654 | Microsoft | Unspecified vulnerability in Microsoft Onedrive A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'. | 9.1 |
2020-01-14 | CVE-2020-6958 | YET Another Java Service Wrapper Project | XXE vulnerability in YET Another Java Service Wrapper Project YET Another Java Service Wrapper 12.14 An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service. | 9.1 |
2020-01-17 | CVE-2019-17634 | Eclipse | Cross-site Scripting vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. | 9.0 |
181 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-01-17 | CVE-2019-15854 | Maarch | Unspecified vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 8.8 |
2020-01-17 | CVE-2019-3683 | Suse HP | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. | 8.8 |
2020-01-16 | CVE-2019-5145 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. | 8.8 |
2020-01-16 | CVE-2019-5131 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. | 8.8 |
2020-01-16 | CVE-2019-5130 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. | 8.8 |
2020-01-16 | CVE-2019-5126 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. | 8.8 |
2020-01-16 | CVE-2020-7047 | Webfactoryltd | Improper Privilege Management vulnerability in Webfactoryltd WP Database Reset The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. | 8.8 |
2020-01-15 | CVE-2019-19854 | Serpico Project | Cross-Site Request Forgery (CSRF) vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 8.8 |
2020-01-15 | CVE-2019-20097 | Atlassian | Unspecified vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. | 8.8 |
2020-01-15 | CVE-2019-15012 | Atlassian | Improper Privilege Management vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center from version 4.13. | 8.8 |
2020-01-15 | CVE-2019-15010 | Atlassian | Command Injection vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. | 8.8 |
2020-01-15 | CVE-2019-18271 | Osisoft | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 8.8 |
2020-01-15 | CVE-2020-2696 | Oracle | Unspecified vulnerability in Oracle Solaris 10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 8.8 |
2020-01-15 | CVE-2015-6497 | Magento | Improper Input Validation vulnerability in Magento The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | 8.8 |
2020-01-15 | CVE-2020-2098 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
2020-01-15 | CVE-2020-2097 | Jenkins | Incorrect Authorization vulnerability in Jenkins Sounds Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
2020-01-15 | CVE-2020-2093 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Health Advisor BY Cloudbees A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | 8.8 |
2020-01-15 | CVE-2020-2092 | Jenkins | XXE vulnerability in Jenkins Robot Framework Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 |
2020-01-15 | CVE-2020-2090 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Amazon EC2 A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.8 |
2020-01-15 | CVE-2020-1609 | Juniper | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |
2020-01-15 | CVE-2020-1605 | Juniper | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |
2020-01-15 | CVE-2020-1602 | Juniper | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. | 8.8 |
2020-01-15 | CVE-2020-7058 | Cacti | Improper Input Validation vulnerability in Cacti 1.2.8 data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. | 8.8 |
2020-01-14 | CVE-2020-0606 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Core and .Net Framework A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | 8.8 |
2020-01-14 | CVE-2020-0605 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Core and .Net Framework A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | 8.8 |
2020-01-14 | CVE-2020-0603 | Microsoft Redhat | Out-of-bounds Write vulnerability in multiple products A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. | 8.8 |
2020-01-14 | CVE-2020-7054 | MZ Automation | Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | 8.8 |
2020-01-14 | CVE-2011-2934 | Websitebaker | Cross-Site Request Forgery (CSRF) vulnerability in Websitebaker A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions. | 8.8 |
2020-01-14 | CVE-2019-10995 | ABB | Use of Hard-coded Credentials vulnerability in ABB products ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | 8.8 |
2020-01-14 | CVE-2014-4610 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | 8.8 |
2020-01-14 | CVE-2014-4609 | Libav | Integer Overflow or Wraparound vulnerability in Libav Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | 8.8 |
2020-01-13 | CVE-2019-19680 | Proofpoint | Unspecified vulnerability in Proofpoint Enterprise Protection A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. | 8.8 |
2020-01-13 | CVE-2020-6949 | Hashbrowncms | Improper Privilege Management vulnerability in Hashbrowncms Hashbrown CMS A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. | 8.8 |
2020-01-13 | CVE-2020-6860 | Symonics Fedoraproject | Out-of-bounds Write vulnerability in multiple products libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. | 8.8 |
2020-01-16 | CVE-2019-13933 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 8.6 |
2020-01-15 | CVE-2020-1603 | Juniper | Memory Leak vulnerability in Juniper Junos Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. | 8.6 |
2020-01-16 | CVE-2019-9503 | Broadcom Redhat | Improper Input Validation vulnerability in multiple products The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. | 8.3 |
2020-01-16 | CVE-2019-9500 | Broadcom Linux | Out-of-bounds Write vulnerability in multiple products The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. | 8.3 |
2020-01-15 | CVE-2020-2682 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-01-15 | CVE-2020-2674 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-01-15 | CVE-2020-2672 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 8.2 |
2020-01-15 | CVE-2020-2671 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 8.2 |
2020-01-15 | CVE-2020-2670 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 8.2 |
2020-01-15 | CVE-2020-2669 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 8.2 |
2020-01-15 | CVE-2020-2665 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 8.2 |
2020-01-15 | CVE-2020-2662 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 8.2 |
2020-01-15 | CVE-2020-2661 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 8.2 |
2020-01-15 | CVE-2020-2658 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 8.2 |
2020-01-15 | CVE-2020-2653 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 8.2 |
2020-01-15 | CVE-2020-2652 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 8.2 |
2020-01-15 | CVE-2020-2651 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 8.2 |
2020-01-15 | CVE-2020-2591 | Oracle | Unspecified vulnerability in Oracle web Applications Desktop Integrator 12.1.3 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). | 8.2 |
2020-01-15 | CVE-2020-2582 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 8.2 |
2020-01-15 | CVE-2020-2604 | Oracle Redhat Debian Canonical Opensuse Netapp Mcafee | Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 8.1 |
2020-01-15 | CVE-2020-2091 | Jenkins | Missing Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.1 |
2020-01-15 | CVE-2020-1606 | Juniper | Path Traversal vulnerability in Juniper Junos A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. | 8.1 |
2020-01-14 | CVE-2020-0601 | Microsoft Golang | Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 8.1 |
2020-01-14 | CVE-2014-2271 | WPS Huawei | Improper Input Validation vulnerability in multiple products cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | 8.1 |
2020-01-14 | CVE-2020-5196 | Cerberusftp | Incorrect Default Permissions vulnerability in Cerberusftp FTP Server Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. | 8.1 |
2020-01-18 | CVE-2019-20357 | Trendmicro | Unquoted Search Path or Element vulnerability in Trendmicro products A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. | 7.8 |
2020-01-17 | CVE-2019-17635 | Eclipse | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 7.8 |
2020-01-17 | CVE-2019-14613 | Intel | Unspecified vulnerability in Intel Vtune Profiler 2017/2018/2019 Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-01-17 | CVE-2019-14601 | Intel | Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000 Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-01-17 | CVE-2019-3682 | Suse | Exposure of Resource to Wrong Sphere vulnerability in Suse Caas Platform 3.0 The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node. | 7.8 |
2020-01-17 | CVE-2019-15742 | Plantronics | Unspecified vulnerability in Plantronics HUB A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. | 7.8 |
2020-01-16 | CVE-2019-10934 | Siemens | Unspecified vulnerability in Siemens Totally Integrated Automation Portal A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). | 7.8 |
2020-01-16 | CVE-2019-20327 | Centreon | Incorrect Permission Assignment for Critical Resource vulnerability in Centreon Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. | 7.8 |
2020-01-15 | CVE-2014-6448 | Juniper | Improper Privilege Management vulnerability in Juniper Junos Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | 7.8 |
2020-01-15 | CVE-2019-9510 | Microsoft | Improper Handling of Exceptional Conditions vulnerability in Microsoft Windows 10 and Windows Server 2019 A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. | 7.8 |
2020-01-15 | CVE-2015-5466 | SIS | Improper Privilege Management vulnerability in SIS XGI VGA Display Manager 6.14.10.1090 Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | 7.8 |
2020-01-15 | CVE-2015-7556 | Delegate | Improper Privilege Management vulnerability in Delegate 9.9.13 DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | 7.8 |
2020-01-14 | CVE-2020-0653 | Microsoft | Unspecified vulnerability in Microsoft Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0652 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Excel and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0651 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0650 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0644 | Microsoft | Use of Insufficiently Random Values vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0642 | Microsoft | Use After Free vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0641 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0638 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0636 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0635 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0634 | Microsoft | Use After Free vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0633 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0632 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0631 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0630 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0629 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0628 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0627 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0626 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0625 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0624 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0623 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0620 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0614 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-0613 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-01-14 | CVE-2020-7053 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. | 7.8 |
2020-01-14 | CVE-2016-6592 | Symantec | Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. | 7.8 |
2020-01-14 | CVE-2019-16784 | Pyinstaller | Incorrect Permission Assignment for Critical Resource vulnerability in Pyinstaller In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. | 7.8 |
2020-01-14 | CVE-2020-5180 | Sparklabs | Unspecified vulnerability in Sparklabs Viscosity 1.8.2 Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. | 7.8 |
2020-01-14 | CVE-2019-19548 | Norton | Unspecified vulnerability in Norton Power Eraser Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2020-01-14 | CVE-2015-3159 | Redhat | Unspecified vulnerability in Redhat Automatic BUG Reporting Tool The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | 7.8 |
2020-01-14 | CVE-2015-3151 | Redhat | Path Traversal vulnerability in Redhat Automatic BUG Reporting Tool Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | 7.8 |
2020-01-14 | CVE-2015-1869 | Redhat | Link Following vulnerability in Redhat Automatic BUG Reporting Tool The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | 7.8 |
2020-01-14 | CVE-2015-2325 | Pcre Opensuse Mariadb PHP | Out-of-bounds Write vulnerability in multiple products The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | 7.8 |
2020-01-14 | CVE-2014-7844 | Redhat Debian BSD Mailx Project | Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | 7.8 |
2020-01-14 | CVE-2014-5238 | Open Xchange | XXE vulnerability in Open-Xchange Appsuite XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | 7.8 |
2020-01-14 | CVE-2013-7185 | Daum | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Daum Potplayer 1.5.40688 PotPlayer 1.5.40688: .avi File Memory Corruption | 7.8 |
2020-01-14 | CVE-2013-2773 | Gonitro | Untrusted Search Path vulnerability in Gonitro Nitropdf 8.5.0.26 Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution | 7.8 |
2020-01-13 | CVE-2012-4761 | Safend | Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772 A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | 7.8 |
2020-01-13 | CVE-2012-4760 | Safend | Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772 A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | 7.8 |
2020-01-13 | CVE-2019-18894 | Avast | OS Command Injection vulnerability in Avast Premium Security 19.8.2393 In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. | 7.8 |
2020-01-15 | CVE-2020-2511 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. | 7.7 |
2020-01-19 | CVE-2020-7232 | Evoko | Unspecified vulnerability in Evoko Home 1.31/1.37 Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL. | 7.5 |
2020-01-17 | CVE-2019-19142 | Intelbras | Missing Authentication for Critical Function vulnerability in Intelbras WRN 240 Firmware 2.0.0 Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI. | 7.5 |
2020-01-17 | CVE-2020-5398 | Vmware Oracle Netapp | Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 7.5 |
2020-01-16 | CVE-2019-13524 | Emerson | Improper Input Validation vulnerability in Emerson products GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. | 7.5 |
2020-01-16 | CVE-2019-12423 | Apache Oracle | Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. | 7.5 |
2020-01-16 | CVE-2010-3048 | Cisco | NULL Pointer Dereference vulnerability in Cisco Unified Personal Communicator 7.0(1.13056) Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | 7.5 |
2020-01-16 | CVE-2020-7105 | Redislabs Debian Fedoraproject | NULL Pointer Dereference vulnerability in multiple products async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | 7.5 |
2020-01-16 | CVE-2020-7044 | Wireshark Fedoraproject Opensuse Oracle | Off-by-one Error vulnerability in multiple products In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. | 7.5 |
2020-01-15 | CVE-2009-5025 | Pyforum Project | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pyforum Project Pyforum 1.0.3 A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. | 7.5 |
2020-01-15 | CVE-2020-1929 | Apache | Improper Certificate Validation vulnerability in Apache Beam The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. | 7.5 |
2020-01-15 | CVE-2015-1811 | Jenkins | XXE vulnerability in Jenkins Cloudbees 1.596.1 XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | 7.5 |
2020-01-15 | CVE-2015-1809 | Jenkins | XXE vulnerability in Jenkins Cloudbees 1.596.1 XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | 7.5 |
2020-01-15 | CVE-2020-2728 | Oracle | Unspecified vulnerability in Oracle Identity Manager 12.2.1.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). | 7.5 |
2020-01-15 | CVE-2020-2726 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-01-15 | CVE-2020-2702 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-01-15 | CVE-2020-2701 | Oracle | Out-of-bounds Write vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-01-15 | CVE-2020-2698 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-01-15 | CVE-2020-2673 | Oracle | Unspecified vulnerability in Oracle Application Testing Suite Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). | 7.5 |
2020-01-15 | CVE-2020-2565 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). | 7.5 |
2020-01-15 | CVE-2020-2518 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 7.5 |
2020-01-15 | CVE-2020-2510 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. | 7.5 |
2020-01-15 | CVE-2019-16469 | Adobe | Expression Language Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. | 7.5 |
2020-01-15 | CVE-2019-16468 | Adobe | Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. | 7.5 |
2020-01-15 | CVE-2015-5230 | Powerdns Debian | Improper Input Validation vulnerability in multiple products The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | 7.5 |
2020-01-15 | CVE-2019-18412 | Jetbrains | XXE vulnerability in Jetbrains Idetalk JetBrains IDETalk plugin before version 193.4099.10 allows XXE | 7.5 |
2020-01-15 | CVE-2012-0070 | Spamdyke | Injection vulnerability in Spamdyke spamdyke prior to 4.2.1: STARTTLS reveals plaintext | 7.5 |
2020-01-15 | CVE-2012-1563 | Joomla | Improper Privilege Management vulnerability in Joomla Joomla! Joomla! before 2.5.3 allows Admin Account Creation. | 7.5 |
2020-01-15 | CVE-2012-1562 | Joomla | Use of Insufficiently Random Values vulnerability in Joomla Joomla! Joomla! core before 2.5.3 allows unauthorized password change. | 7.5 |
2020-01-15 | CVE-2020-1608 | Juniper | Unspecified vulnerability in Juniper Junos Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. | 7.5 |
2020-01-15 | CVE-2020-1601 | Juniper | Unspecified vulnerability in Juniper Junos Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). | 7.5 |
2020-01-14 | CVE-2020-0640 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
2020-01-14 | CVE-2020-0612 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019 A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. | 7.5 |
2020-01-14 | CVE-2020-0611 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
2020-01-14 | CVE-2020-0602 | Microsoft Redhat | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | 7.5 |
2020-01-14 | CVE-2019-13537 | Aveva | Out-of-bounds Write vulnerability in Aveva Iec870Ip Firmware 4.14.02 The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash. | 7.5 |
2020-01-14 | CVE-2020-6304 | SAP | Improper Input Validation vulnerability in SAP products Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. | 7.5 |
2020-01-14 | CVE-2020-5852 | F5 | Unspecified vulnerability in F5 products Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). | 7.5 |
2020-01-14 | CVE-2014-5138 | III | Unspecified vulnerability in III Sierra 1.23 Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule. | 7.5 |
2020-01-14 | CVE-2019-12399 | Apache Oracle | Cleartext Transmission of Sensitive Information vulnerability in multiple products When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | 7.5 |
2020-01-13 | CVE-2020-5390 | Pysaml2 Project Canonical Debian | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). | 7.5 |
2020-01-13 | CVE-2019-19728 | Schedmd Opensuse Debian | Improper Privilege Management vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | 7.5 |
2020-01-13 | CVE-2019-20209 | Cththemes | Authorization Bypass Through User-Controlled Key vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | 7.5 |
2020-01-13 | CVE-2014-6039 | Zohocorp | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. | 7.5 |
2020-01-13 | CVE-2014-6038 | Zohocorp | Information Exposure vulnerability in Zohocorp Manageengine Eventlog Analyzer Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. | 7.5 |
2020-01-13 | CVE-2014-5380 | Granding | Cleartext Transmission of Sensitive Information vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows retrieval of the access PIN from sniffed data. | 7.5 |
2020-01-13 | CVE-2020-6851 | Uclouvain Fedoraproject Debian Redhat Oracle | Out-of-bounds Write vulnerability in multiple products OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | 7.5 |
2020-01-15 | CVE-2012-1326 | Cisco | Improper Input Validation vulnerability in Cisco Ironport web Security Appliance 7.5 Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | 7.4 |
2020-01-15 | CVE-2020-2556 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). | 7.3 |
2020-01-15 | CVE-2020-2543 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2020-01-17 | CVE-2019-10958 | Geutebrueck | OS Command Injection vulnerability in Geutebrueck products Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | 7.2 |
2020-01-17 | CVE-2019-10956 | Geutebrueck | OS Command Injection vulnerability in Geutebrueck products Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | 7.2 |
2020-01-15 | CVE-2009-5068 | Simplemachines | Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. | 7.2 |
2020-01-15 | CVE-2020-2549 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 7.2 |
2020-01-14 | CVE-2011-2933 | Websitebaker | Unrestricted Upload of File with Dangerous Type vulnerability in Websitebaker An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | 7.2 |
2020-01-14 | CVE-2020-5509 | Phpgurukul | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul CAR Rental Portal 1.0 PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | 7.2 |
2020-01-13 | CVE-2014-6059 | Vasyltech | Unspecified vulnerability in Vasyltech Advanced Access Manager WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | 7.2 |
2020-01-15 | CVE-2020-2723 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 7.1 |
2020-01-15 | CVE-2020-2718 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 7.1 |
2020-01-15 | CVE-2020-2713 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 7.1 |
2020-01-15 | CVE-2020-2699 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 7.1 |
2020-01-15 | CVE-2020-2688 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). | 7.1 |
2020-01-15 | CVE-2020-2675 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5 Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). | 7.1 |
2020-01-15 | CVE-2020-2605 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). | 7.1 |
2020-01-15 | CVE-2020-2538 | Oracle | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 7.1 |
2020-01-15 | CVE-2020-2537 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 7.1 |
2020-01-15 | CVE-2015-8549 | Pyamf | XXE vulnerability in Pyamf XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | 7.1 |
2020-01-14 | CVE-2015-3150 | Redhat | Improper Input Validation vulnerability in Redhat Automatic BUG Reporting Tool abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | 7.1 |
2020-01-15 | CVE-2020-3941 | Vmware | Race Condition vulnerability in VMWare Tools The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. | 7.0 |
269 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-01-16 | CVE-2019-19278 | Siemens | Race Condition vulnerability in Siemens Sinamics Perfect Harmony Gh180 Firmware A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... | 6.8 |
2020-01-15 | CVE-2020-2601 | Oracle Debian Canonical Opensuse Netapp Redhat | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). | 6.8 |
2020-01-18 | CVE-2019-19697 | Trendmicro | Unspecified vulnerability in Trendmicro products An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. | 6.7 |
2020-01-17 | CVE-2019-14600 | Intel | Uncontrolled Search Path Element vulnerability in Intel Snmp Subagent Stand-Alone Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 |
2020-01-18 | CVE-2020-7227 | Westermo | Unspecified vulnerability in Westermo Mrd-315 Firmware 1.7.3/1.7.4 Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. | 6.5 |
2020-01-17 | CVE-2019-19339 | Redhat | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux EUS It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. | 6.5 |
2020-01-17 | CVE-2019-19802 | Gallagher | Missing Authorization vulnerability in Gallagher Command Centre In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | 6.5 |
2020-01-16 | CVE-2020-7045 | Wireshark Debian | NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. | 6.5 |
2020-01-15 | CVE-2019-19857 | Serpico Project | Improper Authentication vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 6.5 |
2020-01-15 | CVE-2019-18275 | Osisoft | Unspecified vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 6.5 |
2020-01-15 | CVE-2019-15961 | Clamav Cisco Debian Canonical | Resource Exhaustion vulnerability in multiple products A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 6.5 |
2020-01-15 | CVE-2015-5072 | BMC | Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0 The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | 6.5 |
2020-01-15 | CVE-2015-5071 | BMC | Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0 AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | 6.5 |
2020-01-15 | CVE-2020-2725 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2721 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 6.5 |
2020-01-15 | CVE-2020-2716 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2711 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2705 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2704 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2703 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2692 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2691 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2690 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2689 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2686 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2020-01-15 | CVE-2020-2684 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 6.5 |
2020-01-15 | CVE-2020-2681 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-01-15 | CVE-2020-2650 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). | 6.5 |
2020-01-15 | CVE-2020-2627 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |
2020-01-15 | CVE-2020-2579 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2020-01-15 | CVE-2020-2576 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 6.5 |
2020-01-15 | CVE-2020-2542 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 6.5 |
2020-01-15 | CVE-2020-2541 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 6.5 |
2020-01-15 | CVE-2020-2540 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 6.5 |
2020-01-15 | CVE-2020-1611 | Juniper | Unspecified vulnerability in Juniper Junos Space A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. | 6.5 |
2020-01-15 | CVE-2020-1600 | Juniper | Infinite Loop vulnerability in Juniper Junos In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. | 6.5 |
2020-01-15 | CVE-2020-5502 | Phpbb | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8 phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. | 6.5 |
2020-01-14 | CVE-2020-0637 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'. | 6.5 |
2020-01-14 | CVE-2019-13722 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | |
2020-01-14 | CVE-2015-3147 | Redhat | Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | 6.5 |
2020-01-13 | CVE-2020-6954 | Cayintech | Information Exposure vulnerability in Cayintech Smp-Pro4 Firmware An issue was discovered on Cayin SMP-PRO4 devices. | 6.5 |
2020-01-13 | CVE-2014-9382 | Free | Cross-Site Request Forgery (CSRF) vulnerability in Free Freebox OS 3.0.2 Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation | 6.5 |
2020-01-15 | CVE-2020-2678 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.4 |
2020-01-15 | CVE-2012-0334 | Cisco | Improper Input Validation vulnerability in Cisco Ironport web Security Appliance 7.5 Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks | 6.4 |
2020-01-15 | CVE-2020-2609 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.3 |
2020-01-15 | CVE-2020-2648 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). | 6.2 |
2020-01-19 | CVE-2020-7236 | UHP | Cross-site Scripting vulnerability in UHP Uhp-100 Firmware 3.4.1.15/3.4.2.4/3.4.3 UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). | 6.1 |
2020-01-19 | CVE-2020-7235 | UHP | Cross-site Scripting vulnerability in UHP Uhp-100 Firmware 3.4.1.15/3.4.2.4/3.4.3 UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). | 6.1 |
2020-01-17 | CVE-2020-7104 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Chained Quiz 1.1.8.1 The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | 6.1 |
2020-01-17 | CVE-2019-17127 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. | 6.1 |
2020-01-17 | CVE-2019-17125 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2 A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. | 6.1 |
2020-01-17 | CVE-2019-20003 | Dicube | Cross-site Scripting vulnerability in Dicube Easescreen Crystal 9.0.1.16265 Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. | 6.1 |
2020-01-17 | CVE-2019-3686 | Suse | Cross-site Scripting vulnerability in Suse Openqa openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. | 6.1 |
2020-01-16 | CVE-2019-11997 | HP | Cross-site Scripting vulnerability in HP Enhanced Internet Usage Manager 8.3/9.0 A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. | 6.1 |
2020-01-16 | CVE-2019-17573 | Apache Oracle | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
2020-01-16 | CVE-2020-7107 | Etoilewebdesign | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | 6.1 |
2020-01-16 | CVE-2020-7106 | Cacti Debian Opensuse Suse Fedoraproject | Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | 6.1 |
2020-01-15 | CVE-2009-3724 | Python Markdown2 Project | Cross-site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2 python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | 6.1 |
2020-01-15 | CVE-2020-2676 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5 Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). | 6.1 |
2020-01-15 | CVE-2020-2663 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 6.1 |
2020-01-15 | CVE-2020-2607 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 6.1 |
2020-01-15 | CVE-2020-2606 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 6.1 |
2020-01-15 | CVE-2020-2603 | Oracle | Unspecified vulnerability in Oracle Field Service Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). | 6.1 |
2020-01-15 | CVE-2020-2602 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). | 6.1 |
2020-01-15 | CVE-2020-2600 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). | 6.1 |
2020-01-15 | CVE-2020-2598 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). | 6.1 |
2020-01-15 | CVE-2020-2539 | Oracle | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 6.1 |
2020-01-15 | CVE-2020-2534 | Oracle | Unspecified vulnerability in Oracle Reports Developer 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). | 6.1 |
2020-01-15 | CVE-2020-2533 | Oracle | Unspecified vulnerability in Oracle Reports Developer 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). | 6.1 |
2020-01-15 | CVE-2020-2530 | Oracle | Unspecified vulnerability in Oracle Http Server 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). | 6.1 |
2020-01-15 | CVE-2019-16467 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. | 6.1 |
2020-01-15 | CVE-2019-16466 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. | 6.1 |
2020-01-15 | CVE-2020-2096 | Jenkins | Cross-site Scripting vulnerability in Jenkins Gitlab Hook Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. | 6.1 |
2020-01-15 | CVE-2011-4336 | Tiki | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | 6.1 |
2020-01-15 | CVE-2020-1607 | Juniper | Cross-site Scripting vulnerability in Juniper Junos Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. | 6.1 |
2020-01-14 | CVE-2011-2714 | Drupal | Cross-site Scripting vulnerability in Drupal Data and Drupal A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. | 6.1 |
2020-01-14 | CVE-2011-3202 | Jcow | Cross-site Scripting vulnerability in Jcow CMS 4.2 A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. | 6.1 |
2020-01-14 | CVE-2011-3183 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.4.1.1 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | 6.1 |
2020-01-14 | CVE-2011-2706 | Snewscms | Cross-site Scripting vulnerability in Snewscms Snews A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71. | 6.1 |
2020-01-14 | CVE-2020-6305 | SAP | Cross-site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50 PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-01-14 | CVE-2020-5193 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. | 6.1 |
2020-01-14 | CVE-2014-9211 | Clickdesk | Cross-site Scripting vulnerability in Clickdesk ClickDesk version 4.3 and below has persistent cross site scripting | 6.1 |
2020-01-13 | CVE-2020-6955 | Cayintech | Cross-site Scripting vulnerability in Cayintech Smp-Pro4 Firmware An issue was discovered on Cayin SMP-PRO4 devices. | 6.1 |
2020-01-13 | CVE-2012-4767 | Safend | Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772 An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine. | 6.1 |
2020-01-13 | CVE-2020-5195 | Cerberusftp | Cross-site Scripting vulnerability in Cerberusftp FTP Server Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. | 6.1 |
2020-01-13 | CVE-2019-20212 | Cththemes | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form. | 6.1 |
2020-01-13 | CVE-2019-20211 | Cththemes | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website. | 6.1 |
2020-01-13 | CVE-2019-20210 | Cththemes | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query. | 6.1 |
2020-01-13 | CVE-2019-18893 | Video Downloader Project AVG Avast | Cross-site Scripting vulnerability in multiple products XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. | 6.1 |
2020-01-13 | CVE-2019-19547 | Symantec Fedoraproject | Cross-site Scripting vulnerability in multiple products Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. | 6.1 |
2020-01-13 | CVE-2011-2670 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | 6.1 |
2020-01-13 | CVE-2020-6848 | Axper | Cross-site Scripting vulnerability in Axper Vision II Firmware 4.1.53.166 Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | 6.1 |
2020-01-15 | CVE-2020-2727 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2020-01-15 | CVE-2020-2680 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). | 6.0 |
2020-01-15 | CVE-2020-2645 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). | 6.0 |
2020-01-15 | CVE-2020-2644 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). | 6.0 |
2020-01-15 | CVE-2020-2643 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). | 6.0 |
2020-01-15 | CVE-2020-2642 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). | 6.0 |
2020-01-15 | CVE-2020-2641 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). | 6.0 |
2020-01-15 | CVE-2020-2640 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). | 6.0 |
2020-01-15 | CVE-2020-2639 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). | 6.0 |
2020-01-15 | CVE-2020-2638 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2637 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). | 6.0 |
2020-01-15 | CVE-2020-2636 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). | 6.0 |
2020-01-15 | CVE-2020-2635 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). | 6.0 |
2020-01-15 | CVE-2020-2634 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). | 6.0 |
2020-01-15 | CVE-2020-2633 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). | 6.0 |
2020-01-15 | CVE-2020-2632 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). | 6.0 |
2020-01-15 | CVE-2020-2631 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). | 6.0 |
2020-01-15 | CVE-2020-2630 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). | 6.0 |
2020-01-15 | CVE-2020-2629 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). | 6.0 |
2020-01-15 | CVE-2020-2628 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). | 6.0 |
2020-01-15 | CVE-2020-2626 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). | 6.0 |
2020-01-15 | CVE-2020-2625 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). | 6.0 |
2020-01-15 | CVE-2020-2624 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). | 6.0 |
2020-01-15 | CVE-2020-2623 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). | 6.0 |
2020-01-15 | CVE-2020-2622 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). | 6.0 |
2020-01-15 | CVE-2020-2621 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2620 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2619 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2618 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2617 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). | 6.0 |
2020-01-15 | CVE-2020-2616 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). | 6.0 |
2020-01-15 | CVE-2020-2615 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). | 6.0 |
2020-01-15 | CVE-2020-2614 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager for Fusion Middleware 13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). | 6.0 |
2020-01-15 | CVE-2020-2613 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). | 6.0 |
2020-01-15 | CVE-2020-2612 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2611 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2610 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 6.0 |
2020-01-15 | CVE-2020-2608 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). | 6.0 |
2020-01-14 | CVE-2020-0617 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'. | 6.0 |
2020-01-17 | CVE-2020-3940 | Vmware | Improper Certificate Validation vulnerability in VMWare products VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | 5.9 |
2020-01-15 | CVE-2020-2585 | Oracle Netapp | Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). | 5.9 |
2020-01-15 | CVE-2020-2574 | Oracle Mariadb Netapp Canonical Opensuse | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.9 |
2020-01-15 | CVE-2020-2573 | Oracle Canonical Netapp | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.9 |
2020-01-15 | CVE-2020-2570 | Oracle Canonical | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.9 |
2020-01-15 | CVE-2020-2512 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. | 5.9 |
2020-01-15 | CVE-2007-4774 | Linux | Race Condition vulnerability in Linux Kernel The Linux kernel before 2.4.36-rc1 has a race condition. | 5.9 |
2020-01-15 | CVE-2012-1316 | Cisco | Improper Certificate Validation vulnerability in Cisco Ironport web Security Appliance Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | 5.9 |
2020-01-13 | CVE-2019-19891 | Mitel | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitel Sip-Dect Firmware 8.0/8.1 An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. | 5.9 |
2020-01-15 | CVE-2020-2595 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.3.0.2 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). | 5.8 |
2020-01-15 | CVE-2020-2578 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 5.8 |
2020-01-15 | CVE-2020-2558 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 5.8 |
2020-01-15 | CVE-2020-2677 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.6 Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). | 5.7 |
2020-01-16 | CVE-2020-7039 | Libslirp Project Debian Opensuse Qemu | Out-of-bounds Write vulnerability in multiple products tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. | 5.6 |
2020-01-18 | CVE-2019-19696 | Trendmicro | Insufficiently Protected Credentials vulnerability in Trendmicro Password Manager A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | 5.5 |
2020-01-18 | CVE-2019-15625 | Trendmicro | Unspecified vulnerability in Trendmicro Password Manager 3.8/3.8.0.1052/3.8.0.1103 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. | 5.5 |
2020-01-17 | CVE-2019-14629 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Data Analytics Acceleration Library Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-01-17 | CVE-2019-14615 | Canonical Intel | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-01-17 | CVE-2019-14596 | Intel | Unspecified vulnerability in Intel Chipset INF Utility Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2020-01-17 | CVE-2019-19801 | Gallagher | Unspecified vulnerability in Gallagher Command Centre In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. | 5.5 |
2020-01-16 | CVE-2019-11998 | HPE | Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. | 5.5 |
2020-01-15 | CVE-2015-6591 | Freereprintables | Path Traversal vulnerability in Freereprintables Articlefr 3.0.4/3.0.6/3.0.7 Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | 5.5 |
2020-01-14 | CVE-2020-0643 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0639 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0622 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0616 | Microsoft | Link Following vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0615 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0608 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2020-0607 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 |
2020-01-14 | CVE-2015-2326 | Pcre Opensuse Mariadb PHP | Out-of-bounds Read vulnerability in multiple products The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | 5.5 |
2020-01-13 | CVE-2019-19727 | Schedmd Opensuse | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | 5.5 |
2020-01-16 | CVE-2020-7108 | Learndash | Cross-site Scripting vulnerability in Learndash The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. | 5.4 |
2020-01-15 | CVE-2020-2730 | Oracle | Unrestricted Upload of File with Dangerous Type vulnerability in Oracle Revenue Management and Billing 2.7.0.0/2.7.0.1/2.8.0.0 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). | 5.4 |
2020-01-15 | CVE-2020-2729 | Oracle | Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). | 5.4 |
2020-01-15 | CVE-2020-2722 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 5.4 |
2020-01-15 | CVE-2020-2720 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 5.4 |
2020-01-15 | CVE-2020-2717 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 5.4 |
2020-01-15 | CVE-2020-2715 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 5.4 |
2020-01-15 | CVE-2020-2712 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 5.4 |
2020-01-15 | CVE-2020-2710 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 5.4 |
2020-01-15 | CVE-2020-2707 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). | 5.4 |
2020-01-15 | CVE-2020-2685 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 5.4 |
2020-01-15 | CVE-2020-2683 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 5.4 |
2020-01-15 | CVE-2020-2646 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). | 5.4 |
2020-01-15 | CVE-2020-2536 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 5.4 |
2020-01-15 | CVE-2015-5484 | Plot | Cross-site Scripting vulnerability in Plot Plotly 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post. | 5.4 |
2020-01-14 | CVE-2020-0656 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 7.0 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 5.4 |
2020-01-14 | CVE-2020-0647 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
2020-01-14 | CVE-2020-6303 | SAP | Cross-site Scripting vulnerability in SAP Disclosure Management SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | 5.4 |
2020-01-14 | CVE-2020-5853 | F5 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict. | 5.4 |
2020-01-14 | CVE-2020-5194 | Cerberusftp | Authorization Bypass Through User-Controlled Key vulnerability in Cerberusftp FTP Server 8.0 The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. | 5.4 |
2020-01-19 | CVE-2020-7231 | Evoko | Information Exposure Through an Error Message vulnerability in Evoko Home 1.31 Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. | 5.3 |
2020-01-18 | CVE-2020-7222 | Amcrest | Improper Authentication vulnerability in Amcrest web Server 2.520.Ac00.18.R An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. | 5.3 |
2020-01-17 | CVE-2020-5397 | Vmware Oracle | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |
2020-01-17 | CVE-2020-6862 | ZTE | Incorrect Resource Transfer Between Spheres vulnerability in ZTE F6X2W Firmware 6.0.10P2T2/6.0.10P2T5 V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. | 5.3 |
2020-01-16 | CVE-2019-18282 | Linux Debian Netapp | Use of Insufficiently Random Values vulnerability in multiple products The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. | 5.3 |
2020-01-15 | CVE-2019-19859 | Serpico Project | Unspecified vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 5.3 |
2020-01-15 | CVE-2020-2695 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Cost Center Common Application Objects 9.1/9.2 Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). | 5.3 |
2020-01-15 | CVE-2020-2693 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 5.3 |
2020-01-15 | CVE-2020-2666 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). | 5.3 |
2020-01-15 | CVE-2020-2592 | Oracle | Unspecified vulnerability in Oracle Autovue 21.0.2 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). | 5.3 |
2020-01-15 | CVE-2020-2564 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). | 5.3 |
2020-01-15 | CVE-2020-2559 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). | 5.3 |
2020-01-15 | CVE-2020-2545 | Oracle | Unspecified vulnerability in Oracle Http Server 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). | 5.3 |
2020-01-15 | CVE-2017-3211 | Yopify | Information Exposure vulnerability in Yopify 20170406 Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. | 5.3 |
2020-01-15 | CVE-2011-4907 | Joomla | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! Joomla! 1.5x through 1.5.12: Missing JEXEC Check | 5.3 |
2020-01-15 | CVE-2020-1604 | Juniper | Unspecified vulnerability in Juniper Junos On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. | 5.3 |
2020-01-14 | CVE-2020-7057 | Hikvision | Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. | 5.3 |
2020-01-14 | CVE-2018-1002104 | Kubernetes | Improper Input Validation vulnerability in Kubernetes Nginx Ingress Controller Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | 5.3 |
2020-01-14 | CVE-2020-6173 | Linuxfoundation | Resource Exhaustion vulnerability in Linuxfoundation the Update Framework TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. | 5.3 |
2020-01-14 | CVE-2015-0558 | Adbglobal | Missing Encryption of Sensitive Data vulnerability in Adbglobal P.Dga4001N Firmware Pdgtefsp4.06L.6 The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. | 5.3 |
2020-01-13 | CVE-2019-20143 | Gitlab | Missing Authentication for Critical Function vulnerability in Gitlab 12.6.0 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. | 5.3 |
2020-01-13 | CVE-2020-6832 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. | 5.3 |
2020-01-13 | CVE-2019-20148 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. | 5.3 |
2020-01-13 | CVE-2019-20147 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. | 5.3 |
2020-01-13 | CVE-2019-20146 | Gitlab | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. | 5.3 |
2020-01-13 | CVE-2020-6859 | Ultimatemember | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Ultimate Member Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. | 5.3 |
2020-01-15 | CVE-2020-2550 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 5.1 |
2020-01-15 | CVE-2020-2647 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 5.0 |
2020-01-15 | CVE-2020-2515 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. | 5.0 |
2020-01-15 | CVE-2020-2697 | Oracle | Unspecified vulnerability in Oracle Hospitality Suites Management 3.7/3.8 Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. | 4.9 |
2020-01-15 | CVE-2020-2679 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-01-15 | CVE-2020-2660 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-01-15 | CVE-2020-2589 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-01-15 | CVE-2020-2588 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2020-01-15 | CVE-2020-2580 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 4.9 |
2020-01-15 | CVE-2020-2577 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-01-15 | CVE-2012-0945 | Whoopsie Daisy Project | Unquoted Search Path or Element vulnerability in Whoopsie-Daisy Project Whoopsie-Daisy whoopsie-daisy before 0.1.26: Root user can remove arbitrary files | 4.9 |
2020-01-19 | CVE-2020-7234 | Ruckuswireless | Cross-site Scripting vulnerability in Ruckuswireless R310 Firmware 104.0.0.0.1347 Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). | 4.8 |
2020-01-17 | CVE-2019-10957 | Geutebrueck | Cross-site Scripting vulnerability in Geutebrueck products Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. | 4.8 |
2020-01-15 | CVE-2019-19858 | Serpico Project | Cross-site Scripting vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 4.8 |
2020-01-15 | CVE-2019-19856 | Serpico Project | Cross-site Scripting vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 4.8 |
2020-01-15 | CVE-2019-19855 | Serpico Project | Cross-site Scripting vulnerability in Serpico Project Serpico 1.3.0 An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. | 4.8 |
2020-01-15 | CVE-2019-18273 | Osisoft | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. | 4.8 |
2020-01-15 | CVE-2020-2655 | Oracle Redhat Debian | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 4.8 |
2020-01-15 | CVE-2020-2593 | Oracle Redhat Debian Canonical Opensuse Mcafee Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). | 4.8 |
2020-01-15 | CVE-2020-2567 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). | 4.8 |
2020-01-15 | CVE-2020-2552 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 4.8 |
2020-01-15 | CVE-2020-2548 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). | 4.8 |
2020-01-15 | CVE-2020-2547 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 4.8 |
2020-01-14 | CVE-2019-12398 | Apache | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
2020-01-15 | CVE-2019-18244 | Osisoft | Information Exposure Through Log Files vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. | 4.7 |
2020-01-15 | CVE-2020-2709 | Oracle | Unspecified vulnerability in Oracle Ilearning 6.1 Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). | 4.7 |
2020-01-15 | CVE-2020-2668 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 4.7 |
2020-01-15 | CVE-2020-2667 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 4.7 |
2020-01-15 | CVE-2020-2657 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.7 |
2020-01-15 | CVE-2020-2597 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). | 4.7 |
2020-01-15 | CVE-2020-2596 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). | 4.7 |
2020-01-15 | CVE-2020-2566 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). | 4.7 |
2020-01-15 | CVE-2020-2560 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). | 4.7 |
2020-01-15 | CVE-2020-2557 | Oracle | Unspecified vulnerability in Oracle Demantra Demand Management Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). | 4.7 |
2020-01-15 | CVE-2020-2535 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). | 4.7 |
2020-01-16 | CVE-2019-3997 | Simplisafe | Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.0/1.3 Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. | 4.6 |
2020-01-15 | CVE-2020-2664 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). | 4.6 |
2020-01-14 | CVE-2020-5851 | F5 | Unspecified vulnerability in F5 products On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. | 4.6 |
2020-01-15 | CVE-2020-2656 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). | 4.4 |
2020-01-15 | CVE-2020-2584 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.4 |
2020-01-14 | CVE-2020-0621 | Microsoft | Insufficient Session Expiration vulnerability in Microsoft products A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | 4.4 |
2020-01-15 | CVE-2020-2724 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
2020-01-15 | CVE-2020-2719 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 4.3 |
2020-01-15 | CVE-2020-2714 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 4.3 |
2020-01-15 | CVE-2020-2700 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
2020-01-15 | CVE-2020-2687 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). | 4.3 |
2020-01-15 | CVE-2020-2561 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). | 4.3 |
2020-01-15 | CVE-2020-2544 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 4.3 |
2020-01-15 | CVE-2020-2519 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 4.3 |
2020-01-15 | CVE-2020-2095 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2020-01-15 | CVE-2020-2094 | Jenkins | Missing Authorization vulnerability in Jenkins Health Advisor BY Cloudbees A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | 4.3 |
2020-01-15 | CVE-2020-5501 | Phpbb | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8 phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. | 4.3 |
2020-01-14 | CVE-2020-6307 | SAP | Incorrect Authorization vulnerability in SAP Basis Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | 4.3 |
2020-01-13 | CVE-2019-20144 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. | 4.3 |
2020-01-13 | CVE-2019-20142 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. | 4.3 |
2020-01-13 | CVE-2020-5197 | Gitlab | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. | 4.3 |
2020-01-13 | CVE-2019-20145 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. | 4.3 |
2020-01-15 | CVE-2020-2599 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Materials Management 7.30.567 Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). | 4.2 |
2020-01-15 | CVE-2020-2563 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4 Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). | 4.2 |
2020-01-15 | CVE-2020-2527 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. | 4.1 |
2020-01-15 | CVE-2020-2581 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.3.0.2 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). | 4.0 |