Weekly Vulnerabilities Reports > January 13 to 19, 2020

Overview

500 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 1101 products from 139 vendors including Oracle, Microsoft, Redhat, Debian, and Juniper. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Privilege Management", "Improper Input Validation", "Information Exposure", and "Cross-Site Request Forgery (CSRF)".

  • 385 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 95 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 358 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 202 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-01-19 CVE-2020-7233 Kmccontrols USE of Hard-Coded Credentials vulnerability in Kmccontrols Bac-A1616Bc Firmware

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.

10.0
2020-01-17 CVE-2014-5007 Zohocorp Path Traversal vulnerability in Zohocorp products

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a ..

10.0
2020-01-15 CVE-2009-1120 Dell Unspecified vulnerability in Dell EMC Replistor

EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability.

10.0
2020-01-15 CVE-2019-9493 Mycarcontrols USE of Hard-Coded Credentials vulnerability in Mycarcontrols Mycar Controls

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials.

10.0
2020-01-15 CVE-2015-5952 Thomsonreuters Path Traversal vulnerability in Thomsonreuters Fatca

Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.

10.0
2020-01-15 CVE-2015-7874 Portapps Classic Buffer Overflow vulnerability in Portapps Kitty Portable 0.65.0.2P

Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.

10.0
2020-01-14 CVE-2020-0646 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

10.0
2020-01-14 CVE-2020-0610 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'.

10.0
2020-01-14 CVE-2020-0609 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'.

10.0
2020-01-15 CVE-2020-2098 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds

A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.

9.3
2020-01-14 CVE-2020-0653 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-01-14 CVE-2020-0651 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-01-14 CVE-2020-0650 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-01-14 CVE-2020-0606 Microsoft Improper Input Validation vulnerability in Microsoft .Net Core and .Net Framework

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

9.3
2020-01-14 CVE-2020-0605 Microsoft Improper Input Validation vulnerability in Microsoft .Net Core and .Net Framework

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

9.3
2020-01-14 CVE-2020-0603 Microsoft
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

9.3
2020-01-13 CVE-2019-18894 Avast OS Command Injection vulnerability in Avast Premium Security 19.8.2393

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.

9.3
2020-01-17 CVE-2019-10958 Geutebrueck OS Command Injection vulnerability in Geutebrueck products

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.

9.0
2020-01-17 CVE-2019-10956 Geutebrueck OS Command Injection vulnerability in Geutebrueck products

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.

9.0
2020-01-16 CVE-2019-10940 Siemens Improper Privilege Management vulnerability in Siemens Sinema Server Firmware 14.0

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1).

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-01-17 CVE-2019-17634 Eclipse Cross-Site Scripting vulnerability in Eclipse Memory Analyzer 1.9.1

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump.

8.5
2020-01-15 CVE-2020-1609 Juniper OS Command Injection vulnerability in Juniper Junos

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.

8.3
2020-01-15 CVE-2020-1605 Juniper OS Command Injection vulnerability in Juniper Junos

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.

8.3
2020-01-15 CVE-2020-1602 Juniper OS Command Injection vulnerability in Juniper Junos

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process.

8.3
2020-01-16 CVE-2019-9503 Broadcom Improper Input Validation vulnerability in Broadcom Brcmfmac Driver

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass.

7.9
2020-01-16 CVE-2019-9500 Broadcom Out-Of-Bounds Write vulnerability in Broadcom Brcmfmac Driver

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow.

7.9
2020-01-16 CVE-2019-13524 Emerson Improper Input Validation vulnerability in Emerson products

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition.

7.8
2020-01-15 CVE-2020-1608 Juniper Improper Input Validation vulnerability in Juniper Junos

Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.

7.8
2020-01-15 CVE-2020-1603 Juniper Missing Release of Resource After Effective Lifetime vulnerability in Juniper Junos

Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled.

7.8
2020-01-17 CVE-2020-5398 Pivotal Software Download of Code Without Integrity Check vulnerability in Pivotal Software Spring Framework

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

7.6
2020-01-14 CVE-2020-0640 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

7.6
2020-01-16 CVE-2019-13933 Siemens Missing Authentication FOR Critical Function vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl.

7.5
2020-01-15 CVE-2020-2555 Oracle Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.3.0/12.2.1.4.0/12.2.3.0.0

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation).

7.5
2020-01-15 CVE-2020-2551 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

7.5
2020-01-15 CVE-2020-2546 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE).

7.5
2020-01-15 CVE-2020-2543 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2020-01-15 CVE-2007-4773 Systrace Project Double Free vulnerability in Systrace Project Systrace

Systrace before 1.6.0 has insufficient escape policy enforcement.

7.5
2020-01-15 CVE-2005-4891 Simplemachines SQL Injection vulnerability in Simplemachines Simple Machine Forum

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

7.5
2020-01-14 CVE-2011-2715 Drupal SQL Injection vulnerability in Drupal Data and Drupal

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

7.5
2020-01-14 CVE-2011-3203 Jcow Improper Input Validation vulnerability in Jcow CMS 4.2/5.2

A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.

7.5
2020-01-14 CVE-2020-5505 Vaaip Injection vulnerability in Vaaip Freelancy 1.0.0

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

7.5
2020-01-14 CVE-2015-8367 Libraw Improper Initialization vulnerability in Libraw

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

7.5
2020-01-14 CVE-2015-8366 Libraw Improper Validation of Array Index vulnerability in Libraw

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

7.5
2020-01-14 CVE-2019-0219 Apache Cross-Site Scripting vulnerability in Apache Cordova Inappbrowser 3.0.0

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

7.5
2020-01-13 CVE-2012-4750 Ezhometech Buffer Errors vulnerability in Ezhometech Ezserver 7.0

A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service

7.5
2020-01-13 CVE-2020-6948 Hashbrowncms Improper Input Validation vulnerability in Hashbrowncms Hashbrown CMS

A remote code execution issue was discovered in HashBrown CMS through 1.3.3.

7.5
2020-01-13 CVE-2013-6225 Livezilla Path Traversal vulnerability in Livezilla 5.0.1.4

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

7.5
2020-01-18 CVE-2019-20357 Trendmicro
Microsoft
Improper Input Validation vulnerability in Trendmicro products

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

7.2
2020-01-18 CVE-2019-19697 Trendmicro
Microsoft
Unspecified vulnerability in Trendmicro products

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.

7.2
2020-01-17 CVE-2019-15742 Plantronics Unspecified vulnerability in Plantronics HUB

A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application.

7.2
2020-01-16 CVE-2019-19278 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-....

7.2
2020-01-16 CVE-2019-10934 Siemens Path Traversal vulnerability in Siemens Totally Integrated Automation Portal 15.1/16

A vulnerability has been identified in TIA Portal V14 (All versions < V14 SP1 Update 10), TIA Portal V15 (All versions < V15 SP1 Update 4), TIA Portal V16 (All versions < V16 Update 1).

7.2
2020-01-16 CVE-2019-20327 Centreon Improper Privilege Management vulnerability in Centreon

Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges.

7.2
2020-01-15 CVE-2014-6448 Juniper Improper Privilege Management vulnerability in Juniper Junos

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

7.2
2020-01-15 CVE-2020-2696 Oracle Classic Buffer Overflow vulnerability in Oracle Solaris 10

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

7.2
2020-01-15 CVE-2015-7556 Delegate Improper Privilege Management vulnerability in Delegate 9.9.13

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

7.2
2020-01-14 CVE-2020-0644 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-01-14 CVE-2020-0642 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2020-01-14 CVE-2020-0641 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.

7.2
2020-01-14 CVE-2020-0635 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-01-14 CVE-2020-0634 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.2
2020-01-14 CVE-2015-3159 Redhat Local Privilege Escalation vulnerability in abrt

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.

7.2
2020-01-14 CVE-2015-3151 Redhat Path Traversal vulnerability in Redhat Automatic BUG Reporting Tool

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.

7.2
2020-01-14 CVE-2015-3150 Redhat Improper Input Validation vulnerability in Redhat Automatic BUG Reporting Tool

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.

7.2
2020-01-14 CVE-2015-1869 Redhat Link Following vulnerability in Redhat Automatic BUG Reporting Tool

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

7.2
2020-01-14 CVE-2014-7844 Redhat
Debian
BSD Mailx Project
Injection vulnerability in multiple products

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

7.2
2020-01-13 CVE-2012-4761 Safend Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

7.2
2020-01-13 CVE-2012-4760 Safend Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

7.2
2020-01-15 CVE-2019-15961 Clamav
Cisco
Resource Exhaustion vulnerability in multiple products

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

7.1

364 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-01-17 CVE-2019-17635 Eclipse Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer 1.9.1

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.

6.8
2020-01-17 CVE-2019-17361 Saltstack
Debian
Opensuse
Command Injection vulnerability in multiple products

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.

6.8
2020-01-16 CVE-2020-7039 Libslirp Project
Qemu
Debian
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC.

6.8
2020-01-16 CVE-2019-5145 Foxitsoftware USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435.

6.8
2020-01-16 CVE-2019-5131 Foxitsoftware USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435.

6.8
2020-01-16 CVE-2019-5130 Foxitsoftware USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435.

6.8
2020-01-16 CVE-2019-5126 Foxitsoftware USE After Free vulnerability in Foxitsoftware Phantompdf and Reader

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435.

6.8
2020-01-15 CVE-2019-19854 Serpico Project Cross-Site Request Forgery (CSRF) vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

6.8
2020-01-15 CVE-2019-18271 Osisoft Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI Vision 2017

OSIsoft PI Vision, All versions of PI Vision prior to 2019.

6.8
2020-01-15 CVE-2020-2604 Oracle
Redhat
Debian
Canonical
Opensuse
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
6.8
2020-01-15 CVE-2020-2538 Oracle Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).

6.8
2020-01-15 CVE-2020-2537 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

6.8
2020-01-15 CVE-2020-2093 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Health Advisor BY Cloudbees

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.

6.8
2020-01-15 CVE-2020-2090 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Amazon EC2

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

6.8
2020-01-15 CVE-2020-1600 Juniper Resource Exhaustion vulnerability in Juniper Junos

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.

6.8
2020-01-14 CVE-2020-0652 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.

6.8
2020-01-14 CVE-2020-7054 MZ Automation Out-Of-Bounds Write vulnerability in Mz-Automation Libiec61850

MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.

6.8
2020-01-14 CVE-2011-2934 Websitebaker Cross-Site Request Forgery (CSRF) vulnerability in Websitebaker

A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.

6.8
2020-01-14 CVE-2015-2325 Pcre
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

6.8
2020-01-14 CVE-2014-2271 WPS
Huawei
Improper Input Validation vulnerability in multiple products

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

6.8
2020-01-14 CVE-2014-5238 Open Xchange XXE vulnerability in Open-Xchange Appsuite

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

6.8
2020-01-14 CVE-2014-4610 Ffmpeg Integer Overflow OR Wraparound vulnerability in Ffmpeg

Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.

6.8
2020-01-14 CVE-2014-4609 Libav Integer Overflow OR Wraparound vulnerability in Libav

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

6.8
2020-01-14 CVE-2013-7185 Daum Buffer Errors vulnerability in Daum Potplayer 1.5.40688

PotPlayer 1.5.40688: .avi File Memory Corruption

6.8
2020-01-13 CVE-2019-19680 Proofpoint Unspecified vulnerability in Proofpoint Enterprise Protection 8.14.2/8.9.22

A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.

6.8
2020-01-13 CVE-2020-6860 Symonics Out-Of-Bounds Write vulnerability in Symonics Libmysofa 0.9.1

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.

6.8
2020-01-17 CVE-2019-15854 Maarch Unspecified vulnerability in Maarch RM

An issue was discovered in Maarch RM before 2.5.

6.5
2020-01-17 CVE-2019-3683 Suse
HP
Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project.

6.5
2020-01-16 CVE-2020-7047 Webfactoryltd Improper Privilege Management vulnerability in Webfactoryltd WP Database Reset

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

6.5
2020-01-15 CVE-2019-20097 Atlassian Unspecified vulnerability in Atlassian Bitbucket

Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook.

6.5
2020-01-15 CVE-2019-15012 Atlassian Improper Privilege Management vulnerability in Atlassian Bitbucket

Bitbucket Server and Bitbucket Data Center from version 4.13.

6.5
2020-01-15 CVE-2019-15010 Atlassian Command Injection vulnerability in Atlassian Bitbucket

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields.

6.5
2020-01-15 CVE-2020-2645 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

6.5
2020-01-15 CVE-2020-2644 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service).

6.5
2020-01-15 CVE-2020-2643 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System).

6.5
2020-01-15 CVE-2020-2642 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

6.5
2020-01-15 CVE-2020-2641 Oracle Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework).

6.5
2020-01-15 CVE-2020-2640 Oracle Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management).

6.5
2020-01-15 CVE-2020-2639 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management).

6.5
2020-01-15 CVE-2020-2638 Oracle Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2637 Oracle Unspecified vulnerability in Oracle Enterprise Manager 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based).

6.5
2020-01-15 CVE-2020-2636 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt).

6.5
2020-01-15 CVE-2020-2635 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring).

6.5
2020-01-15 CVE-2020-2634 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk).

6.5
2020-01-15 CVE-2020-2633 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

6.5
2020-01-15 CVE-2020-2632 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring).

6.5
2020-01-15 CVE-2020-2631 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt).

6.5
2020-01-15 CVE-2020-2630 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework).

6.5
2020-01-15 CVE-2020-2629 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework).

6.5
2020-01-15 CVE-2020-2628 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management).

6.5
2020-01-15 CVE-2020-2626 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS).

6.5
2020-01-15 CVE-2020-2625 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System).

6.5
2020-01-15 CVE-2020-2624 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

6.5
2020-01-15 CVE-2020-2623 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework).

6.5
2020-01-15 CVE-2020-2622 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management).

6.5
2020-01-15 CVE-2020-2621 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2620 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2619 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2618 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2617 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework).

6.5
2020-01-15 CVE-2020-2616 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository).

6.5
2020-01-15 CVE-2020-2615 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service).

6.5
2020-01-15 CVE-2020-2614 Oracle Unspecified vulnerability in Oracle Enterprise Manager FOR Fusion Middleware 13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh).

6.5
2020-01-15 CVE-2020-2613 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework).

6.5
2020-01-15 CVE-2020-2612 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2611 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2610 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2609 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

6.5
2020-01-15 CVE-2020-2608 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository).

6.5
2020-01-15 CVE-2020-2587 Oracle Unspecified vulnerability in Oracle Human Resources

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

6.5
2020-01-15 CVE-2020-2586 Oracle Unspecified vulnerability in Oracle Human Resources

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

6.5
2020-01-15 CVE-2020-2549 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

6.5
2020-01-15 CVE-2015-6497 Magento
PHP
Improper Input Validation vulnerability in Magento 1.14.1.0/1.9.1.0

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.

6.5
2020-01-15 CVE-2020-2097 Jenkins Incorrect Authorization vulnerability in Jenkins Sounds

Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.

6.5
2020-01-15 CVE-2020-2092 Jenkins XXE vulnerability in Jenkins Robot Framework

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.

6.5
2020-01-15 CVE-2020-1606 Juniper Path Traversal vulnerability in Juniper Junos

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.

6.5
2020-01-15 CVE-2020-7058 Cacti Improper Input Validation vulnerability in Cacti 1.2.8

** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host.

6.5
2020-01-14 CVE-2011-2933 Websitebaker Unrestricted Upload of File With Dangerous Type vulnerability in Websitebaker

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.

6.5
2020-01-14 CVE-2020-5509 Phpgurukul CAR Rental Project Unrestricted Upload of File With Dangerous Type vulnerability in PHPgurukul CAR Rental Project PHPgurukul CAR Rental 1.0

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

6.5
2020-01-13 CVE-2020-6949 Hashbrowncms Improper Privilege Management vulnerability in Hashbrowncms Hashbrown CMS

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3.

6.5
2020-01-13 CVE-2014-6059 Advanced Access Manager Project Arbitrary File Overwrite vulnerability in WordPress Advanced Access Manager Plugin

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

6.5
2020-01-17 CVE-2019-15855 Maarch Path Traversal vulnerability in Maarch RM

An issue was discovered in Maarch RM before 2.5.

6.4
2020-01-16 CVE-2020-7048 Webfactoryltd Improper Privilege Management vulnerability in Webfactoryltd WP Database Reset

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

6.4
2020-01-15 CVE-2020-2650 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).

6.4
2020-01-15 CVE-2020-2576 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

6.4
2020-01-15 CVE-2020-2542 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

6.4
2020-01-15 CVE-2020-2541 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

6.4
2020-01-15 CVE-2020-2540 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

6.4
2020-01-14 CVE-2020-0654 Microsoft Improper Privilege Management vulnerability in Microsoft Onedrive

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.

6.4
2020-01-14 CVE-2020-6958 YET Another Java Service Wrapper Project XXE vulnerability in YET Another Java Service Wrapper Project YET Another Java Service Wrapper 12.14

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

6.4
2020-01-13 CVE-2019-20209 Cththemes Authorization Bypass Through User-Controlled KEY vulnerability in Cththemes Citybook, Easybook and Townhub

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

6.4
2020-01-15 CVE-2020-2518 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

6.0
2020-01-15 CVE-2020-2515 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

6.0
2020-01-13 CVE-2019-19728 Schedmd
Opensuse
Improper Privilege Management vulnerability in multiple products

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

6.0
2020-01-15 CVE-2020-2722 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

5.8
2020-01-15 CVE-2020-2717 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

5.8
2020-01-15 CVE-2020-2712 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

5.8
2020-01-15 CVE-2020-2685 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

5.8
2020-01-15 CVE-2020-2676 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing).

5.8
2020-01-15 CVE-2020-2672 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2020-01-15 CVE-2020-2671 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2020-01-15 CVE-2020-2670 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2020-01-15 CVE-2020-2669 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2020-01-15 CVE-2020-2665 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

5.8
2020-01-15 CVE-2020-2663 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

5.8
2020-01-15 CVE-2020-2662 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

5.8
2020-01-15 CVE-2020-2661 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

5.8
2020-01-15 CVE-2020-2658 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

5.8
2020-01-15 CVE-2020-2655 Oracle
Debian
Redhat
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
5.8
2020-01-15 CVE-2020-2653 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2020-01-15 CVE-2020-2652 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2020-01-15 CVE-2020-2651 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2020-01-15 CVE-2020-2607 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

5.8
2020-01-15 CVE-2020-2606 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

5.8
2020-01-15 CVE-2020-2603 Oracle Unspecified vulnerability in Oracle Field Service

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless).

5.8
2020-01-15 CVE-2020-2602 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager).

5.8
2020-01-15 CVE-2020-2600 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).

5.8
2020-01-15 CVE-2020-2598 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide).

5.8
2020-01-15 CVE-2020-2593 Oracle
Redhat
Debian
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
5.8
2020-01-15 CVE-2020-2591 Oracle Unspecified vulnerability in Oracle web Applications Desktop Integrator 12.1.3

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service).

5.8
2020-01-15 CVE-2020-2582 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2020-01-15 CVE-2020-2539 Oracle Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).

5.8
2020-01-15 CVE-2020-2536 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

5.8
2020-01-15 CVE-2020-2534 Oracle Unspecified vulnerability in Oracle Reports Developer 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication).

5.8
2020-01-15 CVE-2020-2533 Oracle Unspecified vulnerability in Oracle Reports Developer 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication).

5.8
2020-01-15 CVE-2020-2530 Apache Unspecified vulnerability in Apache Http Server 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener).

5.8
2020-01-15 CVE-2015-8549 Pyamf XXE vulnerability in Pyamf

XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

5.8
2020-01-15 CVE-2012-1326 Cisco Improper Input Validation vulnerability in Cisco Ironport web Security Appliance 7.5

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

5.8
2020-01-14 CVE-2020-0647 Microsoft Improper Input Validation vulnerability in Microsoft Office Online Server

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

5.8
2020-01-14 CVE-2020-0601 Microsoft Improper Certificate Validation vulnerability in Microsoft products

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

5.8
2020-01-14 CVE-2019-10995 ABB USE of Hard-Coded Credentials vulnerability in ABB products

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

5.8
2020-01-15 CVE-2020-2729 Oracle Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console).

5.5
2020-01-15 CVE-2020-2723 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

5.5
2020-01-15 CVE-2020-2720 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

5.5
2020-01-15 CVE-2020-2718 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

5.5
2020-01-15 CVE-2020-2715 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

5.5
2020-01-15 CVE-2020-2713 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

5.5
2020-01-15 CVE-2020-2710 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

5.5
2020-01-15 CVE-2020-2699 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

5.5
2020-01-15 CVE-2020-2688 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration).

5.5
2020-01-15 CVE-2020-2683 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

5.5
2020-01-15 CVE-2020-2675 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login).

5.5
2020-01-15 CVE-2020-2091 Jenkins Incorrect Default Permissions vulnerability in Jenkins Amazon EC2

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

5.5
2020-01-15 CVE-2012-0945 Whoopsie Daisy Project Unquoted Search Path OR Element vulnerability in Whoopsie-Daisy Project Whoopsie-Daisy

whoopsie-daisy before 0.1.26: Root user can remove arbitrary files

5.5
2020-01-14 CVE-2020-5196 Cerberusftp Incorrect Default Permissions vulnerability in Cerberusftp FTP Server

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.

5.5
2020-01-14 CVE-2020-5194 Cerberusftp Incorrect Authorization vulnerability in Cerberusftp FTP Server 8.0

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint.

5.5
2020-01-15 CVE-2020-2510 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

5.1
2020-01-14 CVE-2020-0611 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

5.1
2020-01-19 CVE-2020-7232 Evoko Information Exposure vulnerability in Evoko Home 1.31

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.

5.0
2020-01-19 CVE-2020-7231 Evoko Information Exposure Through AN Error Message vulnerability in Evoko Home 1.31

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.

5.0
2020-01-18 CVE-2020-7222 Amcrest Improper Authentication vulnerability in Amcrest web Server 2.520.Ac00.18.R

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504.

5.0
2020-01-17 CVE-2020-6862 ZTE Information Exposure vulnerability in ZTE F6X2W Firmware 6.0.10P2T2/6.0.10P2T5

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability.

5.0
2020-01-17 CVE-2019-19142 Intelbras Missing Authentication FOR Critical Function vulnerability in Intelbras WRN 240 Firmware 2.0.0

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

5.0
2020-01-16 CVE-2019-11998 HPE Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware

HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands.

5.0
2020-01-16 CVE-2010-3048 Cisco Null Pointer Dereference vulnerability in Cisco Unified Personal Communicator 7.0(1.13056)

Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.

5.0
2020-01-16 CVE-2019-18282 Linux Information Exposure vulnerability in Linux Kernel

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.

5.0
2020-01-16 CVE-2020-7105 Redislabs Null Pointer Dereference vulnerability in Redislabs Hiredis 0.14.0

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

5.0
2020-01-16 CVE-2020-7044 Wireshark Injection vulnerability in Wireshark 3.2.0/3.2.1

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.

5.0
2020-01-15 CVE-2019-19859 Serpico Project Improper Input Validation vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

5.0
2020-01-15 CVE-2019-19857 Serpico Project Insufficiently Protected Credentials vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

5.0
2020-01-15 CVE-2009-5025 Pyforum Project Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pyforum Project Pyforum 1.0.3

A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.

5.0
2020-01-15 CVE-2020-1929 Apache Improper Certificate Validation vulnerability in Apache Beam 2.10.0/2.16.0

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification.

5.0
2020-01-15 CVE-2015-1811 Jenkins XXE vulnerability in Jenkins Cloudbees 1.596.1

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

5.0
2020-01-15 CVE-2015-1809 Jenkins XXE vulnerability in Jenkins Cloudbees 1.596.1

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

5.0
2020-01-15 CVE-2020-2728 Oracle Unspecified vulnerability in Oracle Identity Manager 12.2.1.3.0

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch).

5.0
2020-01-15 CVE-2020-2695 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Cost Center Common Application Objects 9.1/9.2

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework).

5.0
2020-01-15 CVE-2020-2666 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

5.0
2020-01-15 CVE-2020-2595 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.0.2

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).

5.0
2020-01-15 CVE-2020-2592 Oracle Unspecified vulnerability in Oracle Autovue 12.0.2

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security).

5.0
2020-01-15 CVE-2020-2578 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

5.0
2020-01-15 CVE-2020-2564 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI).

5.0
2020-01-15 CVE-2020-2559 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI).

5.0
2020-01-15 CVE-2020-2558 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

5.0
2020-01-15 CVE-2020-2545 Oracle Unspecified vulnerability in Oracle Http Server 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module).

5.0
2020-01-15 CVE-2019-16469 Adobe Expression Language Injection vulnerability in Adobe Experience Manager 6.5.0

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability.

5.0
2020-01-15 CVE-2019-16468 Adobe Information Exposure vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability.

5.0
2020-01-15 CVE-2017-3211 Yopify Information Exposure vulnerability in Yopify 20170406

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.

5.0
2020-01-15 CVE-2015-5230 Powerdns
Debian
Improper Input Validation vulnerability in multiple products

The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.

5.0
2020-01-15 CVE-2019-18412 Jetbrains XXE vulnerability in Jetbrains Idetalk

JetBrains IDETalk plugin before version 193.4099.10 allows XXE

5.0
2020-01-15 CVE-2012-0070 Spamdyke Injection vulnerability in Spamdyke

spamdyke prior to 4.2.1: STARTTLS reveals plaintext

5.0
2020-01-15 CVE-2011-4907 Joomla Unrestricted Upload of File With Dangerous Type vulnerability in Joomla Joomla!

Joomla! 1.5x through 1.5.12: Missing JEXEC Check

5.0
2020-01-15 CVE-2012-1563 Joomla Improper Privilege Management vulnerability in Joomla Joomla!

Joomla! before 2.5.3 allows Admin Account Creation.

5.0
2020-01-15 CVE-2012-1562 Joomla USE of Insufficiently Random Values vulnerability in Joomla Joomla!

Joomla! core before 2.5.3 allows unauthorized password change.

5.0
2020-01-15 CVE-2020-1604 Juniper Improper Input Validation vulnerability in Juniper Junos

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.

5.0
2020-01-15 CVE-2020-1601 Juniper Improper Input Validation vulnerability in Juniper Junos

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).

5.0
2020-01-14 CVE-2020-0612 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2016 and Windows Server 2019

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

5.0
2020-01-14 CVE-2020-0602 Microsoft
Redhat
Resource Exhaustion vulnerability in multiple products

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

5.0
2020-01-14 CVE-2020-7057 Hikvision Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users.

5.0
2020-01-14 CVE-2018-1002104 Kubernetes Improper Input Validation vulnerability in Kubernetes Nginx Ingress Controller

Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.

5.0
2020-01-14 CVE-2020-6173 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation the Update Framework

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

5.0
2020-01-14 CVE-2019-13537 Aveva Out-Of-Bounds Write vulnerability in Aveva Iec870Ip Firmware 4.14.02

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

5.0
2020-01-14 CVE-2020-6304 SAP Improper Input Validation vulnerability in SAP products

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

5.0
2020-01-14 CVE-2020-5852 F5 Unspecified vulnerability in F5 products

Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM).

5.0
2020-01-14 CVE-2015-0558 Adbglobal Missing Encryption of Sensitive Data vulnerability in Adbglobal P.Dga4001N Firmware Pdgtefsp4.06L.6

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.

5.0
2020-01-14 CVE-2014-5138 III Security Bypass vulnerability in III Sierra 1.23

Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.

5.0
2020-01-14 CVE-2019-12399 Apache Cleartext Transmission of Sensitive Information vulnerability in Apache Kafka

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

5.0
2020-01-13 CVE-2019-20143 Gitlab Missing Authentication for Critical Function vulnerability in Gitlab 12.6.0

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6.

5.0
2020-01-13 CVE-2020-6832 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1.

5.0
2020-01-13 CVE-2019-20147 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1.

5.0
2020-01-13 CVE-2019-20146 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6.

5.0
2020-01-13 CVE-2020-5390 Pysaml2 Project Improper Verification of Cryptographic Signature vulnerability in Pysaml2 Project Pysaml2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW).

5.0
2020-01-13 CVE-2020-6859 Ultimatemember Authorization Bypass Through User-Controlled KEY vulnerability in Ultimatemember Ultimate Member

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter.

5.0
2020-01-13 CVE-2014-6039 Zohocorp Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0/9.9

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability.

5.0
2020-01-13 CVE-2014-6038 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0/9.9

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability.

5.0
2020-01-13 CVE-2014-5381 Granding Insufficiently Protected Credentials vulnerability in Granding Grand Ma300 Firmware 6.60

Grand MA 300 allows a brute-force attack on the PIN.

5.0
2020-01-13 CVE-2014-5380 Granding Cleartext Transmission of Sensitive Information vulnerability in Granding Grand Ma300 Firmware 6.60

Grand MA 300 allows retrieval of the access PIN from sniffed data.

5.0
2020-01-13 CVE-2020-6851 Openjpeg Out-Of-Bounds Write vulnerability in Openjpeg

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

5.0
2020-01-17 CVE-2019-19339 Redhat Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux EUS

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207.

4.9
2020-01-15 CVE-2020-2730 Oracle Unrestricted Upload of File With Dangerous Type vulnerability in Oracle Revenue Management and Billing 2.7.0.0/2.7.0.1/2.8.0.0

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload).

4.9
2020-01-15 CVE-2020-2707 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess).

4.9
2020-01-15 CVE-2020-2646 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface).

4.9
2020-01-15 CVE-2020-2567 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security).

4.9
2020-01-15 CVE-2020-2552 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

4.9
2020-01-15 CVE-2020-2548 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

4.9
2020-01-15 CVE-2020-2547 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

4.9
2020-01-15 CVE-2020-2517 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

4.9
2020-01-14 CVE-2020-0617 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.

4.9
2020-01-14 CVE-2020-0616 Microsoft Link Following vulnerability in Microsoft products

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

4.9
2020-01-14 CVE-2015-3147 Redhat Link Following vulnerability in Redhat products

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

4.9
2020-01-16 CVE-2019-13939 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions >= V3.0), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC (Power PC) (All versions >= V2.3x and < V6.00.327), Desigo PXM20 (Power PC) (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions <= V0.3.0.95), TALON TC Series (BACnet) (All versions >= V3.0), VSTAR (All versions).

4.8
2020-01-17 CVE-2019-14613 Intel Improper Privilege Management vulnerability in Intel Vtune Profiler 2017/2018/2019

Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-01-17 CVE-2019-14601 Intel Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000

Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-01-17 CVE-2019-14600 Intel Uncontrolled Search Path Element vulnerability in Intel Snmp Subagent Stand-Alone

Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-01-17 CVE-2019-3682 Suse Exposure of Resource TO Wrong Sphere vulnerability in Suse Caas Platform 3.0

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

4.6
2020-01-15 CVE-2020-2682 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-01-15 CVE-2020-2674 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-01-15 CVE-2020-2648 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations).

4.6
2020-01-15 CVE-2019-9510 Microsoft Improper Handling of Exceptional Conditions vulnerability in Microsoft Windows 10 and Windows Server 2019

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen.

4.6
2020-01-15 CVE-2015-5466 SIS Improper Privilege Management vulnerability in SIS XGI VGA Display Manager 6.14.10.1090

Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.

4.6
2020-01-14 CVE-2020-0638 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0636 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0633 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0632 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0631 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0630 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0629 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0628 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0627 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0626 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0625 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0624 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0623 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0620 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0614 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-0613 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

4.6
2020-01-14 CVE-2020-7053 Linux USE After Free vulnerability in Linux Kernel

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c.

4.6
2020-01-14 CVE-2016-6592 Symantec Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager

A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6.

4.6
2020-01-14 CVE-2020-5180 Sparklabs Improper Privilege Management vulnerability in Sparklabs Viscosity 1.8.2

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation.

4.6
2020-01-14 CVE-2019-19548 Norton Unspecified vulnerability in Norton Power Eraser

Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

4.6
2020-01-15 CVE-2020-3941 Vmware Race Condition vulnerability in VMWare Tools

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed.

4.4
2020-01-15 CVE-2020-2726 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2020-01-15 CVE-2020-2702 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2020-01-15 CVE-2020-2701 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2020-01-15 CVE-2020-2698 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2020-01-15 CVE-2020-2556 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core).

4.4
2020-01-14 CVE-2019-16784 Pyinstaller
Microsoft
Improper Privilege Management vulnerability in Pyinstaller

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory.

4.4
2020-01-14 CVE-2013-2773 Gonitro Untrusted Search Path vulnerability in Gonitro Nitropdf 8.5.0.26

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

4.4
2020-01-19 CVE-2020-7236 UHP Cross-Site Scripting vulnerability in UHP Uhp-100 Firmware 3.4.1.15/3.4.2.4/3.4.3

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section).

4.3
2020-01-19 CVE-2020-7235 UHP Cross-Site Scripting vulnerability in UHP Uhp-100 Firmware 3.4.1.15/3.4.2.4/3.4.3

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title).

4.3
2020-01-17 CVE-2020-7104 Kibokolabs Cross-Site Scripting vulnerability in Kibokolabs Chained Quiz 1.1.8.1

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.

4.3
2020-01-17 CVE-2020-3940 Vmware Improper Certificate Validation vulnerability in VMWare products

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

4.3
2020-01-17 CVE-2019-17127 Solarwinds Cross-Site Scripting vulnerability in Solarwinds Orion Platform 2019.2

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms.

4.3
2020-01-17 CVE-2019-17125 Solarwinds Cross-Site Scripting vulnerability in Solarwinds Orion Platform 2019.2

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms.

4.3
2020-01-17 CVE-2019-20003 Dicube Cross-Site Scripting vulnerability in Dicube Easescreen Crystal 9.0.1.16265

Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components.

4.3
2020-01-17 CVE-2019-3686 Suse Cross-Site Scripting vulnerability in Suse Openqa

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter.

4.3
2020-01-16 CVE-2019-11997 HP Cross-Site Scripting vulnerability in HP Enhanced Internet Usage Manager 8.3/9.0

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0.

4.3
2020-01-16 CVE-2019-17573 Apache Cross-Site Scripting vulnerability in Apache CXF

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.

4.3
2020-01-16 CVE-2019-12423 Apache Insufficiently Protected Credentials vulnerability in Apache CXF

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service.

4.3
2020-01-16 CVE-2020-7108 Learndash Cross-Site Scripting vulnerability in Learndash

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

4.3
2020-01-16 CVE-2020-7107 Etoilewebdesign Cross-Site Scripting vulnerability in Etoilewebdesign Ultimate FAQ

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

4.3
2020-01-16 CVE-2020-7106 Cacti Cross-Site Scripting vulnerability in Cacti 1.2.8

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

4.3
2020-01-15 CVE-2009-3724 Python Markdown2 Project Cross-Site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2

python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.

4.3
2020-01-15 CVE-2020-2709 Oracle Unspecified vulnerability in Oracle Ilearning 6.1

Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages).

4.3
2020-01-15 CVE-2020-2687 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).

4.3
2020-01-15 CVE-2020-2673 Oracle Unspecified vulnerability in Oracle Application Testing Suite

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder).

4.3
2020-01-15 CVE-2020-2668 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

4.3
2020-01-15 CVE-2020-2667 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

4.3
2020-01-15 CVE-2020-2659 Oracle
Netapp
Redhat
Debian
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
4.3
2020-01-15 CVE-2020-2657 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

4.3
2020-01-15 CVE-2020-2654 Oracle
Redhat
Debian
Canonical
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries).
4.3
2020-01-15 CVE-2020-2601 Oracle
Debian
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security).
4.3
2020-01-15 CVE-2020-2597 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page).

4.3
2020-01-15 CVE-2020-2596 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks).

4.3
2020-01-15 CVE-2020-2590 Oracle
Redhat
Debian
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security).
4.3
2020-01-15 CVE-2020-2585 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX).

4.3
2020-01-15 CVE-2020-2583 Oracle
Redhat
Debian
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
4.3
2020-01-15 CVE-2020-2574 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).

4.3
2020-01-15 CVE-2020-2573 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).

4.3
2020-01-15 CVE-2020-2570 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).

4.3
2020-01-15 CVE-2020-2566 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

4.3
2020-01-15 CVE-2020-2560 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server).

4.3
2020-01-15 CVE-2020-2557 Oracle Unspecified vulnerability in Oracle Demantra Demand Management

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security).

4.3
2020-01-15 CVE-2020-2544 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

4.3
2020-01-15 CVE-2020-2535 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server).

4.3
2020-01-15 CVE-2020-2519 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

4.3
2020-01-15 CVE-2020-2512 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

4.3
2020-01-15 CVE-2019-16467 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability.

4.3
2020-01-15 CVE-2019-16466 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability.

4.3
2020-01-15 CVE-2007-4774 Linux Race Condition vulnerability in Linux Kernel

The Linux kernel before 2.4.36-rc1 has a race condition.

4.3
2020-01-15 CVE-2020-2096 Jenkins Cross-Site Scripting vulnerability in Jenkins Gitlab Hook

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

4.3
2020-01-15 CVE-2012-1316 Cisco Improper Certificate Validation vulnerability in Cisco Ironport web Security Appliance

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

4.3
2020-01-15 CVE-2011-4336 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.

4.3
2020-01-15 CVE-2020-1607 Juniper Cross-Site Scripting vulnerability in Juniper Junos 12.3/15.1/16.1

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user.

4.3
2020-01-15 CVE-2020-5502 Phpbb Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

4.3
2020-01-15 CVE-2020-5501 Phpbb Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.8

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.

4.3
2020-01-14 CVE-2020-0607 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

4.3
2020-01-14 CVE-2011-2714 Drupal Cross-Site Scripting vulnerability in Drupal Data and Drupal

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

4.3
2020-01-14 CVE-2011-3202 Jcow Cross-Site Scripting vulnerability in Jcow CMS 4.2

A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

4.3
2020-01-14 CVE-2011-3183 Portlandlabs Cross-Site Scripting vulnerability in Portlandlabs Concrete CMS 5.4.1.1

A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.

4.3
2020-01-14 CVE-2011-2706 Snewscms Cross-Site Scripting vulnerability in Snewscms Snews

A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.

4.3
2020-01-14 CVE-2019-3981 Mikrotik Unspecified vulnerability in Mikrotik Routeros and Winbox

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks.

4.3
2020-01-14 CVE-2019-13722 Google
Microsoft
Out-Of-Bounds Write vulnerability in Google Chrome

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3
2020-01-14 CVE-2020-6305 SAP Cross-Site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

4.3
2020-01-14 CVE-2020-5193 Phpgurukul Cross-Site Scripting vulnerability in PHPgurukul Hospital Management System in PHP 4.0

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

4.3
2020-01-14 CVE-2015-2326 Pcre
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

4.3
2020-01-14 CVE-2014-9211 Clickdesk Cross-Site Scripting vulnerability in Clickdesk

ClickDesk version 4.3 and below has persistent cross site scripting

4.3
2020-01-13 CVE-2020-6955 Cayintech Cross-Site Scripting vulnerability in Cayintech Smp-Pro4 Firmware

An issue was discovered on Cayin SMP-PRO4 devices.

4.3
2020-01-13 CVE-2019-20148 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1.

4.3
2020-01-13 CVE-2020-5195 Cerberusftp Cross-Site Scripting vulnerability in Cerberusftp FTP Server

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL.

4.3
2020-01-13 CVE-2019-20212 Cththemes Cross-Site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

4.3
2020-01-13 CVE-2019-20211 Cththemes Cross-Site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

4.3
2020-01-13 CVE-2019-20210 Cththemes Cross-Site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

4.3
2020-01-13 CVE-2019-19891 Mitel Inadequate Encryption Strength vulnerability in Mitel Sip-Dect Firmware 8.0/8.1

An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack.

4.3
2020-01-13 CVE-2019-18893 Avast
AVG
Video Downloader Project
Cross-Site Scripting vulnerability in multiple products

XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.

4.3
2020-01-13 CVE-2019-19547 Symantec Cross-Site Scripting vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue.

4.3
2020-01-13 CVE-2014-9382 Free Cross-Site Request Forgery (CSRF) vulnerability in Free Freebox OS 3.0.2

Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation

4.3
2020-01-13 CVE-2011-2670 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

4.3
2020-01-13 CVE-2020-6848 Axper Cross-Site Scripting vulnerability in Axper Vision II Firmware 4.1.53.166

Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.

4.3
2020-01-18 CVE-2020-7227 Westermo Information Exposure vulnerability in Westermo Mrd-315 Firmware 1.7.3/1.7.4

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters.

4.0
2020-01-17 CVE-2019-19802 Gallagher Information Exposure vulnerability in Gallagher Command Centre

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.

4.0
2020-01-15 CVE-2019-18275 Osisoft Unspecified vulnerability in Osisoft PI Vision 2017/2019

OSIsoft PI Vision, All versions of PI Vision prior to 2019.

4.0
2020-01-15 CVE-2015-5072 BMC Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

4.0
2020-01-15 CVE-2015-5071 BMC Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.

4.0
2020-01-15 CVE-2020-2724 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

4.0
2020-01-15 CVE-2020-2721 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

4.0
2020-01-15 CVE-2020-2719 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

4.0
2020-01-15 CVE-2020-2716 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

4.0
2020-01-15 CVE-2020-2714 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

4.0
2020-01-15 CVE-2020-2711 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

4.0
2020-01-15 CVE-2020-2700 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

4.0
2020-01-15 CVE-2020-2686 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2020-01-15 CVE-2020-2684 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

4.0
2020-01-15 CVE-2020-2679 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2020-01-15 CVE-2020-2660 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2020-01-15 CVE-2020-2627 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).

4.0
2020-01-15 CVE-2020-2589 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.0
2020-01-15 CVE-2020-2588 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).

4.0
2020-01-15 CVE-2020-2580 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).

4.0
2020-01-15 CVE-2020-2579 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2020-01-15 CVE-2020-2577 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.0
2020-01-15 CVE-2020-2572 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin).

4.0
2020-01-15 CVE-2020-2561 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 9.2

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer).

4.0
2020-01-15 CVE-2020-2527 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2020-01-15 CVE-2020-2511 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2020-01-15 CVE-2020-2095 Jenkins Insecure Storage of Sensitive Information vulnerability in Jenkins Redgate SQL Change Automation

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

4.0
2020-01-15 CVE-2020-2094 Jenkins Incorrect Default Permissions vulnerability in Jenkins Health Advisor BY Cloudbees

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

4.0
2020-01-15 CVE-2020-1611 Juniper Information Exposure vulnerability in Juniper Junos Space

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.

4.0
2020-01-14 CVE-2020-0637 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.

4.0
2020-01-14 CVE-2020-6307 SAP Information Exposure vulnerability in SAP Basis

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

4.0
2020-01-14 CVE-2020-6306 SAP Missing Authorization vulnerability in SAP Leasing

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

4.0
2020-01-13 CVE-2020-6954 Cayintech Insufficiently Protected Credentials vulnerability in Cayintech Smp-Pro4 Firmware

An issue was discovered on Cayin SMP-PRO4 devices.

4.0
2020-01-13 CVE-2019-20144 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1.

4.0
2020-01-13 CVE-2019-20142 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1.

4.0
2020-01-13 CVE-2019-20145 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1.

4.0

67 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-01-15 CVE-2020-2565 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure).

3.7
2020-01-15 CVE-2020-2656 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System).

3.6
2020-01-15 CVE-2020-2605 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

3.6
2020-01-15 CVE-2020-2568 Oracle Unspecified vulnerability in Oracle Applications DBA

Vulnerability in the Oracle Applications DBA component of Oracle Database Server.

3.6
2020-01-15 CVE-2020-2550 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

3.6
2020-01-13 CVE-2012-4767 Safend Improper Privilege Management vulnerability in Safend Data Protector Agent 3.4.5586.9772

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.

3.6
2020-01-19 CVE-2020-7234 Ruckuswireless Cross-Site Scripting vulnerability in Ruckuswireless R310 Firmware 104.0.0.0.1347

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).

3.5
2020-01-17 CVE-2019-10957 Geutebrueck Cross-Site Scripting vulnerability in Geutebrueck products

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.

3.5
2020-01-15 CVE-2019-19858 Serpico Project Cross-Site Scripting vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

3.5
2020-01-15 CVE-2019-19856 Serpico Project Cross-Site Scripting vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

3.5
2020-01-15 CVE-2019-19855 Serpico Project Cross-Site Scripting vulnerability in Serpico Project Serpico 1.3.0

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

3.5
2020-01-15 CVE-2009-5068 Simplemachines Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3.

3.5
2020-01-15 CVE-2019-18273 Osisoft Cross-Site Scripting vulnerability in Osisoft PI Vision 2017

OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1.

3.5
2020-01-15 CVE-2020-2694 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).

3.5
2020-01-15 CVE-2020-2677 Oracle Unspecified vulnerability in Oracle Hospitality Opera Property Management 5.5/5.6

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login).

3.5
2020-01-15 CVE-2020-2584 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).

3.5
2020-01-15 CVE-2020-2516 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

3.5
2020-01-15 CVE-2015-5484 Plot Cross-Site Scripting vulnerability in Plot Plotly 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.

3.5
2020-01-14 CVE-2020-0656 Microsoft Cross-Site Scripting vulnerability in Microsoft Dynamics 365 7.0

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

3.5
2020-01-14 CVE-2020-6303 SAP Cross-Site Scripting vulnerability in SAP Disclosure Management

SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.

3.5
2020-01-14 CVE-2020-5853 F5 Cross-Site Scripting vulnerability in F5 Big-Ip Access Policy Manager

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.

3.5
2020-01-14 CVE-2019-12398 Apache Cross-Site Scripting vulnerability in Apache Airflow

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

3.5
2020-01-13 CVE-2020-5197 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1.

3.5
2020-01-16 CVE-2020-7045 Wireshark Injection vulnerability in Wireshark

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash.

3.3
2020-01-15 CVE-2020-2731 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

3.3
2020-01-15 CVE-2020-2678 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

3.3
2020-01-15 CVE-2020-2664 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

3.3
2020-01-15 CVE-2020-2569 Oracle Unspecified vulnerability in Oracle Applications DBA 12.2.0.1/18C/19C

Vulnerability in the Oracle Applications DBA component of Oracle Database Server.

3.3
2020-01-15 CVE-2020-2697 Oracle Unspecified vulnerability in Oracle Hospitality Suites Management 3.7/3.8

Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications.

3.2
2020-01-15 CVE-2012-0334 Cisco Improper Input Validation vulnerability in Cisco Ironport web Security Appliance

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

3.2
2020-01-17 CVE-2020-5397 Pivotal Software Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Framework 5.2.0/5.2.1/5.2.2

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.

2.6
2020-01-15 CVE-2020-2531 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security).

2.6
2020-01-18 CVE-2019-19696 Trendmicro Information Exposure vulnerability in Trendmicro Password Manager

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.

2.1
2020-01-18 CVE-2019-15625 Trendmicro Information Exposure vulnerability in Trendmicro Password Manager 3.8/3.8.0.1052/3.8.0.1103

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.

2.1
2020-01-17 CVE-2019-14629 Intel Incorrect Permission Assignment FOR Critical Resource vulnerability in Intel Data Analytics Acceleration Library

Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2020-01-17 CVE-2019-14596 Intel Unspecified vulnerability in Intel Chipset INF Utility

Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access.

2.1
2020-01-17 CVE-2019-19801 Gallagher Unspecified vulnerability in Gallagher Command Centre

In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.

2.1
2020-01-16 CVE-2019-3997 Simplisafe Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.0/1.3

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.

2.1
2020-01-15 CVE-2015-6591 Freereprintables Path Traversal vulnerability in Freereprintables Articlefr 3.0.4/3.0.6/3.0.7

Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.

2.1
2020-01-15 CVE-2020-2727 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2725 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2705 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2704 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2703 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2692 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2691 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2690 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2689 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2681 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-01-15 CVE-2020-2680 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

2.1
2020-01-15 CVE-2020-2649 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations).

2.1
2020-01-15 CVE-2020-2581 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.0.2

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter).

2.1
2020-01-15 CVE-2020-2563 Oracle Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager).

2.1
2020-01-14 CVE-2020-0643 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.

2.1
2020-01-14 CVE-2020-0639 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

2.1
2020-01-14 CVE-2020-0622 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

2.1
2020-01-14 CVE-2020-0621 Microsoft Insufficient Session Expiration vulnerability in Microsoft products

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.

2.1
2020-01-14 CVE-2020-0615 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

2.1
2020-01-14 CVE-2020-0608 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

2.1
2020-01-14 CVE-2020-5851 F5 Unspecified vulnerability in F5 products

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components.

2.1
2020-01-13 CVE-2019-19727 Schedmd
Opensuse
Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

2.1
2020-01-17 CVE-2019-14615 Canonical
Intel
Information Exposure vulnerability in multiple products

Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.

1.9
2020-01-15 CVE-2019-18244 Osisoft Information Exposure Through LOG Files vulnerability in Osisoft PI Vision 2017/2019

In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision.

1.9
2020-01-15 CVE-2020-2693 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

1.9
2020-01-15 CVE-2020-2647 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

1.9
2020-01-15 CVE-2020-2599 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Materials Management 7.30.567

Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All).

1.9
2020-01-15 CVE-2020-2571 Oracle Unspecified vulnerability in Oracle VM Server 3.6

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates).

1.9