Weekly Vulnerabilities Reports > February 10 to 16, 2020
Overview
542 new vulnerabilities reported during this period, including 68 critical vulnerabilities and 268 high severity vulnerabilities. This weekly summary report vulnerabilities in 728 products from 206 vendors including Microsoft, Google, Adobe, Opensuse, and Redhat. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Improper Input Validation", "Use After Free", and "Improper Authentication".
- 371 reported vulnerabilities are remotely exploitables.
- 46 reported vulnerabilities have public exploit available.
- 138 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 331 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 99 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
68 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-02-14 | CVE-2020-8129 | Script Manager Project | Code Injection vulnerability in Script-Manager Project Script-Manager An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 9.8 |
2020-02-14 | CVE-2020-8128 | Jsreport | Server-Side Request Forgery (SSRF) vulnerability in Jsreport An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. | 9.8 |
2020-02-14 | CVE-2019-4392 | Hcltech | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.13 HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | 9.8 |
2020-02-14 | CVE-2013-4211 | Openx | Code Injection vulnerability in Openx 2.8.10 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 9.8 |
2020-02-14 | CVE-2019-20046 | S3India | Improper Authentication vulnerability in S3India Husky RTU 6049-E70 Firmware 5.0 The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. | 9.8 |
2020-02-13 | CVE-2013-7287 | Mobileiron | Inadequate Encryption Strength vulnerability in Mobileiron Sentry and Virtual Smartphone Platform MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | 9.8 |
2020-02-13 | CVE-2013-7173 | Belkin | Classic Buffer Overflow vulnerability in Belkin N750 Firmware 1.10.16M Belkin n750 routers have a buffer overflow. | 9.8 |
2020-02-13 | CVE-2013-7098 | Infradead | Out-of-bounds Write vulnerability in Infradead Openconnect OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | 9.8 |
2020-02-13 | CVE-2013-6362 | Xerox | Use of Hard-coded Credentials vulnerability in Xerox products Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | 9.8 |
2020-02-13 | CVE-2013-1401 | Cardozatechnologies | SQL Injection vulnerability in Cardozatechnologies Wordpress Poll 34.05 Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | 9.8 |
2020-02-13 | CVE-2013-1400 | Cardozatechnologies | SQL Injection vulnerability in Cardozatechnologies Wordpress Poll 34.05/34.06 Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | 9.8 |
2020-02-13 | CVE-2014-4170 | Freereprintables | Improper Privilege Management vulnerability in Freereprintables Articlefr 3.0.4 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | 9.8 |
2020-02-13 | CVE-2020-8803 | Salesagility | Path Traversal vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | 9.8 |
2020-02-13 | CVE-2020-8802 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | 9.8 |
2020-02-13 | CVE-2020-8614 | Askey | Improper Input Validation vulnerability in Askey Ap4000W Firmware Tdcv1.01.003 An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. | 9.8 |
2020-02-13 | CVE-2020-3763 | Adobe | Unspecified vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3762 | Adobe | Unspecified vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3760 | Adobe | Command Injection vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3754 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3752 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3751 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3750 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3749 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3746 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3745 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3743 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3742 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. | 9.8 |
2020-02-13 | CVE-2020-3740 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. | 9.8 |
2020-02-13 | CVE-2020-8962 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-842 Firmware 3.13B09 A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. | 9.8 |
2020-02-13 | CVE-2020-8953 | Openvpn | Improper Authentication vulnerability in Openvpn Access Server 2.8.0 OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | 9.8 |
2020-02-13 | CVE-2020-8964 | Timetoolsltd | Use of Hard-coded Credentials vulnerability in Timetoolsltd products TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | 9.8 |
2020-02-13 | CVE-2020-8963 | Timetoolsltd | OS Command Injection vulnerability in Timetoolsltd products TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | 9.8 |
2020-02-13 | CVE-2020-7209 | HP | Unspecified vulnerability in HP Linuxki LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | 9.8 |
2020-02-12 | CVE-2020-8955 | Weechat Fedoraproject Opensuse Debian | Classic Buffer Overflow vulnerability in multiple products irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | 9.8 |
2020-02-12 | CVE-2011-4908 | Tiny | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Tinybrowser TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | 9.8 |
2020-02-12 | CVE-2011-4906 | Tiny | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny Tinybrowser Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | 9.8 |
2020-02-12 | CVE-2013-3725 | Invisioncommunity | Unspecified vulnerability in Invisioncommunity Invision Power Board Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | 9.8 |
2020-02-12 | CVE-2013-6236 | Izoncam | Use of Hard-coded Credentials vulnerability in Izoncam Izon IP Firmware 2.0.2 IZON IP 2.0.2: hard-coded password vulnerability | 9.8 |
2020-02-12 | CVE-2015-5617 | Enorth | SQL Injection vulnerability in Enorth Webpublisher CMS SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | 9.8 |
2020-02-12 | CVE-2013-7381 | Libnotify Project | Injection vulnerability in Libnotify Project Libnotify libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | 9.8 |
2020-02-12 | CVE-2013-2010 | Boldgrid Automattic | Injection vulnerability in multiple products WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | 9.8 |
2020-02-12 | CVE-2013-7378 | Hubot Scripts Project | Injection vulnerability in Hubot Scripts Project Hubot Scripts scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | 9.8 |
2020-02-12 | CVE-2014-9390 | GIT SCM Mercurial Apple Eclipse Libgit2 | Improper Input Validation vulnerability in multiple products Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | 9.8 |
2020-02-12 | CVE-2014-2595 | Barracuda | Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | 9.8 |
2020-02-12 | CVE-2014-0234 | Redhat | Insecure Default Initialization of Resource vulnerability in Redhat Openshift The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. | 9.8 |
2020-02-11 | CVE-2012-1124 | Phxeventmanager Project | SQL Injection vulnerability in Phxeventmanager Project Phxeventmanager 2.0 SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | 9.8 |
2020-02-11 | CVE-2014-9753 | Atutor | Improper Authentication vulnerability in Atutor confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | 9.8 |
2020-02-11 | CVE-2013-3684 | Imagely | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | 9.8 |
2020-02-11 | CVE-2013-2057 | Yabb | Unrestricted Upload of File with Dangerous Type vulnerability in Yabb 2.5.2 YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | 9.8 |
2020-02-11 | CVE-2013-1607 | Pdfkit Project | Improper Input Validation vulnerability in Pdfkit Project Pdfkit Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability | 9.8 |
2020-02-11 | CVE-2013-1359 | Sonicwall | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | 9.8 |
2020-02-11 | CVE-2013-0803 | Polarbear CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Polarbear CMS Project Polarbear CMS 2.5 A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | 9.8 |
2020-02-11 | CVE-2014-2052 | Owncloud | XXE vulnerability in Owncloud Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 9.8 |
2020-02-11 | CVE-2013-1360 | Sonicwall | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | 9.8 |
2020-02-11 | CVE-2020-3934 | Secom | SQL Injection vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. | 9.8 |
2020-02-11 | CVE-2019-14514 | Microvirt | OS Command Injection vulnerability in Microvirt Memu An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. | 9.8 |
2020-02-11 | CVE-2013-5945 | Dlink | SQL Injection vulnerability in Dlink products Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | 9.8 |
2020-02-11 | CVE-2013-4267 | Pydio | OS Command Injection vulnerability in Pydio Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). | 9.8 |
2020-02-10 | CVE-2020-8840 | Fasterxml Debian Netapp Huawei Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | 9.8 |
2020-02-10 | CVE-2019-20451 | Samsung | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Prismview Player 11 and Prismview System 9 The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. | 9.8 |
2020-02-10 | CVE-2012-6611 | Polycom | Use of Hard-coded Credentials vulnerability in Polycom HDX System Software An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. | 9.8 |
2020-02-10 | CVE-2019-20062 | Mfscripts | Improper Authentication vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used). | 9.8 |
2020-02-10 | CVE-2019-17137 | Netgear | Unspecified vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.86 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. | 9.4 |
2020-02-13 | CVE-2014-3919 | Netgear | Cross-site Scripting vulnerability in Netgear Cg3100 Firmware A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | 9.3 |
2020-02-13 | CVE-2014-4198 | Bssys | Improper Authentication vulnerability in Bssys RBS Bs-Client. Retail Client 2.4/2.5 A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | 9.1 |
2020-02-10 | CVE-2020-7060 | PHP Tenable Oracle Opensuse Debian | Out-of-bounds Read vulnerability in multiple products When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. | 9.1 |
2020-02-10 | CVE-2020-7059 | PHP Tenable Oracle Opensuse Debian | Out-of-bounds Read vulnerability in multiple products When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. | 9.1 |
2020-02-14 | CVE-2020-8612 | Progess Progress | Cross-site Scripting vulnerability in multiple products In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | 9.0 |
268 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-02-16 | CVE-2020-8997 | Abbott | Out-of-bounds Write vulnerability in Abbott Freestyle Libre Firmware Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. | 8.8 |
2020-02-14 | CVE-2020-6068 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. | 8.8 |
2020-02-14 | CVE-2019-5187 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. | 8.8 |
2020-02-14 | CVE-2020-8858 | Moxa | OS Command Injection vulnerability in Moxa products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. | 8.8 |
2020-02-14 | CVE-2020-8611 | Progess Progress | SQL Injection vulnerability in multiple products In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. | 8.8 |
2020-02-13 | CVE-2015-6589 | Kaseya | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | 8.8 |
2020-02-13 | CVE-2020-8800 | Salesagility | Injection vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | 8.8 |
2020-02-13 | CVE-2020-3757 | Adobe Redhat | Type Confusion vulnerability in multiple products Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3739 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3738 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3737 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3736 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3735 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3734 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3733 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3732 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3731 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3730 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3729 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3728 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3727 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3726 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3725 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3724 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3723 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3722 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3721 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-3720 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. | 8.8 |
2020-02-13 | CVE-2020-0022 | Google Huawei | Incorrect Calculation vulnerability in multiple products In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. | 8.8 |
2020-02-13 | CVE-2020-5239 | Mailu | Unspecified vulnerability in Mailu 1.5/1.6 In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. | 8.8 |
2020-02-12 | CVE-2020-1977 | Paloaltonetworks | Cross-Site Request Forgery (CSRF) vulnerability in Paloaltonetworks Expedition Migration Tool Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. | 8.8 |
2020-02-12 | CVE-2020-1975 | Paloaltonetworks | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 8.8 |
2020-02-12 | CVE-2013-5106 | Python Mode Project | Improper Input Validation vulnerability in Python-Mode Project Python-Mode 20121219 A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. | 8.8 |
2020-02-12 | CVE-2020-6188 | SAP | Missing Authorization vulnerability in SAP ERP and S/4 Hana VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. | 8.8 |
2020-02-12 | CVE-2020-8949 | Gocloud | OS Command Injection vulnerability in Gocloud products Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring. | 8.8 |
2020-02-12 | CVE-2019-17519 | NXP | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1 The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. | 8.8 |
2020-02-12 | CVE-2020-8946 | Netis Systems | OS Command Injection vulnerability in Netis-Systems Wf2471 Firmware 1.2.30142 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | 8.8 |
2020-02-12 | CVE-2020-2123 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Radargun Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
2020-02-12 | CVE-2020-2121 | Jenkins | Unspecified vulnerability in Jenkins Google Kubernetes Engine Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
2020-02-12 | CVE-2020-2120 | Jenkins | XXE vulnerability in Jenkins Fitnesse Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
2020-02-12 | CVE-2020-2116 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Github Notify Step A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2020-02-12 | CVE-2020-2115 | Jenkins | XXE vulnerability in Jenkins Nunit Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
2020-02-12 | CVE-2020-2110 | Jenkins | Improper Input Validation vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | 8.8 |
2020-02-12 | CVE-2020-2109 | Jenkins | Improper Input Validation vulnerability in Jenkins Pipeline: Groovy Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | 8.8 |
2020-02-12 | CVE-2019-19194 | Telink Semi | Unspecified vulnerability in Telink-Semi products The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. | 8.8 |
2020-02-12 | CVE-2014-4607 | Oberhumer | Integer Overflow or Wraparound vulnerability in Oberhumer Liblzo2 and Lzo2 Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | 8.8 |
2020-02-12 | CVE-2009-5140 | Linksys | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 8.8 |
2020-02-12 | CVE-2015-7508 | Netsurf Browser | Out-of-bounds Write vulnerability in Netsurf-Browser Libnsbmp 0.1.2 Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file. | 8.8 |
2020-02-12 | CVE-2014-4968 | Boatmob | Unspecified vulnerability in Boatmob Boat Browser 8.0/8.0.1 The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | 8.8 |
2020-02-11 | CVE-2020-0792 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0759 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0738 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0734 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0729 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0688 | Microsoft | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0662 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-0618 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft SQL Server 2012/2014/2016 A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | 8.8 |
2020-02-11 | CVE-2020-6069 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. | 8.8 |
2020-02-11 | CVE-2020-6067 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. | 8.8 |
2020-02-11 | CVE-2020-6066 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. | 8.8 |
2020-02-11 | CVE-2020-6065 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. | 8.8 |
2020-02-11 | CVE-2020-6064 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. | 8.8 |
2020-02-11 | CVE-2020-6063 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.5.0 An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. | 8.8 |
2020-02-11 | CVE-2013-4225 | Restful WEB Services Project | Code Injection vulnerability in Restful web Services Project Restful web Services The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | 8.8 |
2020-02-11 | CVE-2020-8429 | Kinetica | OS Command Injection vulnerability in Kinetica 7.0.9.2.20191118151947 The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. | 8.8 |
2020-02-11 | CVE-2013-4535 | Qemu Redhat | Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | 8.8 |
2020-02-11 | CVE-2020-6416 | Google Fedoraproject Debian Suse Opensuse Redhat | Improper Input Validation vulnerability in multiple products Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6415 | Google Fedoraproject Debian Suse Opensuse Redhat | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6414 | Google Opensuse | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6413 | Google Opensuse | Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6410 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. | 8.8 | |
2020-02-11 | CVE-2020-6409 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. | 8.8 | |
2020-02-11 | CVE-2020-6406 | Google Fedoraproject Debian Suse Redhat | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6404 | Google Opensuse Fedoraproject Debian Suse Redhat | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6402 | Google Opensuse Fedoraproject Debian Suse Redhat | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | 8.8 |
2020-02-11 | CVE-2020-6398 | Google Opensuse Fedoraproject Debian Suse Redhat | Use of Uninitialized Resource vulnerability in multiple products Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2020-02-11 | CVE-2020-6390 | Google Fedoraproject Debian Suse Opensuse Redhat | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6389 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. | 8.8 | |
2020-02-11 | CVE-2020-6388 | Race Condition vulnerability in Google Chrome Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2020-02-11 | CVE-2020-6387 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. | 8.8 | |
2020-02-11 | CVE-2020-6385 | Google Opensuse Fedoraproject Debian Suse Redhat | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6382 | Google Fedoraproject Debian Suse Opensuse Redhat | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6381 | Google Opensuse Fedoraproject Debian Suse Redhat | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6380 | Google Fedoraproject | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. | 8.8 |
2020-02-11 | CVE-2020-6379 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-11 | CVE-2020-6378 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-02-10 | CVE-2020-8841 | Testlink | SQL Injection vulnerability in Testlink 1.9.19 An issue was discovered in TestLink 1.9.19. | 8.8 |
2020-02-10 | CVE-2019-13322 | MI | Improper Input Validation vulnerability in MI Browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. | 8.8 |
2020-02-10 | CVE-2013-2109 | Undolog | Cross-Site Request Forgery (CSRF) vulnerability in Undolog WP Cleanfix 1.4 WordPress plugin wp-cleanfix has Remote Code Execution | 8.8 |
2020-02-10 | CVE-2019-19659 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus 8.2.9.1 A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. | 8.8 |
2020-02-10 | CVE-2014-5086 | Sphider Sphider Plus Sphiderpro | Injection vulnerability in multiple products A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. | 8.8 |
2020-02-10 | CVE-2014-5085 | Sphider Plus | Injection vulnerability in Sphider-Plus 3.2 A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. | 8.8 |
2020-02-10 | CVE-2014-5084 | Sphiderpro | Injection vulnerability in Sphiderpro Sphider PRO 3.2 A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. | 8.8 |
2020-02-10 | CVE-2014-5083 | Sphider | Injection vulnerability in Sphider A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. | 8.8 |
2020-02-10 | CVE-2019-20059 | Mfscripts | SQL Injection vulnerability in Mfscripts Yetishare payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. | 8.8 |
2020-02-11 | CVE-2013-2120 | KDE | Improper Authentication vulnerability in KDE Paste Applet The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | 8.4 |
2020-02-14 | CVE-2019-11215 | Combodo | Incorrect Permission Assignment for Critical Resource vulnerability in Combodo Itop In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. | 8.1 |
2020-02-12 | CVE-2020-8892 | Misp | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 8.1 |
2020-02-11 | CVE-2020-0692 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | 8.1 |
2020-02-11 | CVE-2020-0665 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | 8.1 |
2020-02-11 | CVE-2014-9748 | Libuv Nodejs | Race Condition vulnerability in multiple products The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. | 8.1 |
2020-02-11 | CVE-2020-5529 | Htmlunit Debian Canonical Apache | Improper Initialization vulnerability in multiple products HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. | 8.1 |
2020-02-10 | CVE-2017-18641 | Linuxcontainers | Improper Authentication vulnerability in Linuxcontainers LXC 2.0.0 In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | 8.1 |
2020-02-11 | CVE-2020-0655 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8.0 |
2020-02-10 | CVE-2019-13321 | MI | Incorrect Permission Assignment for Critical Resource vulnerability in MI Browser This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. | 8.0 |
2020-02-16 | CVE-2019-20456 | Goverlan | Untrusted Search Path vulnerability in Goverlan Client Agent, Reach Console and Reach Server Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | 7.8 |
2020-02-14 | CVE-2020-8857 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8856 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Reader This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. | 7.8 |
2020-02-14 | CVE-2020-8855 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. | 7.8 |
2020-02-14 | CVE-2020-8854 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-02-14 | CVE-2020-8853 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-02-14 | CVE-2020-8851 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8850 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8849 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8848 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8847 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. | 7.8 |
2020-02-14 | CVE-2020-8846 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Reader This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. | 7.8 |
2020-02-14 | CVE-2020-8845 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Reader This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. | 7.8 |
2020-02-14 | CVE-2020-8844 | Foxitsoftware | Integer Overflow or Wraparound vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. | 7.8 |
2020-02-13 | CVE-2020-0564 | Intel | Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000 Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-02-13 | CVE-2020-0563 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Manycore Platform Software Stack Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-02-13 | CVE-2020-0562 | Intel | Incorrect Default Permissions vulnerability in Intel Raid web Console 2 Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-02-13 | CVE-2020-0561 | Intel Opensuse | Improper Initialization vulnerability in multiple products Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-02-13 | CVE-2020-0560 | Intel | Incorrect Default Permissions vulnerability in Intel Renesas Electronics USB 3.0 Driver Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-02-13 | CVE-2020-3748 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. | 7.8 |
2020-02-13 | CVE-2020-0027 | Out-of-bounds Write vulnerability in Google Android In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. | 7.8 | |
2020-02-13 | CVE-2020-0026 | Use After Free vulnerability in Google Android In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. | 7.8 | |
2020-02-13 | CVE-2020-0015 | Unspecified vulnerability in Google Android In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. | 7.8 | |
2020-02-13 | CVE-2019-18915 | HP | Unquoted Search Path or Element vulnerability in HP System Event Utility 1.4.32 A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. | 7.8 |
2020-02-12 | CVE-2020-8950 | AMD | Link Following vulnerability in AMD User Experience Program 1.0.0.1 The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | 7.8 |
2020-02-12 | CVE-2011-4338 | Shaman Project | Improper Authentication vulnerability in Shaman Project Shaman 1.0.9 Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. | 7.8 |
2020-02-12 | CVE-2014-3860 | Xilisoft | Untrusted Search Path vulnerability in Xilisoft Video Converter 7.8.1 Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | 7.8 |
2020-02-12 | CVE-2012-0951 | Nvidia | Out-of-bounds Write vulnerability in Nvidia Display Driver 295.49/295.53 A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. | 7.8 |
2020-02-12 | CVE-2013-3494 | Umplayer Project | Untrusted Search Path vulnerability in Umplayer Project Umplayer 0.98 A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. | 7.8 |
2020-02-12 | CVE-2013-2097 | Zpanel Project | Unspecified vulnerability in Zpanel Project Zpanel 10.1.0 ZPanel through 10.1.0 has Remote Command Execution | 7.8 |
2020-02-11 | CVE-2020-0757 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0754 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0753 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0752 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0750 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0749 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0747 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0745 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0743 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0742 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0741 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0740 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0739 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0737 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0735 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0733 | Microsoft | Unspecified vulnerability in Microsoft Windows Malicious Software Removal Tool An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0732 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0731 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0727 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0726 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0725 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0724 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0723 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0722 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0721 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0720 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0719 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0715 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0709 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0708 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0707 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows IME Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0704 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Wireless Network Manager improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Wireless Network Manager Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0703 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0701 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory, aka 'Windows Client License Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0697 | Microsoft | Unspecified vulnerability in Microsoft Office 365 Proplus An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0691 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0686 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0685 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0683 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0682 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0680 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0679 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0678 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0672 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0671 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0670 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0669 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0668 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0667 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0666 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0659 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2020-0657 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
2020-02-11 | CVE-2013-5582 | Ammyy | Improper Authentication vulnerability in Ammyy Admin 3.2 Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | 7.8 |
2020-02-11 | CVE-2020-5823 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2020-02-11 | CVE-2020-5822 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2020-02-11 | CVE-2020-5821 | Symantec | Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. | 7.8 |
2020-02-11 | CVE-2020-5820 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2020-02-11 | CVE-2013-3942 | Daum | Untrusted Search Path vulnerability in Daum Potplayer Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability | 7.8 |
2020-02-11 | CVE-2013-0517 | IBM | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
2020-02-11 | CVE-2020-6417 | Unspecified vulnerability in Google Chrome Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | 7.8 | |
2020-02-11 | CVE-2014-8347 | Claris | Improper Authentication vulnerability in Claris Filemaker PRO and Filemaker PRO Advanced An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | 7.8 |
2020-02-14 | CVE-2019-13967 | Combodo | Unspecified vulnerability in Combodo Itop iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. | 7.5 |
2020-02-14 | CVE-2019-6193 | Lenovo | Information Exposure vulnerability in Lenovo Xclarity Administrator An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | 7.5 |
2020-02-14 | CVE-2019-20045 | S3India | Improper Input Validation vulnerability in S3India Husky RTU 6049-E70 Firmware 5.0 The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. | 7.5 |
2020-02-14 | CVE-2019-19879 | Hashicorp | Unspecified vulnerability in Hashicorp Sentinel HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. | 7.5 |
2020-02-14 | CVE-2019-20454 | Pcre Fedoraproject Splunk | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. | 7.5 |
2020-02-14 | CVE-2013-5687 | Aicorporation | Information Exposure vulnerability in Aicorporation Risknet Acquirer 6.0 RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. | 7.5 |
2020-02-13 | CVE-2013-6360 | Trendnet | Improper Authentication vulnerability in Trendnet Ts-S402 Firmware 2.00.11 TRENDnet TS-S402 has a backdoor to enable TELNET. | 7.5 |
2020-02-13 | CVE-2013-6277 | Qnap | Use of Hard-coded Credentials vulnerability in Qnap Viocard 300 Firmware Rsb3722/Rsb4631 QNAP VioCard 300 has hardcoded RSA private keys. | 7.5 |
2020-02-13 | CVE-2013-1634 | Intel | Improper Initialization vulnerability in Intel 82574L Controller Firmware 20130206 A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. | 7.5 |
2020-02-13 | CVE-2015-3309 | Etherpad | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. | 7.5 |
2020-02-13 | CVE-2014-3208 | Askpop3D Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Askpop3D Project Askpop3D 0.7.7 A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), | 7.5 |
2020-02-13 | CVE-2012-6091 | Magentocommerce | Information Exposure vulnerability in Magentocommerce Magento Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. | 7.5 |
2020-02-13 | CVE-2012-5623 | Squirrelmail | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Squirrelmail Change Passwd 4.0 Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | 7.5 |
2020-02-13 | CVE-2020-3759 | Adobe | Unspecified vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3756 | Adobe | Memory Leak vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3755 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3753 | Adobe | Memory Leak vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3747 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3744 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2020-02-13 | CVE-2020-3741 | Adobe | Resource Exhaustion vulnerability in Adobe Experience Manager 6.4/6.5 Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. | 7.5 |
2020-02-13 | CVE-2019-4592 | IBM | Unspecified vulnerability in IBM Tivoli Monitoring 6.3.0.7.10/6.3.0.7.3 IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. | 7.5 |
2020-02-13 | CVE-2019-5322 | Arubanetworks | Unspecified vulnerability in Arubanetworks products A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. | 7.5 |
2020-02-12 | CVE-2020-6186 | SAP | Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | 7.5 |
2020-02-12 | CVE-2011-3901 | Information Exposure vulnerability in Google Android 2.3.7 Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | 7.5 | |
2020-02-12 | CVE-2011-3336 | Freebsd Apple Openbsd PHP | Resource Exhaustion vulnerability in multiple products regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | 7.5 |
2020-02-12 | CVE-2020-8945 | Gpgme Project Redhat Fedoraproject | Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. | 7.5 |
2020-02-12 | CVE-2013-7286 | ATT | Inadequate Encryption Strength vulnerability in ATT products MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | 7.5 |
2020-02-12 | CVE-2020-7046 | Dovecot Fedoraproject | Infinite Loop vulnerability in multiple products lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. | 7.5 |
2020-02-12 | CVE-2011-4661 | Cisco | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. | 7.5 |
2020-02-12 | CVE-2019-4427 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud CLI IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. | 7.5 |
2020-02-12 | CVE-2013-4090 | Varnish Cache Project | Unspecified vulnerability in Varnish Cache Project Varnish Cache Varnish HTTP cache before 3.0.4: ACL bug | 7.5 |
2020-02-12 | CVE-2013-1924 | Skill | Unspecified vulnerability in Skill Commerce Skrill Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 | 7.5 |
2020-02-12 | CVE-2020-8815 | Iktm | Improper Input Validation vulnerability in Iktm Bearftp Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets. | 7.5 |
2020-02-12 | CVE-2020-2114 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins S3 Publisher Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
2020-02-12 | CVE-2014-2560 | Phoner | Use of Password Hash With Insufficient Computational Effort vulnerability in Phoner Phonerlite The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 7.5 |
2020-02-12 | CVE-2009-5139 | Use of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5 The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 7.5 | |
2020-02-12 | CVE-2014-6262 | Zenoss Debian | Use of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | 7.5 |
2020-02-12 | CVE-2020-8893 | Misp | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 7.5 |
2020-02-11 | CVE-2020-0767 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0713 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0712 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0711 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0710 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0681 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0674 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0673 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-0660 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
2020-02-11 | CVE-2020-1942 | Apache | Information Exposure Through Log Files vulnerability in Apache Nifi In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. | 7.5 |
2020-02-11 | CVE-2019-13941 | Siemens | Files or Directories Accessible to External Parties vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). | 7.5 |
2020-02-11 | CVE-2019-13940 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. | 7.5 |
2020-02-11 | CVE-2019-13926 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). | 7.5 |
2020-02-11 | CVE-2019-13925 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). | 7.5 |
2020-02-11 | CVE-2018-14553 | Libgd Fedoraproject Canonical Debian Opensuse | NULL Pointer Dereference vulnerability in multiple products gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. | 7.5 |
2020-02-11 | CVE-2020-8596 | Xnau | SQL Injection vulnerability in Xnau Participants Database participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. | 7.5 |
2020-02-11 | CVE-2020-7217 | Opensuse | Memory Leak vulnerability in Opensuse Wicked An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. | 7.5 |
2020-02-11 | CVE-2020-3935 | Secom | Cleartext Storage of Sensitive Information vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | 7.5 |
2020-02-10 | CVE-2019-20061 | Mfscripts | Cleartext Transmission of Sensitive Information vulnerability in Mfscripts Yetishare The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. | 7.5 |
2020-02-10 | CVE-2019-20060 | Mfscripts | Insecure Storage of Sensitive Information vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. | 7.5 |
2020-02-14 | CVE-2020-8843 | Istio | Improper Input Validation vulnerability in Istio An issue was discovered in Istio 1.3 through 1.3.6. | 7.4 |
2020-02-12 | CVE-2020-5399 | Pivotal Software Cloudfoundry | Cleartext Transmission of Sensitive Information vulnerability in multiple products Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. | 7.4 |
2020-02-13 | CVE-2019-2200 | Incorrect Default Permissions vulnerability in Google Android 10.0 In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. | 7.3 | |
2020-02-12 | CVE-2020-8595 | Istio Redhat | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.3 |
2020-02-13 | CVE-2020-8801 | Salesagility | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows PHAR Deserialization. | 7.2 |
2020-02-12 | CVE-2020-6192 | SAP | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | 7.2 |
2020-02-12 | CVE-2020-6191 | SAP | Improper Input Validation vulnerability in SAP Landscape Management 3.0 SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | 7.2 |
2020-02-12 | CVE-2020-8947 | Artica | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |
2020-02-11 | CVE-2020-0730 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
2020-02-11 | CVE-2014-6447 | Juniper | Cross-site Scripting vulnerability in Juniper Junos Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). | 7.1 |
2020-02-10 | CVE-2019-19664 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. | 7.1 |
2020-02-13 | CVE-2020-0030 | Use After Free vulnerability in Google Android In binder_thread_release of binder.c, there is a possible use after free due to a race condition. | 7.0 | |
2020-02-12 | CVE-2013-3685 | Spritesoftware | Race Condition vulnerability in Spritesoftware Spritebackup and Spritebud A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. | 7.0 |
2020-02-12 | CVE-2019-19921 | Linuxfoundation Debian Opensuse Canonical Redhat | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. | 7.0 |
197 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-02-11 | CVE-2020-0702 | Microsoft | Unspecified vulnerability in Microsoft Surface HUB Firmware A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka 'Surface Hub Security Feature Bypass Vulnerability'. | 6.8 |
2020-02-11 | CVE-2020-0661 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
2020-02-11 | CVE-2009-4067 | Linux Redhat | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | 6.8 |
2020-02-13 | CVE-2019-14598 | Intel Netapp | Improper Authentication vulnerability in multiple products Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 6.7 |
2020-02-13 | CVE-2020-0005 | Out-of-bounds Write vulnerability in Google Android In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-02-11 | CVE-2020-0689 | Microsoft | Unspecified vulnerability in Microsoft products A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'. | 6.7 |
2020-02-14 | CVE-2018-21033 | Hitachi | Improper Input Validation vulnerability in Hitachi products A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. | 6.5 |
2020-02-13 | CVE-2014-1617 | Promotic | Classic Buffer Overflow vulnerability in Promotic 8.2.13 Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. | 6.5 |
2020-02-13 | CVE-2020-8804 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | 6.5 |
2020-02-13 | CVE-2020-0028 | Unspecified vulnerability in Google Android 9.0 In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. | 6.5 | |
2020-02-13 | CVE-2020-0021 | NULL Pointer Dereference vulnerability in Google Android 10.0 In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. | 6.5 | |
2020-02-12 | CVE-2020-6183 | SAP | Missing Authorization vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. | 6.5 |
2020-02-12 | CVE-2019-19192 | ST | Improper Input Validation vulnerability in ST Bluenrg-2 and Wb55 The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. | 6.5 |
2020-02-12 | CVE-2019-16336 | Cypress | Classic Buffer Overflow vulnerability in Cypress Cybl11573 and Cyble-416045 The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame. | 6.5 |
2020-02-12 | CVE-2020-2133 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Applatix 1.1 Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2020-02-12 | CVE-2020-2132 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Parasoft Environment Manager Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2020-02-12 | CVE-2020-2131 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2020-02-12 | CVE-2020-2130 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |
2020-02-12 | CVE-2020-2129 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Eagle Tester Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |
2020-02-12 | CVE-2019-19196 | Telink Semi | Classic Buffer Overflow vulnerability in Telink-Semi products The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets. | 6.5 |
2020-02-12 | CVE-2014-8128 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. | 6.5 |
2020-02-12 | CVE-2020-8894 | Misp | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 6.5 |
2020-02-11 | CVE-2020-0696 | Microsoft | Unspecified vulnerability in Microsoft Office, Office 365 Proplus and Outlook A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | 6.5 |
2020-02-11 | CVE-2020-6408 | Google Opensuse Fedoraproject Debian Suse Redhat | Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 |
2020-02-11 | CVE-2020-6405 | Out-of-bounds Read vulnerability in Google Chrome Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | |
2020-02-11 | CVE-2020-6401 | Google Opensuse | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2020-02-11 | CVE-2020-6400 | Google Opensuse Fedoraproject Debian Suse Redhat | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2020-02-11 | CVE-2020-6399 | Google Opensuse | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2020-02-11 | CVE-2020-6397 | Google Opensuse Fedoraproject Debian Suse Redhat | Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2020-02-11 | CVE-2020-6395 | Out-of-bounds Read vulnerability in Google Chrome Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | |
2020-02-11 | CVE-2020-6393 | Google Opensuse Fedoraproject Debian Suse Redhat | Missing Authorization vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2020-02-10 | CVE-2019-19195 | Microchip | Unspecified vulnerability in Microchip Atmsamb11 Blusdk Smart 6.2 The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | 6.5 |
2020-02-10 | CVE-2019-19193 | TI | Unspecified vulnerability in TI Ble-Stack and Cc2640R2 Software Development KIT The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | 6.5 |
2020-02-10 | CVE-2019-17520 | TI | Classic Buffer Overflow vulnerability in TI Cc2640R2 Software Development KIT The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets. | 6.5 |
2020-02-10 | CVE-2019-17518 | Dialog Semiconductor | Classic Buffer Overflow vulnerability in Dialog-Semiconductor Software Development KIT 1.0.14.1081 The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. | 6.5 |
2020-02-10 | CVE-2019-17061 | Cypress | Classic Buffer Overflow vulnerability in Cypress Psoc 4 BLE 3.62 The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. | 6.5 |
2020-02-10 | CVE-2019-17060 | NXP | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1 The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. | 6.5 |
2020-02-10 | CVE-2017-18642 | Syska | Information Exposure vulnerability in Syska Smartlight Rainbow LED Smart Bulb Firmware 20170806 Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. | 6.5 |
2020-02-10 | CVE-2019-19669 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. | 6.5 |
2020-02-10 | CVE-2019-19662 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. | 6.5 |
2020-02-10 | CVE-2019-19665 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus 8.2.9.1 A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. | 6.5 |
2020-02-10 | CVE-2019-19663 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus 8.2.9.1 A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. | 6.5 |
2020-02-10 | CVE-2019-19660 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus 8.2.9.1 A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. | 6.5 |
2020-02-10 | CVE-2012-5828 | Blackberry | Information Exposure vulnerability in Blackberry Playbook Firmware BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error | 6.5 |
2020-02-11 | CVE-2012-6721 | Socialengine | Cross-Site Request Forgery (CSRF) vulnerability in Socialengine 4.2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | 6.3 |
2020-02-13 | CVE-2020-6973 | Digi | Cross-site Scripting vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 6.2 |
2020-02-16 | CVE-2020-9012 | Gluu | Cross-site Scripting vulnerability in Gluu Server 4.0 A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | 6.1 |
2020-02-14 | CVE-2019-13966 | Combodo | Cross-site Scripting vulnerability in Combodo Itop In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. | 6.1 |
2020-02-14 | CVE-2019-13965 | Combodo | Cross-site Scripting vulnerability in Combodo Itop Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. | 6.1 |
2020-02-14 | CVE-2019-19758 | Lenovo | Open Redirect vulnerability in Lenovo products A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | 6.1 |
2020-02-14 | CVE-2013-5212 | Easyxdm | Cross-site Scripting vulnerability in Easyxdm Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. | 6.1 |
2020-02-13 | CVE-2020-8981 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt Source Integration A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. | 6.1 |
2020-02-13 | CVE-2019-10785 | Linuxfoundation Debian | Cross-site Scripting vulnerability in multiple products dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. | 6.1 |
2020-02-13 | CVE-2020-7051 | Codologic | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. | 6.1 |
2020-02-13 | CVE-2019-14652 | Amazon | Cross-site Scripting vulnerability in Amazon AWS Javascript S3 Explorer 1.0.0 explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | 6.1 |
2020-02-13 | CVE-2020-7208 | HP | Cross-site Scripting vulnerability in HP Linuxki LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | 6.1 |
2020-02-12 | CVE-2013-6022 | Tiki | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | 6.1 |
2020-02-12 | CVE-2020-6193 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-02-12 | CVE-2020-6184 | SAP | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-02-12 | CVE-2011-2499 | Mambo Foundation | Cross-site Scripting vulnerability in Mambo-Foundation Mambo CMS Mambo CMS through 4.6.5 has multiple XSS. | 6.1 |
2020-02-12 | CVE-2013-2637 | Otrs Opensuse | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 6.1 |
2020-02-12 | CVE-2013-4395 | Simplemachines | Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS | 6.1 |
2020-02-12 | CVE-2013-1938 | Zimbra | Cross-site Scripting vulnerability in Zimbra 2013 Zimbra 2013 has XSS in aspell.php | 6.1 |
2020-02-12 | CVE-2020-8839 | Chiyu T | Cross-site Scripting vulnerability in Chiyu-T Bf-430 Firmware Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. | 6.1 |
2020-02-12 | CVE-2013-1410 | Perforce | Cross-site Scripting vulnerability in Perforce P4Web 2011.1/2012.1 Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities | 6.1 |
2020-02-11 | CVE-2011-4938 | Muze | Cross-site Scripting vulnerability in Muze Ariadne 2.7.6 Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. | 6.1 |
2020-02-11 | CVE-2012-6720 | Socialengine | Cross-site Scripting vulnerability in Socialengine 4.2.2 Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | 6.1 |
2020-02-11 | CVE-2012-2517 | Prestashop | Cross-site Scripting vulnerability in Prestashop Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | 6.1 |
2020-02-11 | CVE-2012-2452 | Pragmamx | Cross-site Scripting vulnerability in Pragmamx 1.0/1.12.1 Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. | 6.1 |
2020-02-11 | CVE-2013-5988 | Semperplugins | Cross-site Scripting vulnerability in Semperplugins ALL in ONE SEO Pack A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. | 6.1 |
2020-02-11 | CVE-2013-1760 | Thebuggenie | Cross-site Scripting vulnerability in Thebuggenie the BUG Genie The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities | 6.1 |
2020-02-11 | CVE-2012-4519 | Zenphoto | Cross-site Scripting vulnerability in Zenphoto Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. | 6.1 |
2020-02-10 | CVE-2019-19670 | Maxum | Unspecified vulnerability in Maxum Rumpus FTP 8.2.9.1 A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. | 6.1 |
2020-02-10 | CVE-2019-19661 | Maxum | Cross-site Scripting vulnerability in Maxum Rumpus FTP 8.2.9.1 A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | 6.1 |
2020-02-10 | CVE-2012-6666 | Vbseo | Cross-site Scripting vulnerability in Vbseo 3.8.7 vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. | 6.1 |
2020-02-10 | CVE-2020-8823 | Sockjs Project | Cross-site Scripting vulnerability in Sockjs Project Sockjs htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | 6.1 |
2020-02-11 | CVE-2020-0751 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.0 |
2020-02-11 | CVE-2020-1711 | Qemu Redhat Debian Opensuse | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
2020-02-14 | CVE-2019-20455 | Globalpayments | Improper Certificate Validation vulnerability in Globalpayments PHP SDK Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations. | 5.9 |
2020-02-13 | CVE-2020-8988 | Voatz | Weak Password Requirements vulnerability in Voatz 20200101 The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. | 5.9 |
2020-02-12 | CVE-2013-6681 | Mapway | Information Exposure vulnerability in Mapway Tube MAP 3.0.21 Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability | 5.9 |
2020-02-12 | CVE-2020-8891 | Misp | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 5.9 |
2020-02-12 | CVE-2020-8890 | Misp | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 5.9 |
2020-02-11 | CVE-2020-1726 | Libpod Project Redhat | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. | 5.9 |
2020-02-12 | CVE-2020-6190 | SAP | Information Exposure vulnerability in SAP Netweaver Application Server Java Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. | 5.8 |
2020-02-12 | CVE-2020-6181 | SAP | Unspecified vulnerability in SAP Abap Platform and Netweaver Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. | 5.8 |
2020-02-10 | CVE-2019-17517 | Dialog Semiconductor | Classic Buffer Overflow vulnerability in Dialog-Semiconductor Software Development KIT 1.0.14.1081/5.0.4 The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. | 5.7 |
2020-02-10 | CVE-2012-1994 | HP | Information Exposure vulnerability in HP Systems Insight Manager HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | 5.7 |
2020-02-14 | CVE-2019-6194 | Lenovo | XXE vulnerability in Lenovo Xclarity Administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | 5.5 |
2020-02-14 | CVE-2019-6190 | Lenovo | Improper Initialization vulnerability in Lenovo products Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | 5.5 |
2020-02-14 | CVE-2020-7251 | Mcafee | Incorrect Authorization vulnerability in Mcafee Endpoint Security Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | 5.5 |
2020-02-14 | CVE-2020-8992 | Linux Canonical Opensuse Netapp | Excessive Iteration vulnerability in multiple products ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | 5.5 |
2020-02-14 | CVE-2013-4792 | Prestashop | Cross-Site Request Forgery (CSRF) vulnerability in Prestashop PrestaShop before 1.4.11 allows logout CSRF. | 5.5 |
2020-02-13 | CVE-2013-6927 | Triplc | Unspecified vulnerability in Triplc Trilogi Server Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. | 5.5 |
2020-02-13 | CVE-2019-3998 | Simplisafe | Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.4 Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. | 5.5 |
2020-02-13 | CVE-2020-0023 | Missing Authorization vulnerability in Google Android 10.0 In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. | 5.5 | |
2020-02-13 | CVE-2020-0020 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 10.0 In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. | 5.5 | |
2020-02-13 | CVE-2020-0014 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. | 5.5 | |
2020-02-13 | CVE-2018-3987 | Rakuten | Information Exposure vulnerability in Rakuten Viber 9.3.0.6 An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. | 5.5 |
2020-02-12 | CVE-2020-1976 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. | 5.5 |
2020-02-12 | CVE-2013-4602 | Avira | Resource Exhaustion vulnerability in Avira products A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. | 5.5 |
2020-02-12 | CVE-2019-11867 | Realtek | NULL Pointer Dereference vulnerability in Realtek Ndis 10.1.505.2015 Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. | 5.5 |
2020-02-12 | CVE-2015-7890 | Samsung | Classic Buffer Overflow vulnerability in Samsung Galaxy S6 Edge Firmware Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | 5.5 |
2020-02-12 | CVE-2012-0810 | Linux | Resource Exhaustion vulnerability in Linux Kernel The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. | 5.5 |
2020-02-11 | CVE-2020-0756 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0755 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0748 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0746 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0744 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0736 | Microsoft | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0728 | Microsoft | Unspecified vulnerability in Microsoft products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0717 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0716 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0714 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0705 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0698 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0677 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0676 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0675 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2020-0658 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
2020-02-11 | CVE-2013-2213 | KDE | Use of a Broken or Risky Cryptographic Algorithm vulnerability in KDE Paste Applet The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | 5.5 |
2020-02-11 | CVE-2020-5826 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 5.5 |
2020-02-11 | CVE-2020-5825 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges. | 5.5 |
2020-02-11 | CVE-2020-5824 | Symantec | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable. | 5.5 |
2020-02-10 | CVE-2012-2204 | IBM | Unspecified vulnerability in IBM Infosphere Guardium 8.0.0/8.2.0 InfoSphere Guardium aix_ktap module: DoS | 5.5 |
2020-02-16 | CVE-2020-9016 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.0 Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. | 5.4 |
2020-02-16 | CVE-2020-9007 | Codologic | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8 Codoforum 4.8.8 allows self-XSS via the title of a new topic. | 5.4 |
2020-02-15 | CVE-2020-7050 | Codologic | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 5.4 |
2020-02-14 | CVE-2020-8594 | Ninjaforms | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22 The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | 5.4 |
2020-02-14 | CVE-2019-19757 | Lenovo | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. | 5.4 |
2020-02-14 | CVE-2013-4791 | Prestashop | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 5.4 |
2020-02-13 | CVE-2012-1903 | Telligent | Cross-site Scripting vulnerability in Telligent Community 5.6.583.20496 XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | 5.4 |
2020-02-13 | CVE-2012-1500 | Atlassian | Cross-site Scripting vulnerability in Atlassian Greenhopper and Jira Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | 5.4 |
2020-02-13 | CVE-2019-18791 | Lexmark | Cross-site Scripting vulnerability in Lexmark products Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. | 5.4 |
2020-02-13 | CVE-2020-5241 | Matestack | Cross-site Scripting vulnerability in Matestack Ui-Core matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. | 5.4 |
2020-02-12 | CVE-2020-6185 | SAP | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | 5.4 |
2020-02-12 | CVE-2019-4431 | IBM | Cross-site Scripting vulnerability in IBM Rational Publishing Engine 6.0.6/6.0.6.1 IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. | 5.4 |
2020-02-12 | CVE-2020-2122 | Jenkins | Cross-site Scripting vulnerability in Jenkins Brakeman Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | 5.4 |
2020-02-12 | CVE-2020-2113 | Jenkins | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 |
2020-02-12 | CVE-2020-2112 | Jenkins | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 |
2020-02-12 | CVE-2020-2111 | Jenkins | Cross-site Scripting vulnerability in Jenkins Subversion Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-02-11 | CVE-2020-0695 | Microsoft | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'. | 5.4 |
2020-02-11 | CVE-2020-0694 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-02-11 | CVE-2020-0693 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-02-11 | CVE-2014-3827 | Mybb | Cross-site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. | 5.4 |
2020-02-11 | CVE-2014-3826 | Mybb | Cross-site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | 5.4 |
2020-02-11 | CVE-2019-13924 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. | 5.4 |
2020-02-11 | CVE-2020-6412 | Google Opensuse | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 5.4 |
2020-02-11 | CVE-2020-6411 | Improper Input Validation vulnerability in Google Chrome Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 5.4 | |
2020-02-11 | CVE-2020-6394 | Google Opensuse Fedoraproject Debian Suse Redhat | Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 5.4 |
2020-02-11 | CVE-2019-18210 | Moodle | Cross-site Scripting vulnerability in Moodle Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. | 5.4 |
2020-02-10 | CVE-2019-19667 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | 5.4 |
2020-02-10 | CVE-2013-2108 | Undolog | Cross-Site Request Forgery (CSRF) vulnerability in Undolog Cleanfix 2.4.4 WordPress WP Cleanfix Plugin 2.4.4 has CSRF | 5.4 |
2020-02-10 | CVE-2020-8089 | Piwigo | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | 5.4 |
2020-02-10 | CVE-2020-1697 | Redhat | Cross-site Scripting vulnerability in Redhat Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. | 5.4 |
2020-02-10 | CVE-2012-6449 | Cpanel | Cross-site Scripting vulnerability in Cpanel and WHM The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | 5.4 |
2020-02-10 | CVE-2013-1353 | Orangehrm | Cross-site Scripting vulnerability in Orangehrm 2.7.1 Orange HRM 2.7.1 allows XSS via the vacancy name. | 5.4 |
2020-02-10 | CVE-2020-8825 | Vanillaforums | Cross-site Scripting vulnerability in Vanillaforums Vanilla 2.6.3 index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. | 5.4 |
2020-02-13 | CVE-2020-8989 | Voatz | Information Exposure Through Discrepancy vulnerability in Voatz 20200101 In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. | 5.3 |
2020-02-12 | CVE-2020-6189 | SAP | Information Exposure Through an Error Message vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. | 5.3 |
2020-02-12 | CVE-2020-7957 | Dovecot Fedoraproject | Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. | 5.3 |
2020-02-12 | CVE-2019-4741 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). | 5.3 |
2020-02-12 | CVE-2020-2119 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-02-11 | CVE-2020-3933 | Secom | Unspecified vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system. | 5.3 |
2020-02-12 | CVE-2020-6975 | Digi | Unrestricted Upload of File with Dangerous Type vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 4.9 |
2020-02-12 | CVE-2020-6187 | SAP | XXE vulnerability in SAP Netweaver Guided Procedures SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. | 4.9 |
2020-02-14 | CVE-2019-6195 | Lenovo | Improper Privilege Management vulnerability in Lenovo Xclarity Controller An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 4.8 |
2020-02-10 | CVE-2020-8822 | Digi | Cross-site Scripting vulnerability in Digi Transport Wr21 Firmware and Transport Wr44 Firmware Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | 4.8 |
2020-02-12 | CVE-2019-20100 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). | 4.7 |
2020-02-11 | CVE-2016-5710 | Netapp | Improper Restriction of Rendered UI Layers or Frames vulnerability in Netapp Snap Creator Framework NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | 4.6 |
2020-02-13 | CVE-2020-0018 | Information Exposure Through Log Files vulnerability in Google Android In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. | 4.4 | |
2020-02-13 | CVE-2020-0017 | Unspecified vulnerability in Google Android In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. | 4.4 | |
2020-02-16 | CVE-2020-9013 | Arvato | Improper Input Validation vulnerability in Arvato Skillpipe 3.0 Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. | 4.3 |
2020-02-16 | CVE-2020-8996 | Aishu | Path Traversal vulnerability in Aishu Anyshare Cloud 6.0.9 AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | 4.3 |
2020-02-14 | CVE-2019-15594 | Gitlab | Unspecified vulnerability in Gitlab GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. | 4.3 |
2020-02-14 | CVE-2019-15592 | Gitlab | Unspecified vulnerability in Gitlab GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. | 4.3 |
2020-02-14 | CVE-2018-21032 | Hitachi | Information Exposure Through an Error Message vulnerability in Hitachi products A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. | 4.3 |
2020-02-14 | CVE-2020-5532 | Extrun | Improper Authentication vulnerability in Extrun Ilbo ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors. | 4.3 |
2020-02-12 | CVE-2020-6177 | SAP | Improper Input Validation vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. | 4.3 |
2020-02-12 | CVE-2020-2128 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins ECX Copy Data Management Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2020-02-12 | CVE-2020-2127 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins BMC Release Package and Deployment 1.0/1.1 Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 |
2020-02-12 | CVE-2020-2126 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Digitalocean Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 |
2020-02-12 | CVE-2020-2125 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Debian Package Builder Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 |
2020-02-12 | CVE-2020-2124 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Dynamic Extended Choice Parameter 1.0.0/1.0.1 Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2020-02-12 | CVE-2020-2118 | Jenkins | Incorrect Default Permissions vulnerability in Jenkins Pipeline Github Notify Step A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
2020-02-12 | CVE-2020-2117 | Jenkins | Incorrect Default Permissions vulnerability in Jenkins Pipeline Github Notify Step A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
2020-02-12 | CVE-2019-20099 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). | 4.3 |
2020-02-12 | CVE-2019-20098 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). | 4.3 |
2020-02-11 | CVE-2020-0706 | Microsoft | Unspecified vulnerability in Microsoft Edge and Internet Explorer An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | 4.3 |
2020-02-11 | CVE-2020-6403 | Google Opensuse Fedoraproject Debian Suse Redhat | Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2020-02-11 | CVE-2020-6396 | Google Opensuse Fedoraproject Debian Suse Redhat | Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2020-02-11 | CVE-2020-6392 | Google Opensuse Fedoraproject Debian Suse Redhat | Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 |
2020-02-11 | CVE-2020-6391 | Google Opensuse Fedoraproject Debian Suse Redhat | Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. | 4.3 |
2020-02-10 | CVE-2019-6744 | Samsung | Improper Authentication vulnerability in Samsung Knox 1.2.02.39 This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. | 4.3 |
2020-02-10 | CVE-2019-19668 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | 4.3 |
2020-02-10 | CVE-2019-19666 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus FTP 8.2.9.1 A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. | 4.3 |
2020-02-11 | CVE-2020-0663 | Microsoft | Unspecified vulnerability in Microsoft Edge An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 4.2 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-02-14 | CVE-2020-8852 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. | 3.3 |
2020-02-11 | CVE-2020-5831 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 |
2020-02-11 | CVE-2020-5830 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 |
2020-02-11 | CVE-2020-5829 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 |
2020-02-11 | CVE-2020-5828 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 |
2020-02-11 | CVE-2020-5827 | Symantec | Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 |
2020-02-12 | CVE-2011-2343 | Information Exposure vulnerability in Google Android The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | 2.4 | |
2020-02-14 | CVE-2020-8991 | Redhat | Memory Leak vulnerability in Redhat Lvm2 2.02.00 vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. | 2.3 |
2020-02-13 | CVE-2019-4666 | IBM | Unspecified vulnerability in IBM Urbancode Build and Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. | 2.3 |