Weekly Vulnerabilities Reports > March 2 to 8, 2020
Overview
242 new vulnerabilities reported during this period, including 45 critical vulnerabilities and 66 high severity vulnerabilities. This weekly summary report vulnerabilities in 571 products from 100 vendors including Qualcomm, Dlink, Cisco, Canonical, and Mozilla. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Classic Buffer Overflow", "Information Exposure", and "OS Command Injection".
- 189 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 79 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 186 reported vulnerabilities are exploitable by an anonymous user.
- Qualcomm has the most reported vulnerabilities, with 47 reported vulnerabilities.
- Qualcomm has the most reported critical vulnerabilities, with 22 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
45 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-06 | CVE-2020-5328 | Dell | Missing Authentication for Critical Function vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. | 10.0 |
2020-03-05 | CVE-2019-2311 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-2300 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-14098 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-14097 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-14095 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9379, QCA9886, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-14086 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-14083 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-14045 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-14031 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-10612 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-10594 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-10593 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-10587 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-10586 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-03-05 | CVE-2019-10546 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 10.0 |
2020-03-05 | CVE-2019-10526 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130 | 10.0 |
2020-03-04 | CVE-2020-9054 | Zyxel | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 10.0 |
2020-03-08 | CVE-2020-10225 | Phpgurukul | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul JOB Portal 1.0 An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. | 9.8 |
2020-03-08 | CVE-2020-10224 | Phpgurukul | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Online Book Store 1.0 An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. | 9.8 |
2020-03-06 | CVE-2020-10189 | Zohocorp | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. | 9.8 |
2020-03-06 | CVE-2020-10188 | Netkit Telnet Project Fedoraproject Debian Arista Oracle Juniper | Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. | 9.8 |
2020-03-04 | CVE-2020-9477 | Humaxdigital | Cleartext Transmission of Sensitive Information vulnerability in Humaxdigital Hga12R-02 Firmware Brgcaa1.1.53 An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. | 9.8 |
2020-03-02 | CVE-2020-10018 | Webkitgtk Wpewebkit Fedoraproject Debian Canonical Opensuse | Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 9.8 |
2020-03-02 | CVE-2019-14893 | Fasterxml Netapp Oracle | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. | 9.8 |
2020-03-02 | CVE-2020-1731 | Redhat | Use of Insufficiently Random Values vulnerability in Redhat Keycloak Operator 8.0.0/8.0.1 A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace. | 9.8 |
2020-03-02 | CVE-2019-14892 | Fasterxml Redhat Apache | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
2020-03-02 | CVE-2020-9548 | Fasterxml Netapp Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | 9.8 |
2020-03-02 | CVE-2020-9547 | Fasterxml Netapp Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | 9.8 |
2020-03-02 | CVE-2020-9546 | Fasterxml Netapp Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | 9.8 |
2020-03-05 | CVE-2019-14082 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150 | 9.4 |
2020-03-05 | CVE-2019-10577 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 9.4 |
2020-03-05 | CVE-2019-10554 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.4 |
2020-03-05 | CVE-2019-10553 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.4 |
2020-03-05 | CVE-2019-10552 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.4 |
2020-03-05 | CVE-2019-10550 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.4 |
2020-03-06 | CVE-2020-5327 | Dell | Deserialization of Untrusted Data vulnerability in Dell Security Management Server 10.2.0 Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. | 9.3 |
2020-03-04 | CVE-2020-3128 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2020-03-04 | CVE-2020-3127 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
2020-03-05 | CVE-2020-9370 | Humaxdigital | Session Fixation vulnerability in Humaxdigital Hga12R-02 Firmware 1.1.53 HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. | 9.1 |
2020-03-07 | CVE-2020-10216 | Dlink Trendnet | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
2020-03-07 | CVE-2020-10215 | Dlink Trendnet | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
2020-03-07 | CVE-2020-10214 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-825 Firmware 2.10 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
2020-03-07 | CVE-2020-10213 | Dlink Trendnet | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 9.0 |
2020-03-05 | CVE-2020-10173 | Comtrend | OS Command Injection vulnerability in Comtrend Vr-3033 Firmware De11416Ssgc01R02.A2Pvi042J1.D26M Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. | 9.0 |
66 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-08 | CVE-2020-10221 | Rconfig | OS Command Injection vulnerability in Rconfig lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | 8.8 |
2020-03-05 | CVE-2020-9402 | Djangoproject Debian Fedoraproject Netapp Canonical | SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. | 8.8 |
2020-03-02 | CVE-2019-17026 | Mozilla Canonical | Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. | 8.8 |
2020-03-02 | CVE-2020-9535 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. | 8.8 |
2020-03-02 | CVE-2020-9534 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-615Jx10 Firmware fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. | 8.8 |
2020-03-04 | CVE-2020-5535 | Plathome | OS Command Injection vulnerability in Plathome Openblocks IOT VX2 Firmware OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.3 |
2020-03-06 | CVE-2020-7212 | Python | Resource Exhaustion vulnerability in Python Urllib3 The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. | 7.8 |
2020-03-05 | CVE-2020-6986 | Omron | Resource Exhaustion vulnerability in Omron PLC CJ1 Firmware and PLC CJ2 Firmware In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. | 7.8 |
2020-03-05 | CVE-2019-20501 | Dlink | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
2020-03-05 | CVE-2019-20500 | Dlink | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |
2020-03-05 | CVE-2019-20499 | Dlink | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 |
2020-03-05 | CVE-2019-14061 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.8 |
2020-03-05 | CVE-2019-10591 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.8 |
2020-03-05 | CVE-2019-10549 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | 7.8 |
2020-03-02 | CVE-2019-18897 | Suse Opensuse | Link Following vulnerability in multiple products A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. | 7.8 |
2020-03-02 | CVE-2020-9549 | Pdfresurrect Project Debian | Out-of-bounds Write vulnerability in multiple products In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. | 7.8 |
2020-03-07 | CVE-2020-10220 | Rconfig | SQL Injection vulnerability in Rconfig An issue was discovered in rConfig through 3.9.4. | 7.5 |
2020-03-07 | CVE-2020-10212 | Tecrail | Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4/9.14.0 upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. | 7.5 |
2020-03-06 | CVE-2020-10111 | Citrix | HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. | 7.5 |
2020-03-06 | CVE-2020-8113 | Gitlab | Improper Privilege Management vulnerability in Gitlab GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. | 7.5 |
2020-03-05 | CVE-2019-17647 | Centreon | SQL Injection vulnerability in Centreon An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. | 7.5 |
2020-03-05 | CVE-2020-10180 | Eset | Improper Input Validation vulnerability in Eset products The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. | 7.5 |
2020-03-05 | CVE-2020-9380 | Whmcssmarters | Unrestricted Upload of File with Dangerous Type vulnerability in Whmcssmarters web TV Player 20200222 IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. | 7.5 |
2020-03-05 | CVE-2020-10106 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.0 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. | 7.5 |
2020-03-04 | CVE-2020-8659 | Cncf Redhat Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. | 7.5 |
2020-03-04 | CVE-2020-9550 | Rubetek | Cleartext Transmission of Sensitive Information vulnerability in Rubetek Smarthome Firmware 2020 Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely. | 7.5 |
2020-03-04 | CVE-2020-9476 | Commscope | Inadequate Encryption Strength vulnerability in Commscope Arris Tg1692A Firmware 9.1.103De2 ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | 7.5 |
2020-03-04 | CVE-2019-19226 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | 7.5 |
2020-03-04 | CVE-2019-19225 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | 7.5 |
2020-03-04 | CVE-2019-19224 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | 7.5 |
2020-03-04 | CVE-2019-19223 | Dlink | HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03 A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | 7.5 |
2020-03-04 | CVE-2020-9761 | Unctad | Inadequate Encryption Strength vulnerability in Unctad Asycuda World An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. | 7.5 |
2020-03-04 | CVE-2020-9757 | Craftcms | Injection vulnerability in Craftcms Craft CMS The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | 7.5 |
2020-03-02 | CVE-2018-16357 | Pbootcms | SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. | 7.5 |
2020-03-02 | CVE-2018-16356 | Pbootcms | SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. | 7.5 |
2020-03-02 | CVE-2019-19608 | Mitel | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. | 7.5 |
2020-03-02 | CVE-2019-19607 | Mitel | SQL Injection vulnerability in Mitel Micollab Audio, web & Video Conferencing A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. | 7.5 |
2020-03-02 | CVE-2019-18903 | Opensuse Suse | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 7.5 |
2020-03-02 | CVE-2019-18902 | Opensuse Suse | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 7.5 |
2020-03-02 | CVE-2019-20488 | Netgear | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 7.5 |
2020-03-03 | CVE-2020-1734 | Redhat | OS Command Injection vulnerability in Redhat Ansible Engine and Ansible Tower A flaw was found in the pipe lookup plugin of ansible. | 7.4 |
2020-03-07 | CVE-2020-8635 | Wftpserver | Improper Privilege Management vulnerability in Wftpserver Wing FTP Server 6.2.3 Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. | 7.2 |
2020-03-07 | CVE-2020-8634 | Wftpserver | Improper Preservation of Permissions vulnerability in Wftpserver Wing FTP Server 6.2.3 Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. | 7.2 |
2020-03-05 | CVE-2020-8994 | MI | Insufficiently Protected Credentials vulnerability in MI Mdz-25-Dt Firmware 1.34.36/1.40.14 An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. | 7.2 |
2020-03-05 | CVE-2019-14085 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130 | 7.2 |
2020-03-05 | CVE-2019-14079 | Qualcomm | Use of Uninitialized Resource vulnerability in Qualcomm products Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8953, QCA6574AU, QCS605, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SM8150, SXR1130 | 7.2 |
2020-03-05 | CVE-2019-14068 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, MDM9607, MSM8905, MSM8909W, Nicobar, QCS405, QCS605, Rennell, Saipan, SDM429W, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14050 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. | 7.2 |
2020-03-05 | CVE-2019-14032 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14030 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, Rennell, SC8180X, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14029 | Qualcomm | Use After Free vulnerability in Qualcomm products Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14028 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14027 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow due to lack of upper bound check on channel length which is used for a loop. | 7.2 |
2020-03-05 | CVE-2019-14026 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-14015 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided. | 7.2 |
2020-03-05 | CVE-2019-14000 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potential information leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-10604 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-03-05 | CVE-2019-10603 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130 | 7.2 |
2020-03-05 | CVE-2019-10569 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 7.2 |
2020-03-05 | CVE-2018-11838 | Qualcomm | Double Free vulnerability in Qualcomm products Possible double free issue in WLAN due to lack of checking memory free condition. | 7.2 |
2020-03-04 | CVE-2020-3176 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 7.2 |
2020-03-03 | CVE-2019-19792 | Eset | Incorrect Default Permissions vulnerability in Eset Cyber Security A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | 7.2 |
2020-03-03 | CVE-2019-3695 | Opensuse Suse | Code Injection vulnerability in Opensuse PCP A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. | 7.2 |
2020-03-02 | CVE-2020-8500 | Artica | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.42 In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. | 7.2 |
2020-03-02 | CVE-2018-5951 | Mikrotik | Unspecified vulnerability in Mikrotik Routeros An issue was discovered in Mikrotik RouterOS. | 7.1 |
2020-03-05 | CVE-2020-10174 | Timeshift Project Fedoraproject Canonical | Link Following vulnerability in multiple products init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. | 7.0 |
107 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-07 | CVE-2020-9470 | Wftpserver | Missing Encryption of Sensitive Data vulnerability in Wftpserver Wing FTP Server An issue was discovered in Wing FTP Server 6.2.5 before February 2020. | 6.9 |
2020-03-05 | CVE-2019-14072 | Qualcomm | Use After Free vulnerability in Qualcomm products Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 6.9 |
2020-03-05 | CVE-2019-14071 | Qualcomm | Unspecified vulnerability in Qualcomm products Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ6018, MDM9205, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 6.9 |
2020-03-02 | CVE-2017-12580 | Ultraedit | Untrusted Search Path vulnerability in Ultraedit An issue was discovered in IDM UltraEdit through 24.10.0.32. | 6.9 |
2020-03-06 | CVE-2020-9454 | Metagauss | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrationmagic A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | 6.8 |
2020-03-05 | CVE-2020-10185 | Yubico | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 6.8 |
2020-03-05 | CVE-2019-17642 | Centreon | Cross-Site Request Forgery (CSRF) vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. | 6.8 |
2020-03-04 | CVE-2020-9372 | Codepeople | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. | 6.8 |
2020-03-04 | CVE-2020-10057 | Metalgenix | Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms 1.1.7 GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. | 6.8 |
2020-03-04 | CVE-2020-7988 | Phpipam | Cross-Site Request Forgery (CSRF) vulnerability in PHPipam 1.4 An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. | 6.8 |
2020-03-02 | CVE-2018-20343 | Advsys | Classic Buffer Overflow vulnerability in Advsys Build Engine 1.0 Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. | 6.8 |
2020-03-02 | CVE-2019-20487 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 6.8 |
2020-03-02 | CVE-2015-1583 | Atutor | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 6.8 |
2020-03-02 | CVE-2020-6801 | Mozilla Canonical | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 72. | 6.8 |
2020-03-02 | CVE-2020-6800 | Mozilla Canonical | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. | 6.8 |
2020-03-02 | CVE-2020-6796 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. | 6.8 |
2020-03-05 | CVE-2019-14081 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ8074, MSM8998, QCA8081, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130 | 6.6 |
2020-03-06 | CVE-2019-20503 | Usrsctp Project Debian Canonical | Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | 6.5 |
2020-03-06 | CVE-2020-9458 | Metagauss | Missing Authorization vulnerability in Metagauss Registrationmagic In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | 6.5 |
2020-03-06 | CVE-2020-9457 | Metagauss | Missing Authorization vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | 6.5 |
2020-03-06 | CVE-2020-9456 | Metagauss | Missing Authorization vulnerability in Metagauss Registrationmagic In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | 6.5 |
2020-03-05 | CVE-2019-14886 | Redhat | Cleartext Storage of Sensitive Information vulnerability in Redhat Decision Manager and Process Automation Manager A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. | 6.5 |
2020-03-05 | CVE-2019-20107 | Testlink | SQL Injection vulnerability in Testlink Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. | 6.5 |
2020-03-02 | CVE-2018-19798 | Fleetco | Unrestricted Upload of File with Dangerous Type vulnerability in Fleetco Fleet Maintenance Management 1.2 Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. | 6.5 |
2020-03-02 | CVE-2020-5249 | Puma | Injection vulnerability in Puma In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. | 6.5 |
2020-03-02 | CVE-2018-17058 | Jaba | Unrestricted Upload of File with Dangerous Type vulnerability in Jaba Xpress 20180914 An issue was discovered in JABA XPress Online Shop through 2018-09-14. | 6.5 |
2020-03-04 | CVE-2020-3181 | Cisco | Resource Exhaustion vulnerability in Cisco Email Security Appliance A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. | 6.4 |
2020-03-03 | CVE-2020-1892 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. | 6.4 | |
2020-03-03 | CVE-2020-9751 | Naver | Download of Code Without Integrity Check vulnerability in Naver Cloud Explorer Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | 6.4 |
2020-03-02 | CVE-2020-5539 | Grandit | Authorization Bypass Through User-Controlled Key vulnerability in Grandit GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors. | 6.4 |
2020-03-07 | CVE-2020-9281 | Ckeditor Fedoraproject Drupal Oracle | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
2020-03-08 | CVE-2020-10223 | Gonitro | Out-of-bounds Write vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | 5.8 |
2020-03-08 | CVE-2020-10222 | Gonitro | Out-of-bounds Write vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | 5.8 |
2020-03-04 | CVE-2020-3155 | Cisco | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. | 5.8 |
2020-03-04 | CVE-2020-5536 | Plathome | Improper Authentication vulnerability in Plathome Openblocks IOT VX2 Firmware OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors. | 5.8 |
2020-03-04 | CVE-2020-10029 | GNU Fedoraproject Canonical Opensuse Netapp Debian | Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. | 5.5 |
2020-03-02 | CVE-2019-18901 | Suse Opensuse | Link Following vulnerability in multiple products A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. | 5.5 |
2020-03-06 | CVE-2020-10112 | Citrix | HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. | 5.4 |
2020-03-04 | CVE-2019-19222 | Dlink | Cross-site Scripting vulnerability in Dlink Dsl-2680 Firmware 1.03 A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | 5.4 |
2020-03-06 | CVE-2020-10110 | Citrix | Unspecified vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. | 5.3 |
2020-03-04 | CVE-2020-9364 | Creative Solutions | Path Traversal vulnerability in Creative-Solutions Creative Contact Form 4.6.2 An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. | 5.3 |
2020-03-02 | CVE-2020-6799 | Mozilla | Argument Injection or Modification vulnerability in Mozilla Firefox Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. | 5.1 |
2020-03-06 | CVE-2020-10193 | Eset | Improper Input Validation vulnerability in Eset products ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. | 5.0 |
2020-03-05 | CVE-2020-10184 | Yubico | SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. | 5.0 |
2020-03-05 | CVE-2019-20502 | Echatserver | Classic Buffer Overflow vulnerability in Echatserver Easy Chat Server 3.1 An issue was discovered in EFS Easy Chat Server 3.1. | 5.0 |
2020-03-05 | CVE-2019-17646 | Centreon | Information Exposure vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. | 5.0 |
2020-03-05 | CVE-2019-17645 | Centreon | Information Exposure vulnerability in Centreon An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. | 5.0 |
2020-03-05 | CVE-2020-9544 | D Link | Improper Authentication vulnerability in D-Link Dsl-2640B Firmware E1Eu1.01 An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. | 5.0 |
2020-03-05 | CVE-2019-2317 | Qualcomm | Use of Insufficiently Random Values vulnerability in Qualcomm products The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | 5.0 |
2020-03-05 | CVE-2020-10105 | Zammad | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
2020-03-05 | CVE-2020-10101 | Zammad | Improper Input Validation vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
2020-03-05 | CVE-2020-10097 | Zammad | Information Exposure Through an Error Message vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
2020-03-05 | CVE-2020-10096 | Zammad | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
2020-03-04 | CVE-2020-8660 | Envoyproxy | Insufficient Verification of Data Authenticity vulnerability in Envoyproxy Envoy CNCF Envoy through 1.13.0 TLS inspector bypass. | 5.0 |
2020-03-04 | CVE-2019-17644 | Centreon | Information Exposure vulnerability in Centreon An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. | 5.0 |
2020-03-04 | CVE-2019-17643 | Centreon | Information Exposure vulnerability in Centreon An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. | 5.0 |
2020-03-04 | CVE-2020-8664 | Cncf | Incorrect Authorization vulnerability in Cncf Envoy 1.13.0 CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. | 5.0 |
2020-03-04 | CVE-2020-8661 | Cncf Redhat | Resource Exhaustion vulnerability in multiple products CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | 5.0 |
2020-03-04 | CVE-2020-7130 | HP | Information Exposure vulnerability in HP Oneview Global Dashboard 1.9 HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. | 5.0 |
2020-03-04 | CVE-2020-3193 | Cisco | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. | 5.0 |
2020-03-04 | CVE-2020-3190 | Cisco | Resource Exhaustion vulnerability in Cisco IOS XR A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. | 5.0 |
2020-03-04 | CVE-2020-3164 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. | 5.0 |
2020-03-04 | CVE-2020-5251 | Parseplatform | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.0 |
2020-03-04 | CVE-2019-3404 | 360 | Unspecified vulnerability in 360 F5C Router Firmware and P0 Router Firmware By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. | 5.0 |
2020-03-03 | CVE-2020-5403 | Pivotal | Improper Handling of Exceptional Conditions vulnerability in Pivotal Reactor Netty 0.9.3/0.9.4 Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. | 5.0 |
2020-03-03 | CVE-2020-1893 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. | 5.0 | |
2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 5.0 | |
2020-03-02 | CVE-2020-8437 | Bittorrent | NULL Pointer Dereference vulnerability in Bittorrent Utorrent The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service. | 5.0 |
2020-03-02 | CVE-2018-15819 | Easyio | Improper Authentication vulnerability in Easyio 30P Firmware 2.0.5.16 EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js. | 5.0 |
2020-03-02 | CVE-2019-20489 | Netgear | Improper Authentication vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 5.0 |
2020-03-02 | CVE-2019-12183 | Safescan | Improper Privilege Management vulnerability in Safescan products Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. | 5.0 |
2020-03-02 | CVE-2020-4292 | IBM | Information Exposure vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. | 5.0 |
2020-03-02 | CVE-2020-4283 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 5.0 |
2020-03-02 | CVE-2020-9545 | Palemoon | NULL Pointer Dereference vulnerability in Palemoon Pale Moon 28.8.0/28.8.2 Pale Moon 28.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site. | 5.0 |
2020-03-05 | CVE-2020-5250 | Prestashop | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 4.9 |
2020-03-05 | CVE-2019-10616 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. | 4.9 |
2020-03-03 | CVE-2020-5404 | Pivotal | Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. | 4.9 |
2020-03-04 | CVE-2020-9371 | Codepeople | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. | 4.8 |
2020-03-06 | CVE-2020-9756 | Patriotmemory | Improper Privilege Management vulnerability in Patriotmemory Viper RGB Firmware 1.0/1.1 Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. | 4.6 |
2020-03-05 | CVE-2020-6971 | Emerson | Improper Privilege Management vulnerability in Emerson Valvelink 12.0.264/13.4.118 In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | 4.6 |
2020-03-05 | CVE-2020-5957 | Nvidia | Improper Privilege Management vulnerability in Nvidia Geforce Experience, Quadro Firmware and Tesla Firmware NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | 4.6 |
2020-03-05 | CVE-2020-4278 | IBM | Improper Privilege Management vulnerability in IBM products IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. | 4.6 |
2020-03-05 | CVE-2019-14048 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm Sm8150 Firmware Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in SM8150 | 4.6 |
2020-03-02 | CVE-2020-9540 | Sophos | Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | 4.6 |
2020-03-05 | CVE-2020-9418 | Redsoftware | Untrusted Search Path vulnerability in Redsoftware Pdfescape 4.0.22 An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | 4.4 |
2020-03-03 | CVE-2019-3696 | Opensuse Suse | Path Traversal vulnerability in Opensuse PCP A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. | 4.4 |
2020-03-06 | CVE-2020-9531 | MI | Unspecified vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 4.3 |
2020-03-06 | CVE-2020-9530 | MI | Information Exposure vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 4.3 |
2020-03-05 | CVE-2020-5405 | Vmware | Path Traversal vulnerability in VMWare Spring Cloud Config Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 4.3 |
2020-03-04 | CVE-2020-3192 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
2020-03-04 | CVE-2020-3148 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Network Registrar A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 4.3 |
2020-03-02 | CVE-2018-15820 | Easyio | Cross-site Scripting vulnerability in Easyio 30P Firmware 2.0.5.16 EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. | 4.3 |
2020-03-02 | CVE-2019-19371 | Mitel | Cross-site Scripting vulnerability in Mitel Micollab Audio, web & Video Conferencing A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. | 4.3 |
2020-03-02 | CVE-2019-19370 | Mitel | Cross-site Scripting vulnerability in Mitel Micollab 8.1.2.1 A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. | 4.3 |
2020-03-02 | CVE-2019-18863 | Mitel | Cleartext Transmission of Sensitive Information vulnerability in Mitel products A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. | 4.3 |
2020-03-02 | CVE-2019-20486 | Netgear | Cross-site Scripting vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 4.3 |
2020-03-02 | CVE-2020-6798 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. | 4.3 |
2020-03-02 | CVE-2020-6797 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. | 4.3 |
2020-03-02 | CVE-2020-6795 | Mozilla | NULL Pointer Dereference vulnerability in Mozilla Thunderbird When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. | 4.3 |
2020-03-02 | CVE-2020-6794 | Mozilla Canonical | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 4.3 |
2020-03-02 | CVE-2020-6793 | Mozilla | Use of Uninitialized Resource vulnerability in Mozilla Thunderbird When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. | 4.3 |
2020-03-02 | CVE-2020-6792 | Mozilla Canonical | Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. | 4.3 |
2020-03-07 | CVE-2020-8439 | Monstra | Missing Authorization vulnerability in Monstra Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | 4.0 |
2020-03-06 | CVE-2020-9455 | Metagauss | Missing Authorization vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | 4.0 |
2020-03-05 | CVE-2020-10104 | Zammad | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 4.0 |
2020-03-05 | CVE-2020-10100 | Zammad | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 4.0 |
2020-03-03 | CVE-2019-17549 | Eset | Unspecified vulnerability in Eset Cyber Security ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. | 4.0 |
24 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-06 | CVE-2019-19773 | Lexmark | Cross-site Scripting vulnerability in Lexmark products Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. | 3.5 |
2020-03-06 | CVE-2019-19772 | Lexmark | Cross-site Scripting vulnerability in Lexmark products Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. | 3.5 |
2020-03-05 | CVE-2020-4082 | Hcltech | Cross-site Scripting vulnerability in Hcltech Connections 5.5 The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 3.5 |
2020-03-05 | CVE-2019-20382 | Qemu Opensuse Debian Canonical | Memory Leak vulnerability in multiple products QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | 3.5 |
2020-03-05 | CVE-2020-10107 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Daily Expense Tracker System 1.0 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. | 3.5 |
2020-03-05 | CVE-2020-10103 | Zammad | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad 3.0 through 3.2. | 3.5 |
2020-03-05 | CVE-2020-10102 | Zammad | Information Exposure Through Discrepancy vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 3.5 |
2020-03-05 | CVE-2020-10099 | Zammad | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad 3.0 through 3.2. | 3.5 |
2020-03-05 | CVE-2020-10098 | Zammad | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad 3.0 through 3.2. | 3.5 |
2020-03-04 | CVE-2020-3185 | Cisco | Cross-site Scripting vulnerability in Cisco Telepresence Management Suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 3.5 |
2020-03-04 | CVE-2020-3157 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 3.5 |
2020-03-03 | CVE-2020-4198 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2020-03-03 | CVE-2020-4196 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2020-03-02 | CVE-2018-19658 | Evernote | Cross-site Scripting vulnerability in Evernote Yinxiang Biji The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. | 3.5 |
2020-03-02 | CVE-2018-19599 | Monstra | Cross-site Scripting vulnerability in Monstra CMS 1.6 Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. | 3.5 |
2020-03-02 | CVE-2018-17572 | Influxdata | Cross-site Scripting vulnerability in Influxdata Influxdb InfluxDB 0.9.5 has Reflected XSS in the Write Data module. | 3.5 |
2020-03-02 | CVE-2020-8778 | Alfresco | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | 3.5 |
2020-03-02 | CVE-2020-8777 | Alfresco | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | 3.5 |
2020-03-02 | CVE-2020-8776 | Alfresco | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | 3.5 |
2020-03-02 | CVE-2018-14384 | Seopanel | Cross-site Scripting vulnerability in Seopanel SEO Panel The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | 3.5 |
2020-03-04 | CVE-2020-3182 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings 40.1.8.5 A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. | 3.3 |
2020-03-02 | CVE-2020-8013 | Suse Opensuse | Link Following vulnerability in multiple products A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. | 2.5 |
2020-03-05 | CVE-2020-4083 | Hcltech | Information Exposure Through Log Files vulnerability in Hcltech Connections 6.5 HCL Connections 6.5 is vulnerable to possible information leakage. | 2.1 |
2020-03-03 | CVE-2020-4197 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |