Weekly Vulnerabilities Reports > March 9 to 15, 2020
Overview
657 new vulnerabilities reported during this period, including 74 critical vulnerabilities and 256 high severity vulnerabilities. This weekly summary report vulnerabilities in 2327 products from 139 vendors including Chadhaajay, Microsoft, Google, Gitlab, and Wago. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", "OS Command Injection", and "Out-of-bounds Read".
- 465 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities have public exploit available.
- 234 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 293 reported vulnerabilities are exploitable by an anonymous user.
- Chadhaajay has the most reported vulnerabilities, with 118 reported vulnerabilities.
- Gitlab has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
74 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-13 | CVE-2020-1953 | Apache Oracle | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. | 10.0 |
2020-03-12 | CVE-2020-0796 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | 10.0 |
2020-03-15 | CVE-2020-7607 | Gulp Styledocco Project | OS Command Injection vulnerability in Gulp-Styledocco Project Gulp-Styledocco 0.0.1/0.0.2/0.0.3 gulp-styledocco through 0.0.3 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7606 | Docker Compose Remote API Project | OS Command Injection vulnerability in Docker-Compose-Remote-Api Project Docker-Compose-Remote-Api docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7605 | Gulp Tape Project | OS Command Injection vulnerability in Gulp-Tape Project Gulp-Tape gulp-tape through 1.0.0 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7604 | Pulverizr Project | OS Command Injection vulnerability in Pulverizr Project Pulverizr 0.5.0/0.5.1/0.7.0 pulverizr through 0.7.0 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7603 | Closure Compiler Stream Project | OS Command Injection vulnerability in Closure-Compiler-Stream Project Closure-Compiler-Stream closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7602 | Node Prompt Here Project | OS Command Injection vulnerability in Node-Prompt-Here Project Node-Prompt-Here 1.0.1 node-prompt-here through 1.0.1 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-7601 | Gulp Scss Lint Project | OS Command Injection vulnerability in Gulp-Scss-Lint Project Gulp-Scss-Lint gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. | 9.8 |
2020-03-15 | CVE-2020-0086 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. | 9.8 | |
2020-03-14 | CVE-2020-10574 | Meetecho | Use of Incorrectly-Resolved Name or Reference vulnerability in Meetecho Janus An issue was discovered in Janus through 0.9.1. | 9.8 |
2020-03-14 | CVE-2020-10571 | PSD Tools Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Psd-Tools Project Psd-Tools An issue was discovered in psd-tools before 1.9.4. | 9.8 |
2020-03-14 | CVE-2020-10567 | Tecrail | Improper Input Validation vulnerability in Tecrail Responsive Filemanager An issue was discovered in Responsive Filemanager through 9.14.0. | 9.8 |
2020-03-13 | CVE-2020-10564 | Iptanus | Path Traversal vulnerability in Iptanus Wordpress File Upload An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. | 9.8 |
2020-03-13 | CVE-2020-10563 | Devome | SQL Injection vulnerability in Devome GRR An issue was discovered in DEVOME GRR before 3.4.1c. | 9.8 |
2020-03-13 | CVE-2019-14310 | Ricoh | Out-of-bounds Write vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). | 9.8 |
2020-03-13 | CVE-2019-14299 | Ricoh | Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. | 9.8 |
2020-03-13 | CVE-2019-13202 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 9.8 |
2020-03-13 | CVE-2019-13201 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. | 9.8 |
2020-03-13 | CVE-2019-13197 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 9.8 |
2020-03-13 | CVE-2019-13192 | Brother | Out-of-bounds Write vulnerability in Brother products Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. | 9.8 |
2020-03-13 | CVE-2019-13172 | Xerox | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | 9.8 |
2020-03-13 | CVE-2019-13171 | Xerox | Out-of-bounds Write vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. | 9.8 |
2020-03-13 | CVE-2019-13169 | Xerox | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | 9.8 |
2020-03-13 | CVE-2019-13168 | Xerox | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. | 9.8 |
2020-03-13 | CVE-2019-13165 | Xerox | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. | 9.8 |
2020-03-13 | CVE-2020-10077 | Gitlab | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE 3.0 through 12.8.1 allows SSRF. | 9.8 |
2020-03-13 | CVE-2020-10074 | Gitlab | Unspecified vulnerability in Gitlab GitLab 10.1 through 12.8.1 has Incorrect Access Control. | 9.8 |
2020-03-13 | CVE-2019-13394 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | 9.8 |
2020-03-13 | CVE-2019-13204 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. | 9.8 |
2020-03-13 | CVE-2019-12182 | Safescan | Path Traversal vulnerability in Safescan products Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | 9.8 |
2020-03-13 | CVE-2020-10541 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. | 9.8 |
2020-03-12 | CVE-2020-10534 | Mediawiki | Incorrect Authorization vulnerability in Mediawiki In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. | 9.8 |
2020-03-12 | CVE-2019-17658 | Fortinet | Unquoted Search Path or Element vulnerability in Fortinet Forticlient An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | 9.8 |
2020-03-12 | CVE-2019-11343 | Torpedoquery | Unspecified vulnerability in Torpedoquery Torpedo Query Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. | 9.8 |
2020-03-12 | CVE-2020-0902 | Microsoft | Unspecified vulnerability in Microsoft Service Fabric An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'. | 9.8 |
2020-03-12 | CVE-2020-0690 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 9.8 |
2020-03-12 | CVE-2020-10109 | Twisted Fedoraproject Debian Canonical | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
2020-03-12 | CVE-2020-10108 | Twisted Fedoraproject Debian Canonical Oracle | HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. | 9.8 |
2020-03-11 | CVE-2019-10807 | Blamer Project | OS Command Injection vulnerability in Blamer Project Blamer Blamer versions prior to 1.0.1 allows execution of arbitrary commands. | 9.8 |
2020-03-11 | CVE-2020-1947 | Apache | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0 In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. | 9.8 |
2020-03-11 | CVE-2020-8540 | Zohocorp | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 9.8 |
2020-03-11 | CVE-2020-10181 | Sumavision | Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimedia Router Firmware 3.0.4.27 goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. | 9.8 |
2020-03-11 | CVE-2019-9099 | Moxa | Classic Buffer Overflow vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 9.8 |
2020-03-11 | CVE-2019-9096 | Moxa | Weak Password Requirements vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 9.8 |
2020-03-11 | CVE-2019-9095 | Moxa | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 9.8 |
2020-03-11 | CVE-2020-5203 | Fatfreeframework | Improper Input Validation vulnerability in Fatfreeframework Fat-Free Framework 3.7.1 In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. | 9.8 |
2020-03-11 | CVE-2020-10376 | Technicolor | Cleartext Transmission of Sensitive Information vulnerability in Technicolor Tc7337Net Firmware 08.89.17.23.03 Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. | 9.8 |
2020-03-10 | CVE-2020-6207 | SAP | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. | 9.8 |
2020-03-10 | CVE-2020-6198 | SAP | Cleartext Transmission of Sensitive Information vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. | 9.8 |
2020-03-10 | CVE-2019-7589 | Johnsoncontrols | Improper Input Validation vulnerability in Johnsoncontrols Entrapass 7.60 A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. | 9.8 |
2020-03-10 | CVE-2020-5253 | Nethack | Improper Privilege Management vulnerability in Nethack NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. | 9.8 |
2020-03-10 | CVE-2019-12443 | Gitlab | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. | 9.8 |
2020-03-10 | CVE-2019-12428 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. | 9.8 |
2020-03-10 | CVE-2018-14502 | Kibokolabs | SQL Injection vulnerability in Kibokolabs Chained Quiz controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | 9.8 |
2020-03-10 | CVE-2017-10992 | HP | Deserialization of Untrusted Data vulnerability in HP Storage Essentials 9.5.0.142 In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. | 9.8 |
2020-03-10 | CVE-2020-10257 | Themerex | Missing Authorization vulnerability in Themerex products The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. | 9.8 |
2020-03-09 | CVE-2020-10250 | Meinbwa | OS Command Injection vulnerability in Meinbwa Direx-Pro Firmware 1.2181 BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. | 9.8 |
2020-03-09 | CVE-2016-6918 | Lexmark | Unrestricted Upload of File with Dangerous Type vulnerability in Lexmark Markvision Enterprise 2.1/2.3.0 Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. | 9.8 |
2020-03-09 | CVE-2014-1634 | Magento | SQL Injection vulnerability in Magento Advanced Newsletter 2.3.4 SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | 9.8 |
2020-03-09 | CVE-2019-20504 | Quest | OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 9.8 |
2020-03-09 | CVE-2020-10232 | Sleuthkit Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | 9.8 |
2020-03-12 | CVE-2020-0872 | Microsoft | Cross-site Scripting vulnerability in Microsoft Application Inspector 1.0.23 A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'. | 9.6 |
2020-03-09 | CVE-2020-9758 | Livezilla | Cross-site Scripting vulnerability in Livezilla An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). | 9.6 |
2020-03-15 | CVE-2020-10594 | Styria | Improper Authentication vulnerability in Styria Django-Rest-Framework-Json web Tokens 1.15.0 An issue was discovered in drf-jwt 1.15.x before 1.15.1. | 9.1 |
2020-03-13 | CVE-2020-10083 | Gitlab | Improper Preservation of Permissions vulnerability in Gitlab GitLab 12.7 through 12.8.1 has Insecure Permissions. | 9.1 |
2020-03-13 | CVE-2020-1887 | Linuxfoundation | Improper Certificate Validation vulnerability in Linuxfoundation Osquery Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | 9.1 |
2020-03-11 | CVE-2019-5161 | Wago | Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 9.1 |
2020-03-11 | CVE-2019-5160 | Wago | Unspecified vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 9.1 |
2020-03-10 | CVE-2020-6203 | SAP | Path Traversal vulnerability in SAP Netweaver SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. | 9.1 |
2020-03-10 | CVE-2020-9044 | Johnsoncontrols | XXE vulnerability in Johnsoncontrols products XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. | 9.1 |
2020-03-09 | CVE-2020-10233 | Sleuthkit | Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. | 9.1 |
2020-03-13 | CVE-2019-18578 | Dell | Cross-site Scripting vulnerability in Dell Xtremio Management Server Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. | 9.0 |
2020-03-10 | CVE-2020-10255 | Samsung Micron Skhynix | Improper Input Validation vulnerability in multiple products Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. | 9.0 |
256 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-15 | CVE-2019-17654 | Fortinet | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | 8.8 |
2020-03-15 | CVE-2020-8141 | DOT Project | Code Injection vulnerability in DOT Project DOT 1.1.2 The dot package v1.1.2 uses Function() to compile templates. | 8.8 |
2020-03-14 | CVE-2020-10568 | Onthegosystems | Cross-Site Request Forgery (CSRF) vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6/4.3.7 The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. | 8.8 |
2020-03-13 | CVE-2019-13196 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 8.8 |
2020-03-13 | CVE-2019-13193 | Brother | Out-of-bounds Write vulnerability in Brother products Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. | 8.8 |
2020-03-13 | CVE-2019-13395 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. | 8.8 |
2020-03-13 | CVE-2019-13206 | Kyocera | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 8.8 |
2020-03-13 | CVE-2019-13203 | Kyocera | Integer Overflow or Wraparound vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 8.8 |
2020-03-13 | CVE-2020-10540 | Untis | Cross-Site Request Forgery (CSRF) vulnerability in Untis Webuntis Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules. | 8.8 |
2020-03-12 | CVE-2019-17653 | Fortinet | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortisiem 5.2.5 A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | 8.8 |
2020-03-12 | CVE-2020-0583 | Intel | Unspecified vulnerability in Intel Smart Sound Technology 3349/3431 Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. | 8.8 |
2020-03-12 | CVE-2020-10531 | ICU Project Redhat Fedoraproject Debian Canonical Opensuse Oracle Nodejs | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. | 8.8 |
2020-03-12 | CVE-2020-0883 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0881 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0869 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0850 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0816 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0809 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0807 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0801 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-0684 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
2020-03-12 | CVE-2020-9436 | Phoenixcontact | OS Command Injection vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | 8.8 |
2020-03-12 | CVE-2020-10478 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | 8.8 |
2020-03-11 | CVE-2019-10808 | Xcritical Software | Unspecified vulnerability in Xcritical.Software Utilitify 1.0.0/1.0.1/1.0.2 utilitify prior to 1.0.3 allows modification of object properties. | 8.8 |
2020-03-11 | CVE-2020-9408 | Tibco | Incorrect Default Permissions vulnerability in Tibco products The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. | 8.8 |
2020-03-11 | CVE-2019-9102 | Moxa | Use of Insufficiently Random Values vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 8.8 |
2020-03-10 | CVE-2020-0032 | Out-of-bounds Write vulnerability in Google Android In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. | 8.8 | |
2020-03-10 | CVE-2019-12430 | Gitlab | Command Injection vulnerability in Gitlab 11.11.0 An issue was discovered in GitLab Community and Enterprise Edition 11.11. | 8.8 |
2020-03-10 | CVE-2019-9859 | Vestacp | OS Command Injection vulnerability in Vestacp Vesta Control Panel Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. | 8.8 |
2020-03-09 | CVE-2020-10190 | Munkireport Project | SQL Injection vulnerability in Munkireport Project Munkireport An issue was discovered in MunkiReport before 5.3.0. | 8.8 |
2020-03-09 | CVE-2016-1487 | Lexmark | Deserialization of Untrusted Data vulnerability in Lexmark Markvision Enterprise 2.1 Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | 8.8 |
2020-03-09 | CVE-2015-7341 | Joobi | Unrestricted Upload of File with Dangerous Type vulnerability in Joobi Jnews 8.3.1 JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | 8.8 |
2020-03-09 | CVE-2015-7339 | Widgetfactorylimited | Unrestricted Upload of File with Dangerous Type vulnerability in Widgetfactorylimited JCE 2.5.0/2.5.1/2.5.2 JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | 8.8 |
2020-03-09 | CVE-2020-5256 | Bookstackapp | Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. | 8.8 |
2020-03-09 | CVE-2020-2159 | Jenkins | OS Command Injection vulnerability in Jenkins Cryptomove Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | 8.8 |
2020-03-09 | CVE-2020-2158 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Literate 0.1/0.2/1.0 Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
2020-03-09 | CVE-2020-2135 | Jenkins | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | 8.8 |
2020-03-09 | CVE-2020-2134 | Jenkins | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | 8.8 |
2020-03-09 | CVE-2020-10235 | Froxlor | Improper Encoding or Escaping of Output vulnerability in Froxlor An issue was discovered in Froxlor before 0.10.14. | 8.8 |
2020-03-10 | CVE-2020-5259 | Linuxfoundation | Injection vulnerability in Linuxfoundation Dojox In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. | 8.6 |
2020-03-13 | CVE-2020-5240 | Labdigital | Incorrect Authorization vulnerability in Labdigital Wagtail-2Fa In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. | 8.5 |
2020-03-12 | CVE-2020-9543 | Openstack | Incorrect Default Permissions vulnerability in Openstack Manila OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. | 8.3 |
2020-03-10 | CVE-2020-6208 | SAP | Use After Free vulnerability in SAP Crystal Reports 4.1/4.2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. | 8.2 |
2020-03-13 | CVE-2020-5257 | Thoughtbot | SQL Injection vulnerability in Thoughtbot Administrate In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. | 8.1 |
2020-03-13 | CVE-2020-10088 | Gitlab | Improper Privilege Management vulnerability in Gitlab GitLab 12.5 through 12.8.1 has Insecure Permissions. | 8.1 |
2020-03-12 | CVE-2020-8435 | Metagauss | SQL Injection vulnerability in Metagauss Registrationmagic 4.6.0.0 An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. | 8.1 |
2020-03-10 | CVE-2020-5254 | Nethack | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nethack In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. | 8.1 |
2020-03-10 | CVE-2019-17636 | Eclipse | Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. | 8.1 |
2020-03-12 | CVE-2020-0905 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | 8.0 |
2020-03-15 | CVE-2020-9290 | Fortinet | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 7.8 |
2020-03-15 | CVE-2020-9287 | Fortinet | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1 An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 7.8 |
2020-03-15 | CVE-2019-2089 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0 In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. | 7.8 | |
2020-03-15 | CVE-2020-10589 | V2Rayl Project | Improper Privilege Management vulnerability in V2Rayl Project V2Rayl 2.1.3 v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo. | 7.8 |
2020-03-15 | CVE-2020-10588 | V2Rayl Project | Improper Privilege Management vulnerability in V2Rayl Project V2Rayl 2.1.3 v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. | 7.8 |
2020-03-14 | CVE-2020-10587 | Antixlinux Mxlinux | antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | 7.8 |
2020-03-14 | CVE-2020-10566 | Freebsd | Classic Buffer Overflow vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | 7.8 |
2020-03-14 | CVE-2020-10565 | Freebsd | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. | 7.8 |
2020-03-12 | CVE-2020-8469 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0 Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | 7.8 |
2020-03-12 | CVE-2020-0565 | Intel | Uncontrolled Search Path Element vulnerability in Intel Graphics Driver Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-03-12 | CVE-2020-0546 | Intel | Unquoted Search Path or Element vulnerability in Intel Optane DC Persistent Memory Module Management 01.00.00.3455 Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. | 7.8 |
2020-03-12 | CVE-2020-0530 | Intel | Classic Buffer Overflow vulnerability in Intel products Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-03-12 | CVE-2020-0520 | Intel | Path Traversal vulnerability in Intel Graphics Driver Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. | 7.8 |
2020-03-12 | CVE-2020-0519 | Intel | Unspecified vulnerability in Intel Graphics Driver Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. | 7.8 |
2020-03-12 | CVE-2020-0515 | Intel | Uncontrolled Search Path Element vulnerability in Intel Graphics Driver Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access | 7.8 |
2020-03-12 | CVE-2020-0514 | Intel | Incorrect Default Permissions vulnerability in Intel Graphics Driver Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-03-12 | CVE-2020-0508 | Intel | Incorrect Default Permissions vulnerability in Intel Graphics Driver Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-03-12 | CVE-2020-0504 | Intel | Classic Buffer Overflow vulnerability in Intel Graphics Driver Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. | 7.8 |
2020-03-12 | CVE-2020-0898 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0897 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0896 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0892 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0887 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0877 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0868 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0867 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0866 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0865 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0864 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0861 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0860 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0858 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0857 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0855 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0852 | Microsoft | Unspecified vulnerability in Microsoft Office, Office Online Server and Sharepoint Server A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0851 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0849 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0845 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0844 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0843 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0842 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0841 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0840 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0834 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0822 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0819 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0814 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0810 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0808 | Microsoft | Improper Input Validation vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0806 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0804 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0803 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0802 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0800 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0799 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0798 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0797 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0793 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0791 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0788 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0787 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0783 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0781 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0780 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0778 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0777 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0776 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0773 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0772 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0771 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0770 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0769 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0763 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-0762 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. | 7.8 |
2020-03-12 | CVE-2020-7254 | Mcafee | Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | 7.8 |
2020-03-12 | CVE-2019-5181 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5180 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5179 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5178 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5171 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5170 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-12 | CVE-2019-5169 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5175 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5174 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5173 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5172 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2020-5958 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience, Quadro Firmware and Tesla Firmware NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure. | 7.8 |
2020-03-11 | CVE-2019-5168 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5167 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5166 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). | 7.8 |
2020-03-11 | CVE-2019-5159 | Wago | Exposure of Resource to Wrong Sphere vulnerability in Wago E!Cockpit 1.6.0.7 An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. | 7.8 |
2020-03-11 | CVE-2019-5158 | Wago | Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.6.1.5 An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. | 7.8 |
2020-03-11 | CVE-2020-1981 | Paloaltonetworks | Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. | 7.8 |
2020-03-11 | CVE-2020-1980 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. | 7.8 |
2020-03-11 | CVE-2020-1979 | Paloaltonetworks | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. | 7.8 |
2020-03-10 | CVE-2020-0085 | Missing Authorization vulnerability in Google Android 10.0 In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. | 7.8 | |
2020-03-10 | CVE-2020-0084 | Missing Authorization vulnerability in Google Android 10.0 In several functions of NotificationManagerService.java, there are missing permission checks. | 7.8 | |
2020-03-10 | CVE-2020-0054 | Missing Authorization vulnerability in Google Android 10.0 In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. | 7.8 | |
2020-03-10 | CVE-2020-0051 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0 In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. | 7.8 | |
2020-03-10 | CVE-2020-0046 | Out-of-bounds Write vulnerability in Google Android 10.0 In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2020-03-10 | CVE-2020-0069 | Google Huawei | Out-of-bounds Write vulnerability in multiple products In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. | 7.8 |
2020-03-10 | CVE-2020-0041 | Improper Input Validation vulnerability in Google Android In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. | 7.8 | |
2020-03-10 | CVE-2020-0036 | Incorrect Authorization vulnerability in Google Android In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. | 7.8 | |
2020-03-10 | CVE-2020-0033 | Out-of-bounds Write vulnerability in Google Android In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. | 7.8 | |
2020-03-09 | CVE-2020-5342 | Dell | Incorrect Default Permissions vulnerability in Dell Digital Delivery Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. | 7.8 |
2020-03-09 | CVE-2020-1737 | Redhat | Path Traversal vulnerability in Redhat Ansible Tower A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. | 7.8 |
2020-03-15 | CVE-2019-9474 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2020-03-15 | CVE-2019-9473 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2020-03-15 | CVE-2020-10591 | Walmart | Unspecified vulnerability in Walmart Concord An issue was discovered in Walmart Labs Concord before 1.44.0. | 7.5 |
2020-03-14 | CVE-2020-10578 | Q CMS | Unspecified vulnerability in Q-Cms Qcms 3.0.1 An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | 7.5 |
2020-03-14 | CVE-2020-10573 | Meetecho | Improper Locking vulnerability in Meetecho Janus An issue was discovered in Janus through 0.9.1. | 7.5 |
2020-03-13 | CVE-2019-19611 | Halvotec | Unspecified vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RaQuest 10.23.10801.0. | 7.5 |
2020-03-13 | CVE-2019-14309 | Ricoh | Use of Hard-coded Credentials vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices have a fixed password. | 7.5 |
2020-03-13 | CVE-2019-14303 | Ricoh | Unspecified vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). | 7.5 |
2020-03-13 | CVE-2019-13195 | Kyocera | Path Traversal vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | 7.5 |
2020-03-13 | CVE-2019-13194 | Brother | Missing Authentication for Critical Function vulnerability in Brother products Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. | 7.5 |
2020-03-13 | CVE-2019-13166 | Xerox | Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. | 7.5 |
2020-03-13 | CVE-2020-10073 | Gitlab | Unspecified vulnerability in Gitlab GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. | 7.5 |
2020-03-13 | CVE-2019-13393 | Netgear | Insecure Default Initialization of Resource vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. | 7.5 |
2020-03-13 | CVE-2019-13205 | Kyocera | Missing Authentication for Critical Function vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. | 7.5 |
2020-03-13 | CVE-2020-10089 | Gitlab | Uncontrolled Recursion vulnerability in Gitlab GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | 7.5 |
2020-03-13 | CVE-2020-10087 | Gitlab | Unspecified vulnerability in Gitlab GitLab before 12.8.2 allows Information Disclosure. | 7.5 |
2020-03-13 | CVE-2020-8571 | Netapp | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | 7.5 |
2020-03-12 | CVE-2020-1863 | Huawei | Out-of-bounds Read vulnerability in Huawei Usg6000V Firmware V500R001C20Spc300/V500R003C00Spc100/V500R005C00Spc100 Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. | 7.5 |
2020-03-12 | CVE-2015-3641 | Bitcoin | Unspecified vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. | 7.5 |
2020-03-12 | CVE-2020-10532 | Watchguard | Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | 7.5 |
2020-03-12 | CVE-2020-0876 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0848 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0847 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0833 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0832 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0831 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0830 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Internet Explorer A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0829 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0828 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0827 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0826 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0825 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0824 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0823 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0815 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2019 An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0813 | Microsoft | Unspecified vulnerability in Microsoft Chakracore and Edge An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0812 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0811 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0768 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0758 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server and Team Foundation Server An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-0645 | Microsoft | Unspecified vulnerability in Microsoft products A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'. | 7.5 |
2020-03-12 | CVE-2020-9464 | Beckhoff | Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. | 7.5 |
2020-03-12 | CVE-2020-9435 | Phoenixcontact | Use of Hard-coded Credentials vulnerability in Phoenixcontact products PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. | 7.5 |
2020-03-11 | CVE-2020-7943 | Puppet | Unspecified vulnerability in Puppet Server Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. | 7.5 |
2020-03-11 | CVE-2019-5149 | Wago | Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. | 7.5 |
2020-03-11 | CVE-2019-5134 | Wago | Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). | 7.5 |
2020-03-11 | CVE-2019-5107 | Wago | Cleartext Transmission of Sensitive Information vulnerability in Wago E!Cockpit 1.5.1.1 A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. | 7.5 |
2020-03-11 | CVE-2013-1753 | Python | Unspecified vulnerability in Python The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | 7.5 |
2020-03-11 | CVE-2019-9104 | Moxa | Insufficiently Protected Credentials vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 7.5 |
2020-03-11 | CVE-2019-9101 | Moxa | Cleartext Transmission of Sensitive Information vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 7.5 |
2020-03-11 | CVE-2019-9098 | Moxa | Integer Overflow or Wraparound vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 7.5 |
2020-03-10 | CVE-2020-6209 | SAP | Missing Authorization vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | 7.5 |
2020-03-10 | CVE-2020-6196 | SAP | Unspecified vulnerability in SAP Businessobjects Mobile 4.2 SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. | 7.5 |
2020-03-10 | CVE-2020-0062 | Information Exposure vulnerability in Google Android In Euicc, there is a possible information disclosure due to an included test Certificate. | 7.5 | |
2020-03-10 | CVE-2019-3553 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 7.5 | |
2020-03-10 | CVE-2019-11938 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 7.5 | |
2020-03-10 | CVE-2020-0083 | Unspecified vulnerability in Google Android 10.0 In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. | 7.5 | |
2020-03-10 | CVE-2020-0039 | Out-of-bounds Read vulnerability in Google Android In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. | 7.5 | |
2020-03-10 | CVE-2020-0038 | Out-of-bounds Read vulnerability in Google Android In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. | 7.5 | |
2020-03-10 | CVE-2020-0037 | Out-of-bounds Read vulnerability in Google Android In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2020-03-10 | CVE-2020-0034 | Google Debian | Out-of-bounds Read vulnerability in multiple products In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. | 7.5 |
2020-03-10 | CVE-2019-19281 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 7.5 |
2020-03-10 | CVE-2019-19279 | Siemens | Improper Input Validation vulnerability in Siemens Siprotec 4 and Siprotec Compact A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). | 7.5 |
2020-03-10 | CVE-2019-18336 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. | 7.5 |
2020-03-10 | CVE-2019-13121 | Gitlab | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. | 7.5 |
2020-03-10 | CVE-2012-1094 | Redhat | Information Exposure vulnerability in Redhat Jboss Application Server JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | 7.5 |
2020-03-10 | CVE-2019-13003 | Gitlab | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. | 7.5 |
2020-03-10 | CVE-2019-12446 | Gitlab | Information Exposure Through an Error Message vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. | 7.5 |
2020-03-10 | CVE-2019-12441 | Gitlab | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. | 7.5 |
2020-03-10 | CVE-2019-10705 | Westerndigital | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | 7.5 |
2020-03-10 | CVE-2018-18894 | Lexmark | Path Traversal vulnerability in Lexmark products Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | 7.5 |
2020-03-09 | CVE-2020-10248 | Meinbwa | Forced Browsing vulnerability in Meinbwa Direx-Pro Firmware 1.2181 BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | 7.5 |
2020-03-09 | CVE-2020-10244 | Jpaseto Project | Inadequate Encryption Strength vulnerability in Jpaseto Project Jpaseto 0.1.0/0.2.0 JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. | 7.5 |
2020-03-09 | CVE-2019-19614 | Halvotec | Injection vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RAQuest 10.23.10801.0. | 7.5 |
2020-03-09 | CVE-2011-3269 | Lexmark | Information Exposure vulnerability in Lexmark products Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | 7.5 |
2020-03-09 | CVE-2020-4217 | IBM | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Spectrum Scale The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. | 7.5 |
2020-03-09 | CVE-2020-8987 | Avast | Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. | 7.4 |
2020-03-09 | CVE-2020-2146 | Jenkins | Improper Verification of Cryptographic Signature vulnerability in Jenkins mac Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 7.4 |
2020-03-15 | CVE-2019-2216 | Improper Input Validation vulnerability in Google Android 10.0 In overlay notifications, there is a possible hidden notification due to improper input validation. | 7.3 | |
2020-03-10 | CVE-2020-0063 | Unspecified vulnerability in Google Android In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. | 7.3 | |
2020-03-13 | CVE-2020-10562 | Devome | Unrestricted Upload of File with Dangerous Type vulnerability in Devome GRR An issue was discovered in DEVOME GRR before 3.4.1c. | 7.2 |
2020-03-12 | CVE-2019-11355 | Polycom | OS Command Injection vulnerability in Polycom HDX System Software An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. | 7.2 |
2020-03-12 | CVE-2020-10390 | Chadhaajay | OS Command Injection vulnerability in Chadhaajay PHPkb 9.0 OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. | 7.2 |
2020-03-12 | CVE-2020-10389 | Chadhaajay | Code Injection vulnerability in Chadhaajay PHPkb 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 |
2020-03-12 | CVE-2020-10386 | Chadhaajay | Unrestricted Upload of File with Dangerous Type vulnerability in Chadhaajay PHPkb 9.0 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | 7.2 |
2020-03-11 | CVE-2019-5157 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 7.2 |
2020-03-11 | CVE-2019-5156 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). | 7.2 |
2020-03-11 | CVE-2019-5155 | Wago | OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14) An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. | 7.2 |
2020-03-10 | CVE-2020-6202 | SAP | Improper Input Validation vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | 7.2 |
2020-03-09 | CVE-2015-7342 | Joobi | SQL Injection vulnerability in Joobi Jnews 8.3.1 JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | 7.2 |
2020-03-09 | CVE-2015-7340 | Gwesystems | SQL Injection vulnerability in Gwesystems Jevents 3.4.0 JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | 7.2 |
2020-03-09 | CVE-2015-7338 | Acyba | SQL Injection vulnerability in Acyba Acymailing SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | 7.2 |
2020-03-09 | CVE-2016-11021 | Dlink | OS Command Injection vulnerability in Dlink Dcs-930L Firmware setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | 7.2 |
2020-03-12 | CVE-2020-0556 | Bluez Canonical Debian Opensuse | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | 7.1 |
2020-03-12 | CVE-2020-0854 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. | 7.1 |
2020-03-12 | CVE-2020-0789 | Microsoft | Link Following vulnerability in Microsoft Visual Studio 2019 A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'. | 7.1 |
2020-03-12 | CVE-2020-0786 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'. | 7.1 |
2020-03-12 | CVE-2020-0785 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
2020-03-09 | CVE-2020-2144 | Jenkins | XXE vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
2020-03-09 | CVE-2020-2138 | Jenkins | XXE vulnerability in Jenkins Cobertura Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
2020-03-09 | CVE-2020-1706 | Redhat | Unspecified vulnerability in Redhat Openshift Container Platform It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. | 7.0 |
319 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-15 | CVE-2019-15708 | Fortinet | OS Command Injection vulnerability in Fortinet products A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | 6.7 |
2020-03-13 | CVE-2019-18577 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Xtremio Management Server Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. | 6.7 |
2020-03-13 | CVE-2019-18576 | Dell | Information Exposure Through Log Files vulnerability in Dell Xtremio Management Server Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. | 6.7 |
2020-03-12 | CVE-2020-0526 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2020-03-12 | CVE-2019-14626 | Intel | Unspecified vulnerability in Intel Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2020-03-10 | CVE-2020-0053 | Out-of-bounds Write vulnerability in Google Android 10.0 In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-03-10 | CVE-2020-0050 | Out-of-bounds Write vulnerability in Google Android 10.0 In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2020-03-10 | CVE-2020-0012 | Out-of-bounds Write vulnerability in Google Android In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-03-10 | CVE-2020-0011 | Out-of-bounds Write vulnerability in Google Android In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-03-10 | CVE-2020-0010 | Out-of-bounds Write vulnerability in Google Android In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-03-15 | CVE-2020-0088 | Resource Exhaustion vulnerability in Google Android 10.0 In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. | 6.5 | |
2020-03-15 | CVE-2019-2058 | Out-of-bounds Read vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds read. | 6.5 | |
2020-03-13 | CVE-2019-13199 | Kyocera | Cross-Site Request Forgery (CSRF) vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. | 6.5 |
2020-03-13 | CVE-2019-13170 | Xerox | Cross-Site Request Forgery (CSRF) vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. | 6.5 |
2020-03-13 | CVE-2020-10218 | Sapplica | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | 6.5 |
2020-03-13 | CVE-2020-10081 | Gitlab | Unspecified vulnerability in Gitlab GitLab before 12.8.2 has Incorrect Access Control. | 6.5 |
2020-03-13 | CVE-2019-16157 | Fortinet | Information Exposure Through Log Files vulnerability in Fortinet Fortiweb An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | 6.5 |
2020-03-12 | CVE-2020-0882 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
2020-03-12 | CVE-2020-0880 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
2020-03-12 | CVE-2020-0853 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 6.5 |
2020-03-12 | CVE-2020-0774 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
2020-03-12 | CVE-2020-6858 | Hotels | Injection vulnerability in Hotels Styx Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. | 6.5 |
2020-03-12 | CVE-2020-10501 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. | 6.5 |
2020-03-12 | CVE-2020-10498 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. | 6.5 |
2020-03-12 | CVE-2020-10497 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. | 6.5 |
2020-03-12 | CVE-2020-10458 | Chadhaajay | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. | 6.5 |
2020-03-12 | CVE-2019-5648 | Barracuda | Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. | 6.5 |
2020-03-10 | CVE-2020-0049 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. | 6.5 | |
2020-03-10 | CVE-2019-19277 | Siemens | Unspecified vulnerability in Siemens Siport MP 2.2/3.0.3 A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). | 6.5 |
2020-03-10 | CVE-2019-13009 | Gitlab | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. | 6.5 |
2020-03-10 | CVE-2019-12429 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. | 6.5 |
2020-03-09 | CVE-2016-1159 | Zohocorp | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 6.5 |
2020-03-09 | CVE-2020-2139 | Jenkins | Path Traversal vulnerability in Jenkins Cobertura An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | 6.5 |
2020-03-09 | CVE-2020-9282 | Mahara | Information Exposure vulnerability in Mahara In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | 6.5 |
2020-03-13 | CVE-2019-3770 | Dell | Cross-site Scripting vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. | 6.4 |
2020-03-13 | CVE-2019-3769 | Dell | Cross-site Scripting vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. | 6.4 |
2020-03-10 | CVE-2020-0066 | Out-of-bounds Write vulnerability in Google Android In the netlink driver, there is a possible out of bounds write due to a race condition. | 6.4 | |
2020-03-10 | CVE-2020-0045 | Out-of-bounds Write vulnerability in Google Android 10.0 In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. | 6.4 | |
2020-03-13 | CVE-2020-10195 | Sygnoos | Information Exposure vulnerability in Sygnoos Popup-Builder The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. | 6.3 |
2020-03-10 | CVE-2019-10706 | Westerndigital | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. | 6.3 |
2020-03-15 | CVE-2019-6696 | Fortinet | Open Redirect vulnerability in Fortinet Fortios An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | 6.1 |
2020-03-13 | CVE-2019-13200 | Kyocera | Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. | 6.1 |
2020-03-13 | CVE-2019-13198 | Kyocera | Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. | 6.1 |
2020-03-13 | CVE-2019-13167 | Xerox | Cross-site Scripting vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. | 6.1 |
2020-03-13 | CVE-2020-10076 | Gitlab | Cross-site Scripting vulnerability in Gitlab GitLab 12.1 through 12.8.1 allows XSS. | 6.1 |
2020-03-13 | CVE-2020-10075 | Gitlab | Cross-site Scripting vulnerability in Gitlab GitLab 12.5 through 12.8.1 allows HTML Injection. | 6.1 |
2020-03-13 | CVE-2020-10092 | Gitlab | Cross-site Scripting vulnerability in Gitlab GitLab 12.1 through 12.8.1 allows XSS. | 6.1 |
2020-03-13 | CVE-2020-10091 | Gitlab | Cross-site Scripting vulnerability in Gitlab GitLab 9.3 through 12.8.1 allows XSS. | 6.1 |
2020-03-13 | CVE-2020-10078 | Gitlab | Cross-site Scripting vulnerability in Gitlab GitLab 12.1 through 12.8.1 allows XSS. | 6.1 |
2020-03-13 | CVE-2020-10196 | Sygnoos | Cross-site Scripting vulnerability in Sygnoos Popup-Builder An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. | 6.1 |
2020-03-13 | CVE-2020-10544 | Primetek | Cross-site Scripting vulnerability in Primetek Primefaces 7.0.11 An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. | 6.1 |
2020-03-13 | CVE-2009-5159 | Invisioncommunity Microsoft | Cross-site Scripting vulnerability in multiple products Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | 6.1 |
2020-03-12 | CVE-2019-16156 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiweb An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | 6.1 |
2020-03-12 | CVE-2018-10704 | Yii2Cmf Project | Cross-site Scripting vulnerability in Yii2Cmf Project Yii2Cmf 2.0 yidashi yii2cmf 2.0 has XSS via the /search q parameter. | 6.1 |
2020-03-12 | CVE-2020-0505 | Intel | Unspecified vulnerability in Intel Graphics Driver Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local | 6.1 |
2020-03-12 | CVE-2020-8436 | Metagauss | Cross-site Scripting vulnerability in Metagauss Registrationmagic 4.6.0.0 XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | 6.1 |
2020-03-12 | CVE-2020-10461 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt. | 6.1 |
2020-03-11 | CVE-2019-19381 | Abacus | Cross-site Scripting vulnerability in Abacus 20191120 oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | 6.1 |
2020-03-10 | CVE-2020-6210 | SAP | Cross-site Scripting vulnerability in SAP Fiori Launchpad 753/754 SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-03-10 | CVE-2020-6205 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. | 6.1 |
2020-03-10 | CVE-2020-6201 | SAP | Cross-site Scripting vulnerability in SAP Commerce Cloud The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting. | 6.1 |
2020-03-10 | CVE-2020-7579 | Siemens | Cross-site Scripting vulnerability in Siemens Spectrum Power 5 5.50 A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). | 6.1 |
2020-03-10 | CVE-2019-6585 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). | 6.1 |
2020-03-10 | CVE-2020-9440 | Ckeditor Webspellchecker Fedoraproject | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. | 6.1 |
2020-03-10 | CVE-2019-12444 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. | 6.1 |
2020-03-10 | CVE-2019-12442 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. | 6.1 |
2020-03-10 | CVE-2019-11345 | Citrix | Cross-site Scripting vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | 6.1 |
2020-03-09 | CVE-2020-10247 | Misp | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has Persistent XSS in the sighting popover tool. | 6.1 |
2020-03-09 | CVE-2020-10246 | Misp | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. | 6.1 |
2020-03-09 | CVE-2020-10192 | Munkireport Project | Cross-site Scripting vulnerability in Munkireport Project Munkireport An issue was discovered in Munkireport before 5.3.0.3923. | 6.1 |
2020-03-09 | CVE-2020-2152 | Jenkins | Cross-site Scripting vulnerability in Jenkins Subversion Release Manager Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 |
2020-03-09 | CVE-2020-2140 | Jenkins | Cross-site Scripting vulnerability in Jenkins Audit Trail Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | 6.1 |
2020-03-09 | CVE-2020-10236 | Froxlor | Improper Input Validation vulnerability in Froxlor An issue was discovered in Froxlor before 0.10.14. | 6.1 |
2020-03-13 | CVE-2019-19756 | Lenovo | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator 2.6.0 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. | 6.0 |
2020-03-15 | CVE-2019-15608 | Yarnpkg | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Yarnpkg Yarn The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. | 5.9 |
2020-03-14 | CVE-2020-10576 | Meetecho | Race Condition vulnerability in Meetecho Janus An issue was discovered in Janus through 0.9.1. | 5.9 |
2020-03-12 | CVE-2020-0574 | Intel | Unspecified vulnerability in Intel MAX 10 Fpga Firmware Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access. | 5.9 |
2020-03-12 | CVE-2017-18350 | Bitcoin | Classic Buffer Overflow vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. | 5.9 |
2020-03-11 | CVE-2011-2487 | Apache Redhat | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | 5.9 |
2020-03-10 | CVE-2019-13010 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. | 5.9 |
2020-03-10 | CVE-2019-15034 | Qemu | Classic Buffer Overflow vulnerability in Qemu 4.0.0 hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. | 5.8 |
2020-03-12 | CVE-2020-0551 | Intel | Unspecified vulnerability in Intel products Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 5.6 |
2020-03-12 | CVE-2020-0550 | Intel | Unspecified vulnerability in Intel products Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.6 |
2020-03-11 | CVE-2020-7598 | Substack Opensuse | minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | 5.6 |
2020-03-15 | CVE-2019-2088 | Out-of-bounds Read vulnerability in Google Android 10.0 In StatsService, there is a possible out of bounds read. | 5.5 | |
2020-03-12 | CVE-2020-9064 | Huawei | Improper Authentication vulnerability in Huawei Honor V30 Firmware 10.0.1.135(C00E130R4P1)/10.1.0.212(C00E210R5P1)/Oxfordsan00A10.0.1.167(C00E166R4P1) Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. | 5.5 |
2020-03-12 | CVE-2020-0567 | Intel | Improper Input Validation vulnerability in Intel Graphics Driver Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access. | 5.5 |
2020-03-12 | CVE-2020-5961 | Nvidia | Incomplete Cleanup vulnerability in Nvidia Virtual GPU Graphics Driver NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service. | 5.5 |
2020-03-12 | CVE-2020-5960 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia Virtual GPU Manager NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service. | 5.5 |
2020-03-12 | CVE-2020-5959 | Nvidia | Improper Validation of Array Index vulnerability in Nvidia Virtual GPU Manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service. | 5.5 |
2020-03-12 | CVE-2020-0516 | Intel | Unspecified vulnerability in Intel Graphics Driver Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2020-03-12 | CVE-2020-0511 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Graphics Driver Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2020-03-12 | CVE-2020-0503 | Intel | Unspecified vulnerability in Intel Graphics Driver Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-03-12 | CVE-2020-0501 | Intel | Classic Buffer Overflow vulnerability in Intel Graphics Driver Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2020-03-12 | CVE-2020-0879 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0874 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0871 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0863 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0859 | Microsoft | Unspecified vulnerability in Microsoft products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0820 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0779 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0775 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2020-0765 | Microsoft | Unspecified vulnerability in Microsoft Remote Desktop Connection Manager 2.7 An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'. | 5.5 |
2020-03-12 | CVE-2019-5177 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 5.5 |
2020-03-12 | CVE-2019-5176 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 5.5 |
2020-03-11 | CVE-2019-5182 | Wago | Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14) An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). | 5.5 |
2020-03-11 | CVE-2019-5106 | Wago | Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.5.1.1 A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. | 5.5 |
2020-03-11 | CVE-2012-1101 | Systemd Project | Unspecified vulnerability in Systemd Project Systemd 37 systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | 5.5 |
2020-03-10 | CVE-2020-0087 | Incorrect Authorization vulnerability in Google Android 10.0 In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. | 5.5 | |
2020-03-10 | CVE-2020-0057 | Out-of-bounds Read vulnerability in Google Android 10.0 In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2020-03-10 | CVE-2020-0056 | Out-of-bounds Read vulnerability in Google Android 10.0 In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2020-03-10 | CVE-2020-0055 | Out-of-bounds Read vulnerability in Google Android 10.0 In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2020-03-10 | CVE-2020-0048 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. | 5.5 | |
2020-03-10 | CVE-2020-0061 | Unspecified vulnerability in Google Android 10.0 In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. | 5.5 | |
2020-03-10 | CVE-2020-0059 | Out-of-bounds Read vulnerability in Google Android 10.0 In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2020-03-10 | CVE-2020-0035 | Missing Authorization vulnerability in Google Android 8.0/8.1/9.0 In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. | 5.5 | |
2020-03-10 | CVE-2012-1096 | Gnome Debian | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | 5.5 |
2020-03-10 | CVE-2019-11686 | Westerndigital | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | 5.5 |
2020-03-10 | CVE-2020-10251 | Imagemagick | Out-of-bounds Read vulnerability in Imagemagick 7.0.9 In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. | 5.5 |
2020-03-09 | CVE-2020-2154 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Zephyr for Jira Test Management Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | 5.5 |
2020-03-09 | CVE-2020-2145 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 |
2020-03-09 | CVE-2020-10237 | Froxlor | Race Condition vulnerability in Froxlor An issue was discovered in Froxlor through 0.10.15. | 5.5 |
2020-03-13 | CVE-2019-6699 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiadc An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | 5.4 |
2020-03-12 | CVE-2020-6643 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiisolator An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | 5.4 |
2020-03-12 | CVE-2020-0903 | Microsoft | Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-0894 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-0893 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-0891 | Microsoft | Cross-site Scripting vulnerability in Microsoft products This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-0795 | Microsoft | Cross-site Scripting vulnerability in Microsoft products This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-0700 | Microsoft | Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | 5.4 |
2020-03-12 | CVE-2020-10388 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). | 5.4 |
2020-03-10 | CVE-2020-6200 | SAP | Cross-site Scripting vulnerability in SAP Commerce Cloud The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework. | 5.4 |
2020-03-10 | CVE-2020-6199 | SAP | Missing Authorization vulnerability in SAP ERP 607 The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check. | 5.4 |
2020-03-10 | CVE-2020-6178 | SAP | Information Exposure vulnerability in SAP Enable NOW 10/1902/1908 SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. | 5.4 |
2020-03-10 | CVE-2020-10372 | Ramp | Cross-site Scripting vulnerability in Ramp Altimeter Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI. | 5.4 |
2020-03-10 | CVE-2019-12445 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. | 5.4 |
2020-03-10 | CVE-2020-4162 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. | 5.4 |
2020-03-10 | CVE-2019-4608 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Workload Scheduler 9.3 IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. | 5.4 |
2020-03-09 | CVE-2020-10191 | Munkireport Project | Cross-site Scripting vulnerability in Munkireport Project Munkireport An issue was discovered in MunkiReport before 5.3.0. | 5.4 |
2020-03-09 | CVE-2020-4084 | Hcltech | Cross-site Scripting vulnerability in Hcltech Connections 5.5/6.0/6.5 HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. | 5.4 |
2020-03-09 | CVE-2020-9517 | Microfocus | Improper Restriction of Rendered UI Layers or Frames vulnerability in Microfocus Service Manager 9.50/9.60 There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. | 5.4 |
2020-03-09 | CVE-2020-2136 | Jenkins | Cross-site Scripting vulnerability in Jenkins GIT Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-03-13 | CVE-2020-10090 | Gitlab | Information Exposure vulnerability in Gitlab GitLab 11.7 through 12.8.1 allows Information Disclosure. | 5.3 |
2020-03-13 | CVE-2020-10086 | Gitlab | Path Traversal vulnerability in Gitlab GitLab 10.4 through 12.8.1 allows Directory Traversal. | 5.3 |
2020-03-13 | CVE-2020-10085 | Gitlab | Unspecified vulnerability in Gitlab GitLab 12.3.5 through 12.8.1 allows Information Disclosure. | 5.3 |
2020-03-13 | CVE-2020-10084 | Gitlab | Unspecified vulnerability in Gitlab GitLab EE 11.6 through 12.8.1 allows Information Disclosure. | 5.3 |
2020-03-13 | CVE-2020-10082 | Gitlab | Unspecified vulnerability in Gitlab GitLab 12.2 through 12.8.1 allows Denial of Service. | 5.3 |
2020-03-13 | CVE-2020-10080 | Gitlab | Unspecified vulnerability in Gitlab GitLab 8.3 through 12.8.1 allows Information Disclosure. | 5.3 |
2020-03-13 | CVE-2020-10079 | Gitlab | Missing Authentication for Critical Function vulnerability in Gitlab GitLab 7.10 through 12.8.1 has Incorrect Access Control. | 5.3 |
2020-03-13 | CVE-2019-19799 | Zohocorp | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 5.3 |
2020-03-12 | CVE-2020-7600 | Querymen Project | Unspecified vulnerability in Querymen Project Querymen querymen prior to 2.1.4 allows modification of object properties. | 5.3 |
2020-03-12 | CVE-2020-10535 | Gitlab | Unspecified vulnerability in Gitlab GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | 5.3 |
2020-03-12 | CVE-2018-20586 | Bitcoin | Improper Encoding or Escaping of Output vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | 5.3 |
2020-03-12 | CVE-2018-19516 | KDE | Improper Input Validation vulnerability in KDE Applications messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | 5.3 |
2020-03-12 | CVE-2020-0517 | Intel | Out-of-bounds Write vulnerability in Intel Graphics Driver Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. | 5.3 |
2020-03-12 | CVE-2020-0502 | Intel | Unspecified vulnerability in Intel Graphics Driver Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access. | 5.3 |
2020-03-11 | CVE-2019-5135 | Wago | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. | 5.3 |
2020-03-11 | CVE-2016-1000111 | Twisted | Forced Browsing vulnerability in Twisted Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.3 |
2020-03-11 | CVE-2019-9103 | Moxa | Information Exposure vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 5.3 |
2020-03-11 | CVE-2019-9097 | Moxa | Unspecified vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 5.3 |
2020-03-10 | CVE-2019-13004 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. | 5.3 |
2020-03-10 | CVE-2019-12433 | Gitlab | Improper Input Validation vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. | 5.3 |
2020-03-09 | CVE-2020-10249 | Meinbwa | Unspecified vulnerability in Meinbwa Direx-Pro Firmware 1.2181 BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. | 5.3 |
2020-03-09 | CVE-2011-4538 | Lexmark | Information Exposure vulnerability in Lexmark products Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | 5.3 |
2020-03-09 | CVE-2020-2155 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Openshift Deployer Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-03-09 | CVE-2020-2151 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Quality Gates Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-03-09 | CVE-2020-2150 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Sonar Quality Gates Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-03-09 | CVE-2020-2149 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Repository Connector Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-03-09 | CVE-2020-2143 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Logstash Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2020-03-11 | CVE-2020-1733 | Redhat Fedoraproject Debian | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
2020-03-10 | CVE-2020-0031 | Information Exposure vulnerability in Google Android 10.0 In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. | 5.0 | |
2020-03-12 | CVE-2020-10460 | Chadhaajay | Improper Neutralization of Formula Elements in a CSV File vulnerability in Chadhaajay PHPkb 9.0 admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data. | 4.9 |
2020-03-12 | CVE-2020-10387 | Chadhaajay | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | 4.9 |
2020-03-10 | CVE-2019-13007 | Gitlab | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. | 4.9 |
2020-03-14 | CVE-2020-10577 | Meetecho | Race Condition vulnerability in Meetecho Janus An issue was discovered in Janus through 0.9.1. | 4.8 |
2020-03-12 | CVE-2020-10477 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10476 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10475 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10474 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10473 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10472 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10471 | Chadhasoftware | Cross-site Scripting vulnerability in Chadhasoftware PHPkb 9.0 Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10470 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10469 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | 4.8 |
2020-03-12 | CVE-2020-10468 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10467 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10466 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10465 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10464 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10463 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10462 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | 4.8 |
2020-03-12 | CVE-2020-10456 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10455 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10454 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10453 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10452 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10451 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10450 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10449 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10448 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10447 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10446 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10445 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10444 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10443 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10442 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10441 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10440 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10439 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10438 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10437 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10436 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10435 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10434 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10433 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10432 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10431 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10430 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10429 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10428 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10427 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10426 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10425 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10424 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10423 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10422 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10421 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10420 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10419 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10418 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10417 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10416 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10415 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10414 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10413 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10412 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10411 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10410 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10409 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10408 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10407 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10406 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10405 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10404 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10403 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10402 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10401 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10400 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10399 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10398 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10397 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10396 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10395 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10394 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10393 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10392 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-12 | CVE-2020-10391 | Chadhaajay | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. | 4.8 |
2020-03-09 | CVE-2020-2137 | Jenkins | Cross-site Scripting vulnerability in Jenkins Timestamper Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 |
2020-03-09 | CVE-2015-7344 | Hikashop | Cross-site Scripting vulnerability in Hikashop 2.5.0 HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. | 4.8 |
2020-03-09 | CVE-2015-7343 | Joobi | Cross-site Scripting vulnerability in Joobi Jnews 8.3.1 JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. | 4.8 |
2020-03-12 | CVE-2020-0507 | Intel | Unquoted Search Path or Element vulnerability in Intel Graphics Driver Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access. | 4.4 |
2020-03-12 | CVE-2019-14625 | Intel | Unspecified vulnerability in Intel Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware Improper access control in on-card storage for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2020-03-12 | CVE-2020-7253 | Mcafee | Improper Input Validation vulnerability in Mcafee Agent Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | 4.4 |
2020-03-10 | CVE-2020-0060 | SQL Injection vulnerability in Google Android 10.0 In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. | 4.4 | |
2020-03-10 | CVE-2020-0058 | Out-of-bounds Read vulnerability in Google Android 10.0 In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. | 4.4 | |
2020-03-10 | CVE-2020-0044 | Out-of-bounds Read vulnerability in Google Android In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2020-03-10 | CVE-2020-0043 | Out-of-bounds Read vulnerability in Google Android In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2020-03-10 | CVE-2020-0042 | Out-of-bounds Read vulnerability in Google Android In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2020-03-12 | CVE-2019-12278 | Opera | Unspecified vulnerability in Opera 52.1.2517.139570 Opera through 53 on Android allows Address Bar Spoofing. | 4.3 |
2020-03-12 | CVE-2020-0885 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. | 4.3 |
2020-03-12 | CVE-2020-10504 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10503 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10502 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10500 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10499 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10496 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10495 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10494 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10493 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10492 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10491 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10490 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10489 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10488 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10487 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10486 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10485 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10484 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10483 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10482 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10481 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10480 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | 4.3 |
2020-03-12 | CVE-2020-10479 | Chadhaajay | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | 4.3 |
2020-03-11 | CVE-2019-16107 | Phpbb | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.7 Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. | 4.3 |
2020-03-10 | CVE-2020-6206 | SAP | Cross-Site Request Forgery (CSRF) vulnerability in SAP Cloud Platform Integration 1.0 SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. | 4.3 |
2020-03-10 | CVE-2020-6204 | SAP | Missing Authorization vulnerability in SAP products The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check. | 4.3 |
2020-03-10 | CVE-2020-0052 | Missing Authentication for Critical Function vulnerability in Google Android 10.0 In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. | 4.3 | |
2020-03-10 | CVE-2019-19295 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 4.3 |
2020-03-10 | CVE-2019-13457 | Otrs | Information Exposure vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. | 4.3 |
2020-03-10 | CVE-2019-13011 | Gitlab | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. | 4.3 |
2020-03-10 | CVE-2019-13006 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. | 4.3 |
2020-03-10 | CVE-2019-13005 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. | 4.3 |
2020-03-10 | CVE-2019-13002 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. | 4.3 |
2020-03-10 | CVE-2019-13001 | Gitlab | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. | 4.3 |
2020-03-10 | CVE-2019-12434 | Gitlab | Use of Insufficiently Random Values vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. | 4.3 |
2020-03-10 | CVE-2019-12432 | Gitlab | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. | 4.3 |
2020-03-10 | CVE-2019-12431 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. | 4.3 |
2020-03-10 | CVE-2019-10065 | Otrs | Unspecified vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. | 4.3 |
2020-03-09 | CVE-2020-9386 | Mahara | Information Exposure vulnerability in Mahara In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. | 4.3 |
2020-03-09 | CVE-2020-2157 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Skytap Cloud CI Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 |
2020-03-09 | CVE-2020-2156 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Deployhub Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 |
2020-03-09 | CVE-2020-2153 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Backlog Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 4.3 |
2020-03-09 | CVE-2020-2148 | Jenkins | Incorrect Authorization vulnerability in Jenkins mac A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 |
2020-03-09 | CVE-2020-2147 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins mac A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 |
2020-03-09 | CVE-2020-2142 | Jenkins | Missing Authorization vulnerability in Jenkins P4 A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | 4.3 |
2020-03-09 | CVE-2020-2141 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4 A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | 4.3 |
2020-03-09 | CVE-2019-10806 | Vega Project | Unspecified vulnerability in Vega Project Vega vega-util prior to 1.13.1 allows manipulation of object prototype. | 4.3 |
2020-03-09 | CVE-2015-7968 | SAP | XXE vulnerability in SAP Netweaver Application Server nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | 4.3 |
2020-03-14 | CVE-2020-10575 | Meetecho | Race Condition vulnerability in Meetecho Janus An issue was discovered in Janus through 0.9.1. | 4.2 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-03-12 | CVE-2020-1739 | Redhat Fedoraproject Debian | A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
2020-03-12 | CVE-2020-0884 | Microsoft | Cleartext Transmission of Sensitive Information vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'. | 3.7 |
2020-03-10 | CVE-2020-6197 | SAP | Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. | 3.3 |
2020-03-10 | CVE-2020-0047 | Missing Authorization vulnerability in Google Android 10.0 In setMasterMute of AudioService.java, there is a missing permission check. | 3.3 | |
2020-03-12 | CVE-2020-10459 | Chadhaajay | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. | 2.7 |
2020-03-12 | CVE-2020-10457 | Chadhaajay | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). | 2.7 |
2020-03-12 | CVE-2020-0506 | Intel | Improper Initialization vulnerability in Intel Graphics Driver Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access. | 2.3 |
2020-03-10 | CVE-2020-0029 | Information Exposure vulnerability in Google Android 10.0 In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. | 2.3 |