Weekly Vulnerabilities Reports > March 9 to 15, 2020

Overview

657 new vulnerabilities reported during this period, including 74 critical vulnerabilities and 256 high severity vulnerabilities. This weekly summary report vulnerabilities in 2327 products from 139 vendors including Chadhaajay, Microsoft, Google, Gitlab, and Wago. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", "OS Command Injection", and "Out-of-bounds Read".

  • 465 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 234 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 293 reported vulnerabilities are exploitable by an anonymous user.
  • Chadhaajay has the most reported vulnerabilities, with 118 reported vulnerabilities.
  • Gitlab has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

74 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-03-13 CVE-2020-1953 Apache
Oracle
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements.
10.0
2020-03-12 CVE-2020-0796 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 and Windows Server 2016

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

10.0
2020-03-15 CVE-2020-7607 Gulp Styledocco Project OS Command Injection vulnerability in Gulp-Styledocco Project Gulp-Styledocco 0.0.1/0.0.2/0.0.3

gulp-styledocco through 0.0.3 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7606 Docker Compose Remote API Project OS Command Injection vulnerability in Docker-Compose-Remote-Api Project Docker-Compose-Remote-Api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7605 Gulp Tape Project OS Command Injection vulnerability in Gulp-Tape Project Gulp-Tape

gulp-tape through 1.0.0 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7604 Pulverizr Project OS Command Injection vulnerability in Pulverizr Project Pulverizr 0.5.0/0.5.1/0.7.0

pulverizr through 0.7.0 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7603 Closure Compiler Stream Project OS Command Injection vulnerability in Closure-Compiler-Stream Project Closure-Compiler-Stream

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7602 Node Prompt Here Project OS Command Injection vulnerability in Node-Prompt-Here Project Node-Prompt-Here 1.0.1

node-prompt-here through 1.0.1 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-7601 Gulp Scss Lint Project OS Command Injection vulnerability in Gulp-Scss-Lint Project Gulp-Scss-Lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands.

9.8
2020-03-15 CVE-2020-0086 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow.

9.8
2020-03-14 CVE-2020-10574 Meetecho Use of Incorrectly-Resolved Name or Reference vulnerability in Meetecho Janus

An issue was discovered in Janus through 0.9.1.

9.8
2020-03-14 CVE-2020-10571 PSD Tools Project Improper Check for Unusual or Exceptional Conditions vulnerability in Psd-Tools Project Psd-Tools

An issue was discovered in psd-tools before 1.9.4.

9.8
2020-03-14 CVE-2020-10567 Tecrail Improper Input Validation vulnerability in Tecrail Responsive Filemanager

An issue was discovered in Responsive Filemanager through 9.14.0.

9.8
2020-03-13 CVE-2020-10564 Iptanus Path Traversal vulnerability in Iptanus Wordpress File Upload

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress.

9.8
2020-03-13 CVE-2020-10563 Devome SQL Injection vulnerability in Devome GRR

An issue was discovered in DEVOME GRR before 3.4.1c.

9.8
2020-03-13 CVE-2019-14310 Ricoh Out-of-bounds Write vulnerability in Ricoh products

Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3).

9.8
2020-03-13 CVE-2019-14299 Ricoh Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks.

9.8
2020-03-13 CVE-2019-13202 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

9.8
2020-03-13 CVE-2019-13201 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service.

9.8
2020-03-13 CVE-2019-13197 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

9.8
2020-03-13 CVE-2019-13192 Brother Out-of-bounds Write vulnerability in Brother products

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly.

9.8
2020-03-13 CVE-2019-13172 Xerox Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.

9.8
2020-03-13 CVE-2019-13171 Xerox Out-of-bounds Write vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device.

9.8
2020-03-13 CVE-2019-13169 Xerox Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.

9.8
2020-03-13 CVE-2019-13168 Xerox Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service.

9.8
2020-03-13 CVE-2019-13165 Xerox Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service.

9.8
2020-03-13 CVE-2020-10077 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

GitLab EE 3.0 through 12.8.1 allows SSRF.

9.8
2020-03-13 CVE-2020-10074 Gitlab Unspecified vulnerability in Gitlab

GitLab 10.1 through 12.8.1 has Incorrect Access Control.

9.8
2020-03-13 CVE-2019-13394 Netgear Insufficiently Protected Credentials vulnerability in Netgear Cg3700B Firmware 2.02.03

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.

9.8
2020-03-13 CVE-2019-13204 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service.

9.8
2020-03-13 CVE-2019-12182 Safescan Path Traversal vulnerability in Safescan products

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.

9.8
2020-03-13 CVE-2020-10541 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Opmanager

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request.

9.8
2020-03-12 CVE-2020-10534 Mediawiki Incorrect Authorization vulnerability in Mediawiki

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges.

9.8
2020-03-12 CVE-2019-17658 Fortinet Unquoted Search Path or Element vulnerability in Fortinet Forticlient

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

9.8
2020-03-12 CVE-2019-11343 Torpedoquery Unspecified vulnerability in Torpedoquery Torpedo Query

Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.

9.8
2020-03-12 CVE-2020-0902 Microsoft Unspecified vulnerability in Microsoft Service Fabric

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'.

9.8
2020-03-12 CVE-2020-0690 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

9.8
2020-03-12 CVE-2020-10109 Twisted
Fedoraproject
Debian
Canonical
HTTP Request Smuggling vulnerability in multiple products

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.

9.8
2020-03-12 CVE-2020-10108 Twisted
Fedoraproject
Debian
Canonical
Oracle
HTTP Request Smuggling vulnerability in multiple products

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.

9.8
2020-03-11 CVE-2019-10807 Blamer Project OS Command Injection vulnerability in Blamer Project Blamer

Blamer versions prior to 1.0.1 allows execution of arbitrary commands.

9.8
2020-03-11 CVE-2020-1947 Apache Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration.

9.8
2020-03-11 CVE-2020-8540 Zohocorp Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Desktop Central

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

9.8
2020-03-11 CVE-2020-10181 Sumavision Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimedia Router Firmware 3.0.4.27

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.

9.8
2020-03-11 CVE-2019-9099 Moxa Classic Buffer Overflow vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

9.8
2020-03-11 CVE-2019-9096 Moxa Weak Password Requirements vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

9.8
2020-03-11 CVE-2019-9095 Moxa Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

9.8
2020-03-11 CVE-2020-5203 Fatfreeframework Improper Input Validation vulnerability in Fatfreeframework Fat-Free Framework 3.7.1

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method.

9.8
2020-03-11 CVE-2020-10376 Technicolor Cleartext Transmission of Sensitive Information vulnerability in Technicolor Tc7337Net Firmware 08.89.17.23.03

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.

9.8
2020-03-10 CVE-2020-6207 SAP Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

9.8
2020-03-10 CVE-2020-6198 SAP Cleartext Transmission of Sensitive Information vulnerability in SAP Solution Manager 7.20

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources.

9.8
2020-03-10 CVE-2019-7589 Johnsoncontrols Improper Input Validation vulnerability in Johnsoncontrols Entrapass 7.60

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges.

9.8
2020-03-10 CVE-2020-5253 Nethack Improper Privilege Management vulnerability in Nethack

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited.

9.8
2020-03-10 CVE-2019-12443 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11.

9.8
2020-03-10 CVE-2019-12428 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11.

9.8
2020-03-10 CVE-2018-14502 Kibokolabs SQL Injection vulnerability in Kibokolabs Chained Quiz

controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.

9.8
2020-03-10 CVE-2017-10992 HP Deserialization of Untrusted Data vulnerability in HP Storage Essentials 9.5.0.142

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.

9.8
2020-03-10 CVE-2020-10257 Themerex Missing Authorization vulnerability in Themerex products

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

9.8
2020-03-09 CVE-2020-10250 Meinbwa OS Command Injection vulnerability in Meinbwa Direx-Pro Firmware 1.2181

BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.

9.8
2020-03-09 CVE-2016-6918 Lexmark Unrestricted Upload of File with Dangerous Type vulnerability in Lexmark Markvision Enterprise 2.1/2.3.0

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files.

9.8
2020-03-09 CVE-2014-1634 Magento SQL Injection vulnerability in Magento Advanced Newsletter 2.3.4

SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.

9.8
2020-03-09 CVE-2019-20504 Quest OS Command Injection vulnerability in Quest Kace Systems Management

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

9.8
2020-03-09 CVE-2020-10232 Sleuthkit
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

9.8
2020-03-12 CVE-2020-0872 Microsoft Cross-site Scripting vulnerability in Microsoft Application Inspector 1.0.23

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.

9.6
2020-03-09 CVE-2020-9758 Livezilla Cross-site Scripting vulnerability in Livezilla

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk).

9.6
2020-03-15 CVE-2020-10594 Styria Improper Authentication vulnerability in Styria Django-Rest-Framework-Json web Tokens 1.15.0

An issue was discovered in drf-jwt 1.15.x before 1.15.1.

9.1
2020-03-13 CVE-2020-10083 Gitlab Improper Preservation of Permissions vulnerability in Gitlab

GitLab 12.7 through 12.8.1 has Insecure Permissions.

9.1
2020-03-13 CVE-2020-1887 Linuxfoundation Improper Certificate Validation vulnerability in Linuxfoundation Osquery

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

9.1
2020-03-11 CVE-2019-5161 Wago Insufficient Verification of Data Authenticity vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).

9.1
2020-03-11 CVE-2019-5160 Wago Unspecified vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).

9.1
2020-03-10 CVE-2020-6203 SAP Path Traversal vulnerability in SAP Netweaver

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.

9.1
2020-03-10 CVE-2020-9044 Johnsoncontrols XXE vulnerability in Johnsoncontrols products

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files.

9.1
2020-03-09 CVE-2020-10233 Sleuthkit Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.

9.1
2020-03-13 CVE-2019-18578 Dell Cross-site Scripting vulnerability in Dell Xtremio Management Server

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability.

9.0
2020-03-10 CVE-2020-10255 Samsung
Micron
Skhynix
Improper Input Validation vulnerability in multiple products

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue.

9.0

256 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-03-15 CVE-2019-17654 Fortinet Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager

An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.

8.8
2020-03-15 CVE-2020-8141 DOT Project Code Injection vulnerability in DOT Project DOT 1.1.2

The dot package v1.1.2 uses Function() to compile templates.

8.8
2020-03-14 CVE-2020-10568 Onthegosystems Cross-Site Request Forgery (CSRF) vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6/4.3.7

The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison.

8.8
2020-03-13 CVE-2019-13196 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

8.8
2020-03-13 CVE-2019-13193 Brother Out-of-bounds Write vulnerability in Brother products

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly.

8.8
2020-03-13 CVE-2019-13395 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Cg3700B Firmware 2.02.03

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs.

8.8
2020-03-13 CVE-2019-13206 Kyocera Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

8.8
2020-03-13 CVE-2019-13203 Kyocera Integer Overflow or Wraparound vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

8.8
2020-03-13 CVE-2020-10540 Untis Cross-Site Request Forgery (CSRF) vulnerability in Untis Webuntis

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.

8.8
2020-03-12 CVE-2019-17653 Fortinet Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortisiem 5.2.5

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

8.8
2020-03-12 CVE-2020-0583 Intel Unspecified vulnerability in Intel Smart Sound Technology 3349/3431

Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access.

8.8
2020-03-12 CVE-2020-10531 ICU Project
Redhat
Google
Fedoraproject
Debian
Canonical
Opensuse
Oracle
Nodejs
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.

8.8
2020-03-12 CVE-2020-0883 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

8.8
2020-03-12 CVE-2020-0881 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

8.8
2020-03-12 CVE-2020-0869 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

8.8
2020-03-12 CVE-2020-0850 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

8.8
2020-03-12 CVE-2020-0816 Microsoft Out-of-bounds Write vulnerability in Microsoft Edge

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.

8.8
2020-03-12 CVE-2020-0809 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

8.8
2020-03-12 CVE-2020-0807 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

8.8
2020-03-12 CVE-2020-0801 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

8.8
2020-03-12 CVE-2020-0684 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

8.8
2020-03-12 CVE-2020-9436 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

8.8
2020-03-12 CVE-2020-10478 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.

8.8
2020-03-11 CVE-2019-10808 Xcritical Software Unspecified vulnerability in Xcritical.Software Utilitify 1.0.0/1.0.1/1.0.2

utilitify prior to 1.0.3 allows modification of object properties.

8.8
2020-03-11 CVE-2020-9408 Tibco Incorrect Default Permissions vulnerability in Tibco products

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted.

8.8
2020-03-11 CVE-2019-9102 Moxa Use of Insufficiently Random Values vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

8.8
2020-03-10 CVE-2020-0032 Google Out-of-bounds Write vulnerability in Google Android

In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow.

8.8
2020-03-10 CVE-2019-12430 Gitlab Command Injection vulnerability in Gitlab 11.11.0

An issue was discovered in GitLab Community and Enterprise Edition 11.11.

8.8
2020-03-10 CVE-2019-9859 Vestacp OS Command Injection vulnerability in Vestacp Vesta Control Panel

Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server.

8.8
2020-03-09 CVE-2020-10190 Munkireport Project SQL Injection vulnerability in Munkireport Project Munkireport

An issue was discovered in MunkiReport before 5.3.0.

8.8
2020-03-09 CVE-2016-1487 Lexmark Deserialization of Untrusted Data vulnerability in Lexmark Markvision Enterprise 2.1

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

8.8
2020-03-09 CVE-2015-7341 Joobi Unrestricted Upload of File with Dangerous Type vulnerability in Joobi Jnews 8.3.1

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

8.8
2020-03-09 CVE-2015-7339 Widgetfactorylimited Unrestricted Upload of File with Dangerous Type vulnerability in Widgetfactorylimited JCE 2.5.0/2.5.1/2.5.2

JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.

8.8
2020-03-09 CVE-2020-5256 Bookstackapp Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely.

8.8
2020-03-09 CVE-2020-2159 Jenkins OS Command Injection vulnerability in Jenkins Cryptomove

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.

8.8
2020-03-09 CVE-2020-2158 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins Literate 0.1/0.2/1.0

Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

8.8
2020-03-09 CVE-2020-2135 Jenkins Incorrect Authorization vulnerability in Jenkins Script Security

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.

8.8
2020-03-09 CVE-2020-2134 Jenkins Incorrect Authorization vulnerability in Jenkins Script Security

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.

8.8
2020-03-09 CVE-2020-10235 Froxlor Improper Encoding or Escaping of Output vulnerability in Froxlor

An issue was discovered in Froxlor before 0.10.14.

8.8
2020-03-10 CVE-2020-5259 Linuxfoundation Injection vulnerability in Linuxfoundation Dojox

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution.

8.6
2020-03-13 CVE-2020-5240 Labdigital Incorrect Authorization vulnerability in Labdigital Wagtail-2Fa

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path.

8.5
2020-03-12 CVE-2020-9543 Openstack Incorrect Default Permissions vulnerability in Openstack Manila

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.

8.3
2020-03-10 CVE-2020-6208 SAP Use After Free vulnerability in SAP Crystal Reports 4.1/4.2

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution.

8.2
2020-03-13 CVE-2020-5257 Thoughtbot SQL Injection vulnerability in Thoughtbot Administrate

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query.

8.1
2020-03-13 CVE-2020-10088 Gitlab Improper Privilege Management vulnerability in Gitlab

GitLab 12.5 through 12.8.1 has Insecure Permissions.

8.1
2020-03-12 CVE-2020-8435 Metagauss SQL Injection vulnerability in Metagauss Registrationmagic 4.6.0.0

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress.

8.1
2020-03-10 CVE-2020-5254 Nethack Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nethack

In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited.

8.1
2020-03-10 CVE-2019-17636 Eclipse Insufficient Verification of Data Authenticity vulnerability in Eclipse Theia

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com.

8.1
2020-03-12 CVE-2020-0905 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

8.0
2020-03-15 CVE-2020-9290 Fortinet Uncontrolled Search Path Element vulnerability in Fortinet Forticlient

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

7.8
2020-03-15 CVE-2020-9287 Fortinet Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

7.8
2020-03-15 CVE-2019-2089 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0

In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID.

7.8
2020-03-15 CVE-2020-10589 V2Rayl Project Improper Privilege Management vulnerability in V2Rayl Project V2Rayl 2.1.3

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.

7.8
2020-03-15 CVE-2020-10588 V2Rayl Project Improper Privilege Management vulnerability in V2Rayl Project V2Rayl 2.1.3

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.

7.8
2020-03-14 CVE-2020-10587 Antixlinux
Mxlinux
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
7.8
2020-03-14 CVE-2020-10566 Freebsd Classic Buffer Overflow vulnerability in Freebsd

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.

7.8
2020-03-14 CVE-2020-10565 Freebsd Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file.

7.8
2020-03-12 CVE-2020-8469 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0

Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.

7.8
2020-03-12 CVE-2020-0565 Intel Uncontrolled Search Path Element vulnerability in Intel Graphics Driver

Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2020-03-12 CVE-2020-0546 Intel Unquoted Search Path or Element vulnerability in Intel Optane DC Persistent Memory Module Management 01.00.00.3455

Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.

7.8
2020-03-12 CVE-2020-0530 Intel Classic Buffer Overflow vulnerability in Intel products

Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2020-03-12 CVE-2020-0520 Intel Path Traversal vulnerability in Intel Graphics Driver

Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

7.8
2020-03-12 CVE-2020-0519 Intel Unspecified vulnerability in Intel Graphics Driver

Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

7.8
2020-03-12 CVE-2020-0515 Intel Uncontrolled Search Path Element vulnerability in Intel Graphics Driver

Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access

7.8
2020-03-12 CVE-2020-0514 Intel Incorrect Default Permissions vulnerability in Intel Graphics Driver

Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2020-03-12 CVE-2020-0508 Intel Incorrect Default Permissions vulnerability in Intel Graphics Driver

Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2020-03-12 CVE-2020-0504 Intel Classic Buffer Overflow vulnerability in Intel Graphics Driver

Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.

7.8
2020-03-12 CVE-2020-0898 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0897 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0896 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0892 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

7.8
2020-03-12 CVE-2020-0887 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0877 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0868 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0867 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0866 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0865 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0864 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0861 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.

7.8
2020-03-12 CVE-2020-0860 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0858 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0857 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0855 Microsoft Unspecified vulnerability in Microsoft Office and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

7.8
2020-03-12 CVE-2020-0852 Microsoft Unspecified vulnerability in Microsoft Office, Office Online Server and Sharepoint Server

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

7.8
2020-03-12 CVE-2020-0851 Microsoft Unspecified vulnerability in Microsoft Office and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

7.8
2020-03-12 CVE-2020-0849 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0845 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0844 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0843 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0842 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0841 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0840 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0834 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0822 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0819 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0814 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0810 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0808 Microsoft Improper Input Validation vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0806 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0804 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0803 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0802 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0800 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0799 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0798 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0797 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0793 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0791 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0788 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0787 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0783 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0781 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0780 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0778 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0777 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0776 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0773 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0772 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0771 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0770 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0769 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0763 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-0762 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'.

7.8
2020-03-12 CVE-2020-7254 Mcafee Improper Privilege Management vulnerability in Mcafee Advanced Threat Defense

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.

7.8
2020-03-12 CVE-2019-5181 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5180 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5179 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5178 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5171 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5170 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-12 CVE-2019-5169 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5175 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5174 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5173 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5172 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14).

7.8
2020-03-11 CVE-2020-5958 Nvidia Unspecified vulnerability in Nvidia Geforce Experience, Quadro Firmware and Tesla Firmware

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.

7.8
2020-03-11 CVE-2019-5168 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5167 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5166 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14).

7.8
2020-03-11 CVE-2019-5159 Wago Exposure of Resource to Wrong Sphere vulnerability in Wago E!Cockpit 1.6.0.7

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7.

7.8
2020-03-11 CVE-2019-5158 Wago Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.6.1.5

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5.

7.8
2020-03-11 CVE-2020-1981 Paloaltonetworks Exposure of Resource to Wrong Sphere vulnerability in Paloaltonetworks Pan-Os

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.

7.8
2020-03-11 CVE-2020-1980 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.

7.8
2020-03-11 CVE-2020-1979 Paloaltonetworks Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges.

7.8
2020-03-10 CVE-2020-0085 Google Missing Authorization vulnerability in Google Android 10.0

In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check.

7.8
2020-03-10 CVE-2020-0084 Google Missing Authorization vulnerability in Google Android 10.0

In several functions of NotificationManagerService.java, there are missing permission checks.

7.8
2020-03-10 CVE-2020-0054 Google Missing Authorization vulnerability in Google Android 10.0

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check.

7.8
2020-03-10 CVE-2020-0051 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0

In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack.

7.8
2020-03-10 CVE-2020-0046 Google Out-of-bounds Write vulnerability in Google Android 10.0

In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow.

7.8
2020-03-10 CVE-2020-0069 Google
Huawei
Out-of-bounds Write vulnerability in multiple products

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions.

7.8
2020-03-10 CVE-2020-0041 Google Improper Input Validation vulnerability in Google Android

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check.

7.8
2020-03-10 CVE-2020-0036 Google Incorrect Authorization vulnerability in Google Android

In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass.

7.8
2020-03-10 CVE-2020-0033 Google Out-of-bounds Write vulnerability in Google Android

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer.

7.8
2020-03-09 CVE-2020-5342 Dell Incorrect Default Permissions vulnerability in Dell Digital Delivery

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability.

7.8
2020-03-09 CVE-2020-1737 Redhat Path Traversal vulnerability in Redhat Ansible Tower

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.

7.8
2020-03-15 CVE-2019-9474 Google Out-of-bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

7.5
2020-03-15 CVE-2019-9473 Google Out-of-bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

7.5
2020-03-15 CVE-2020-10591 Walmart Unspecified vulnerability in Walmart Concord

An issue was discovered in Walmart Labs Concord before 1.44.0.

7.5
2020-03-14 CVE-2020-10578 Q CMS Unspecified vulnerability in Q-Cms Qcms 3.0.1

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.

7.5
2020-03-14 CVE-2020-10573 Meetecho Improper Locking vulnerability in Meetecho Janus

An issue was discovered in Janus through 0.9.1.

7.5
2020-03-13 CVE-2019-19611 Halvotec Unspecified vulnerability in Halvotec Raquest 10.23.10801.0

An issue was discovered in Halvotec RaQuest 10.23.10801.0.

7.5
2020-03-13 CVE-2019-14309 Ricoh Use of Hard-coded Credentials vulnerability in Ricoh products

Ricoh SP C250DN 1.05 devices have a fixed password.

7.5
2020-03-13 CVE-2019-14303 Ricoh Unspecified vulnerability in Ricoh products

Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3).

7.5
2020-03-13 CVE-2019-13195 Kyocera Path Traversal vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.

7.5
2020-03-13 CVE-2019-13194 Brother Missing Authentication for Critical Function vulnerability in Brother products

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.

7.5
2020-03-13 CVE-2019-13166 Xerox Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout.

7.5
2020-03-13 CVE-2020-10073 Gitlab Unspecified vulnerability in Gitlab

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service.

7.5
2020-03-13 CVE-2019-13393 Netgear Insecure Default Initialization of Resource vulnerability in Netgear Cg3700B Firmware 2.02.03

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key.

7.5
2020-03-13 CVE-2019-13205 Kyocera Missing Authentication for Critical Function vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users.

7.5
2020-03-13 CVE-2020-10089 Gitlab Uncontrolled Recursion vulnerability in Gitlab

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

7.5
2020-03-13 CVE-2020-10087 Gitlab Unspecified vulnerability in Gitlab

GitLab before 12.8.2 allows Information Disclosure.

7.5
2020-03-13 CVE-2020-8571 Netapp Unspecified vulnerability in Netapp Storagegrid

StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).

7.5
2020-03-12 CVE-2020-1863 Huawei Out-of-bounds Read vulnerability in Huawei Usg6000V Firmware V500R001C20Spc300/V500R003C00Spc100/V500R005C00Spc100

Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability.

7.5
2020-03-12 CVE-2015-3641 Bitcoin Unspecified vulnerability in Bitcoin Core

bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.

7.5
2020-03-12 CVE-2020-10532 Watchguard Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.

7.5
2020-03-12 CVE-2020-0876 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

7.5
2020-03-12 CVE-2020-0848 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0847 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

7.5
2020-03-12 CVE-2020-0833 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0832 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0831 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0830 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Internet Explorer

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0829 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0828 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0827 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0826 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0825 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0824 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0823 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0815 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2019

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'.

7.5
2020-03-12 CVE-2020-0813 Microsoft Unspecified vulnerability in Microsoft Chakracore and Edge

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

7.5
2020-03-12 CVE-2020-0812 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0811 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0768 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.5
2020-03-12 CVE-2020-0758 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server and Team Foundation Server

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'.

7.5
2020-03-12 CVE-2020-0645 Microsoft Unspecified vulnerability in Microsoft products

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.

7.5
2020-03-12 CVE-2020-9464 Beckhoff Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware

A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000.

7.5
2020-03-12 CVE-2020-9435 Phoenixcontact Use of Hard-coded Credentials vulnerability in Phoenixcontact products

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device.

7.5
2020-03-11 CVE-2020-7943 Puppet Unspecified vulnerability in Puppet Server

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints.

7.5
2020-03-11 CVE-2019-5149 Wago Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs.

7.5
2020-03-11 CVE-2019-5134 Wago Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12).

7.5
2020-03-11 CVE-2019-5107 Wago Cleartext Transmission of Sensitive Information vulnerability in Wago E!Cockpit 1.5.1.1

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1.

7.5
2020-03-11 CVE-2013-1753 Python Unspecified vulnerability in Python

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

7.5
2020-03-11 CVE-2019-9104 Moxa Insufficiently Protected Credentials vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

7.5
2020-03-11 CVE-2019-9101 Moxa Cleartext Transmission of Sensitive Information vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

7.5
2020-03-11 CVE-2019-9098 Moxa Integer Overflow or Wraparound vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

7.5
2020-03-10 CVE-2020-6209 SAP Missing Authorization vulnerability in SAP Disclosure Management 10.1

SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check.

7.5
2020-03-10 CVE-2020-6196 SAP Unspecified vulnerability in SAP Businessobjects Mobile 4.2

SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.

7.5
2020-03-10 CVE-2020-0062 Google Information Exposure vulnerability in Google Android

In Euicc, there is a possible information disclosure due to an included test Certificate.

7.5
2020-03-10 CVE-2019-3553 Facebook Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload.

7.5
2020-03-10 CVE-2019-11938 Facebook Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload.

7.5
2020-03-10 CVE-2020-0083 Google Unspecified vulnerability in Google Android 10.0

In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error.

7.5
2020-03-10 CVE-2020-0039 Google Out-of-bounds Read vulnerability in Google Android

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check.

7.5
2020-03-10 CVE-2020-0038 Google Out-of-bounds Read vulnerability in Google Android

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check.

7.5
2020-03-10 CVE-2020-0037 Google Out-of-bounds Read vulnerability in Google Android

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check.

7.5
2020-03-10 CVE-2020-0034 Google
Debian
Out-of-bounds Read vulnerability in multiple products

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation.

7.5
2020-03-10 CVE-2019-19281 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

7.5
2020-03-10 CVE-2019-19279 Siemens Improper Input Validation vulnerability in Siemens Siprotec 4 and Siprotec Compact

A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions).

7.5
2020-03-10 CVE-2019-18336 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl.

7.5
2020-03-10 CVE-2019-13121 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2.

7.5
2020-03-10 CVE-2012-1094 Redhat Information Exposure vulnerability in Redhat Jboss Application Server

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

7.5
2020-03-10 CVE-2019-13003 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3.

7.5
2020-03-10 CVE-2019-12446 Gitlab Information Exposure Through an Error Message vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11.

7.5
2020-03-10 CVE-2019-12441 Gitlab Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11.

7.5
2020-03-10 CVE-2019-10705 Westerndigital Insufficiently Protected Credentials vulnerability in Westerndigital products

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.

7.5
2020-03-10 CVE-2018-18894 Lexmark Path Traversal vulnerability in Lexmark products

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

7.5
2020-03-09 CVE-2020-10248 Meinbwa Forced Browsing vulnerability in Meinbwa Direx-Pro Firmware 1.2181

BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.

7.5
2020-03-09 CVE-2020-10244 Jpaseto Project Inadequate Encryption Strength vulnerability in Jpaseto Project Jpaseto 0.1.0/0.2.0

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.

7.5
2020-03-09 CVE-2019-19614 Halvotec Injection vulnerability in Halvotec Raquest 10.23.10801.0

An issue was discovered in Halvotec RAQuest 10.23.10801.0.

7.5
2020-03-09 CVE-2011-3269 Lexmark Information Exposure vulnerability in Lexmark products

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

7.5
2020-03-09 CVE-2020-4217 IBM Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Spectrum Scale

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability.

7.5
2020-03-09 CVE-2020-8987 Avast Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate.

7.4
2020-03-09 CVE-2020-2146 Jenkins Improper Verification of Cryptographic Signature vulnerability in Jenkins mac

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

7.4
2020-03-15 CVE-2019-2216 Google Improper Input Validation vulnerability in Google Android 10.0

In overlay notifications, there is a possible hidden notification due to improper input validation.

7.3
2020-03-10 CVE-2020-0063 Google Unspecified vulnerability in Google Android

In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE.

7.3
2020-03-13 CVE-2020-10562 Devome Unrestricted Upload of File with Dangerous Type vulnerability in Devome GRR

An issue was discovered in DEVOME GRR before 3.4.1c.

7.2
2020-03-12 CVE-2019-11355 Polycom OS Command Injection vulnerability in Polycom HDX System Software

An issue was discovered in Poly (formerly Polycom) HDX 3.1.13.

7.2
2020-03-12 CVE-2020-10390 Chadhaajay OS Command Injection vulnerability in Chadhaajay PHPkb 9.0

OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.

7.2
2020-03-12 CVE-2020-10389 Chadhaajay Code Injection vulnerability in Chadhaajay PHPkb 9.0

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.

7.2
2020-03-12 CVE-2020-10386 Chadhaajay Unrestricted Upload of File with Dangerous Type vulnerability in Chadhaajay PHPkb 9.0

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.

7.2
2020-03-11 CVE-2019-5157 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)

An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).

7.2
2020-03-11 CVE-2019-5156 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).

7.2
2020-03-11 CVE-2019-5155 Wago OS Command Injection vulnerability in Wago Pfc200 Firmware 03.00.39(12)/03.01.07(13)/03.02.02(14)

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200.

7.2
2020-03-10 CVE-2020-6202 SAP Improper Input Validation vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.

7.2
2020-03-09 CVE-2015-7342 Joobi SQL Injection vulnerability in Joobi Jnews 8.3.1

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

7.2
2020-03-09 CVE-2015-7340 Gwesystems SQL Injection vulnerability in Gwesystems Jevents 3.4.0

JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.

7.2
2020-03-09 CVE-2015-7338 Acyba SQL Injection vulnerability in Acyba Acymailing

SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.

7.2
2020-03-09 CVE-2016-11021 Dlink OS Command Injection vulnerability in Dlink Dcs-930L Firmware

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.

7.2
2020-03-12 CVE-2020-0556 Bluez
Canonical
Debian
Opensuse
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
7.1
2020-03-12 CVE-2020-0854 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

7.1
2020-03-12 CVE-2020-0789 Microsoft Link Following vulnerability in Microsoft Visual Studio 2019

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.

7.1
2020-03-12 CVE-2020-0786 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.

7.1
2020-03-12 CVE-2020-0785 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

7.1
2020-03-09 CVE-2020-2144 Jenkins XXE vulnerability in Jenkins Rundeck

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.1
2020-03-09 CVE-2020-2138 Jenkins XXE vulnerability in Jenkins Cobertura

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.1
2020-03-09 CVE-2020-1706 Redhat Unspecified vulnerability in Redhat Openshift Container Platform

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root.

7.0

319 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-03-15 CVE-2019-15708 Fortinet OS Command Injection vulnerability in Fortinet products

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

6.7
2020-03-13 CVE-2019-18577 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell Xtremio Management Server

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability.

6.7
2020-03-13 CVE-2019-18576 Dell Information Exposure Through Log Files vulnerability in Dell Xtremio Management Server

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files.

6.7
2020-03-12 CVE-2020-0526 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2020-03-12 CVE-2019-14626 Intel Unspecified vulnerability in Intel Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware

Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2020-03-10 CVE-2020-0053 Google Out-of-bounds Write vulnerability in Google Android 10.0

In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2020-03-10 CVE-2020-0050 Google Out-of-bounds Write vulnerability in Google Android 10.0

In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation.

6.7
2020-03-10 CVE-2020-0012 Google Out-of-bounds Write vulnerability in Google Android

In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check.

6.7
2020-03-10 CVE-2020-0011 Google Out-of-bounds Write vulnerability in Google Android

In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check.

6.7
2020-03-10 CVE-2020-0010 Google Out-of-bounds Write vulnerability in Google Android

In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check.

6.7
2020-03-15 CVE-2020-0088 Google Resource Exhaustion vulnerability in Google Android 10.0

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation.

6.5
2020-03-15 CVE-2019-2058 Google Out-of-bounds Read vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds read.

6.5
2020-03-13 CVE-2019-13199 Kyocera Cross-Site Request Forgery (CSRF) vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF.

6.5
2020-03-13 CVE-2019-13170 Xerox Cross-Site Request Forgery (CSRF) vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks.

6.5
2020-03-13 CVE-2020-10218 Sapplica SQL Injection vulnerability in Sapplica Sentrifugo 3.2

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.

6.5
2020-03-13 CVE-2020-10081 Gitlab Unspecified vulnerability in Gitlab

GitLab before 12.8.2 has Incorrect Access Control.

6.5
2020-03-13 CVE-2019-16157 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortiweb

An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.

6.5
2020-03-12 CVE-2020-0882 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

6.5
2020-03-12 CVE-2020-0880 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

6.5
2020-03-12 CVE-2020-0853 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.

6.5
2020-03-12 CVE-2020-0774 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

6.5
2020-03-12 CVE-2020-6858 Hotels Injection vulnerability in Hotels Styx

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection.

6.5
2020-03-12 CVE-2020-10501 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.

6.5
2020-03-12 CVE-2020-10498 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.

6.5
2020-03-12 CVE-2020-10497 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.

6.5
2020-03-12 CVE-2020-10458 Chadhaajay Path Traversal vulnerability in Chadhaajay PHPkb 9.0

Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.

6.5
2020-03-12 CVE-2019-5648 Barracuda Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials.

6.5
2020-03-10 CVE-2020-0049 Google Use of Uninitialized Resource vulnerability in Google Android 10.0

In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data.

6.5
2020-03-10 CVE-2019-19277 Siemens Unspecified vulnerability in Siemens Siport MP 2.2/3.0.3

A vulnerability has been identified in SIPORT MP (All versions < 3.1.4).

6.5
2020-03-10 CVE-2019-13009 Gitlab Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2.

6.5
2020-03-10 CVE-2019-12429 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11.

6.5
2020-03-09 CVE-2016-1159 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

6.5
2020-03-09 CVE-2020-2139 Jenkins Path Traversal vulnerability in Jenkins Cobertura

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

6.5
2020-03-09 CVE-2020-9282 Mahara Information Exposure vulnerability in Mahara

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.

6.5
2020-03-13 CVE-2019-3770 Dell Cross-site Scripting vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device.

6.4
2020-03-13 CVE-2019-3769 Dell Cross-site Scripting vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability.

6.4
2020-03-10 CVE-2020-0066 Google Out-of-bounds Write vulnerability in Google Android

In the netlink driver, there is a possible out of bounds write due to a race condition.

6.4
2020-03-10 CVE-2020-0045 Google Out-of-bounds Write vulnerability in Google Android 10.0

In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition.

6.4
2020-03-13 CVE-2020-10195 Sygnoos Information Exposure vulnerability in Sygnoos Popup-Builder

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php.

6.3
2020-03-10 CVE-2019-10706 Westerndigital Insufficiently Protected Credentials vulnerability in Westerndigital products

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest.

6.3
2020-03-15 CVE-2019-6696 Fortinet Open Redirect vulnerability in Fortinet Fortios

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

6.1
2020-03-13 CVE-2019-13200 Kyocera Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS.

6.1
2020-03-13 CVE-2019-13198 Kyocera Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS.

6.1
2020-03-13 CVE-2019-13167 Xerox Cross-site Scripting vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers.

6.1
2020-03-13 CVE-2020-10076 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 12.1 through 12.8.1 allows XSS.

6.1
2020-03-13 CVE-2020-10075 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 12.5 through 12.8.1 allows HTML Injection.

6.1
2020-03-13 CVE-2020-10092 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 12.1 through 12.8.1 allows XSS.

6.1
2020-03-13 CVE-2020-10091 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 9.3 through 12.8.1 allows XSS.

6.1
2020-03-13 CVE-2020-10078 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 12.1 through 12.8.1 allows XSS.

6.1
2020-03-13 CVE-2020-10196 Sygnoos Cross-site Scripting vulnerability in Sygnoos Popup-Builder

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php.

6.1
2020-03-13 CVE-2020-10544 Primetek Cross-site Scripting vulnerability in Primetek Primefaces 7.0.11

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11.

6.1
2020-03-13 CVE-2009-5159 Invisioncommunity
Microsoft
Cross-site Scripting vulnerability in multiple products

Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

6.1
2020-03-12 CVE-2019-16156 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiweb

An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).

6.1
2020-03-12 CVE-2018-10704 Yii2Cmf Project Cross-site Scripting vulnerability in Yii2Cmf Project Yii2Cmf 2.0

yidashi yii2cmf 2.0 has XSS via the /search q parameter.

6.1
2020-03-12 CVE-2020-0505 Intel Unspecified vulnerability in Intel Graphics Driver

Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local

6.1
2020-03-12 CVE-2020-8436 Metagauss Cross-site Scripting vulnerability in Metagauss Registrationmagic 4.6.0.0

XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.

6.1
2020-03-12 CVE-2020-10461 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.

6.1
2020-03-11 CVE-2019-19381 Abacus Cross-site Scripting vulnerability in Abacus 20191120

oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message.

6.1
2020-03-10 CVE-2020-6210 SAP Cross-site Scripting vulnerability in SAP Fiori Launchpad 753/754

SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2020-03-10 CVE-2020-6205 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.

6.1
2020-03-10 CVE-2020-6201 SAP Cross-site Scripting vulnerability in SAP Commerce Cloud

The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.

6.1
2020-03-10 CVE-2020-7579 Siemens Cross-site Scripting vulnerability in Siemens Spectrum Power 5 5.50

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02).

6.1
2020-03-10 CVE-2019-6585 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1).

6.1
2020-03-10 CVE-2020-9440 Ckeditor
Webspellchecker
Fedoraproject
Cross-site Scripting vulnerability in multiple products

A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.

6.1
2020-03-10 CVE-2019-12444 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11.

6.1
2020-03-10 CVE-2019-12442 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11.

6.1
2020-03-10 CVE-2019-11345 Citrix Cross-site Scripting vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.

6.1
2020-03-09 CVE-2020-10247 Misp Cross-site Scripting vulnerability in Misp 2.4.122

MISP 2.4.122 has Persistent XSS in the sighting popover tool.

6.1
2020-03-09 CVE-2020-10246 Misp Cross-site Scripting vulnerability in Misp 2.4.122

MISP 2.4.122 has reflected XSS via unsanitized URL parameters.

6.1
2020-03-09 CVE-2020-10192 Munkireport Project Cross-site Scripting vulnerability in Munkireport Project Munkireport

An issue was discovered in Munkireport before 5.3.0.3923.

6.1
2020-03-09 CVE-2020-2152 Jenkins Cross-site Scripting vulnerability in Jenkins Subversion Release Manager

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

6.1
2020-03-09 CVE-2020-2140 Jenkins Cross-site Scripting vulnerability in Jenkins Audit Trail

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.

6.1
2020-03-09 CVE-2020-10236 Froxlor Improper Input Validation vulnerability in Froxlor

An issue was discovered in Froxlor before 0.10.14.

6.1
2020-03-13 CVE-2019-19756 Lenovo Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator 2.6.0

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text.

6.0
2020-03-15 CVE-2019-15608 Yarnpkg Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Yarnpkg Yarn

The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache.

5.9
2020-03-14 CVE-2020-10576 Meetecho Race Condition vulnerability in Meetecho Janus

An issue was discovered in Janus through 0.9.1.

5.9
2020-03-12 CVE-2020-0574 Intel Unspecified vulnerability in Intel MAX 10 Fpga Firmware

Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access.

5.9
2020-03-12 CVE-2017-18350 Bitcoin Classic Buffer Overflow vulnerability in Bitcoin Core

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used.

5.9
2020-03-11 CVE-2011-2487 Apache
Redhat
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

5.9
2020-03-10 CVE-2019-13010 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2.

5.9
2020-03-10 CVE-2019-15034 Qemu Classic Buffer Overflow vulnerability in Qemu 4.0.0

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

5.8
2020-03-12 CVE-2020-0551 Intel Unspecified vulnerability in Intel products

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

5.6
2020-03-12 CVE-2020-0550 Intel Unspecified vulnerability in Intel products

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.6
2020-03-11 CVE-2020-7598 Substack
Opensuse
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
5.6
2020-03-15 CVE-2019-2088 Google Out-of-bounds Read vulnerability in Google Android 10.0

In StatsService, there is a possible out of bounds read.

5.5
2020-03-12 CVE-2020-9064 Huawei Improper Authentication vulnerability in Huawei Honor V30 Firmware 10.0.1.135(C00E130R4P1)/10.1.0.212(C00E210R5P1)/Oxfordsan00A10.0.1.167(C00E166R4P1)

Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability.

5.5
2020-03-12 CVE-2020-0567 Intel Improper Input Validation vulnerability in Intel Graphics Driver

Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.

5.5
2020-03-12 CVE-2020-5961 Nvidia Incomplete Cleanup vulnerability in Nvidia Virtual GPU Graphics Driver

NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.

5.5
2020-03-12 CVE-2020-5960 Nvidia NULL Pointer Dereference vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.

5.5
2020-03-12 CVE-2020-5959 Nvidia Improper Validation of Array Index vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.

5.5
2020-03-12 CVE-2020-0516 Intel Unspecified vulnerability in Intel Graphics Driver

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2020-03-12 CVE-2020-0511 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Graphics Driver

Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.

5.5
2020-03-12 CVE-2020-0503 Intel Unspecified vulnerability in Intel Graphics Driver

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2020-03-12 CVE-2020-0501 Intel Classic Buffer Overflow vulnerability in Intel Graphics Driver

Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.

5.5
2020-03-12 CVE-2020-0879 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0874 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0871 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0863 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0859 Microsoft Unspecified vulnerability in Microsoft products

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0820 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0779 Microsoft Link Following vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'.

5.5
2020-03-12 CVE-2020-0775 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2020-0765 Microsoft Unspecified vulnerability in Microsoft Remote Desktop Connection Manager 2.7

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'.

5.5
2020-03-12 CVE-2019-5177 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

5.5
2020-03-12 CVE-2019-5176 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

5.5
2020-03-11 CVE-2019-5182 Wago Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14).

5.5
2020-03-11 CVE-2019-5106 Wago Use of Hard-coded Credentials vulnerability in Wago E!Cockpit 1.5.1.1

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1.

5.5
2020-03-11 CVE-2012-1101 Systemd Project Unspecified vulnerability in Systemd Project Systemd 37

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

5.5
2020-03-10 CVE-2020-0087 Google Incorrect Authorization vulnerability in Google Android 10.0

In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure.

5.5
2020-03-10 CVE-2020-0057 Google Out-of-bounds Read vulnerability in Google Android 10.0

In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2020-03-10 CVE-2020-0056 Google Out-of-bounds Read vulnerability in Google Android 10.0

In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2020-03-10 CVE-2020-0055 Google Out-of-bounds Read vulnerability in Google Android 10.0

In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2020-03-10 CVE-2020-0048 Google Use of Uninitialized Resource vulnerability in Google Android 10.0

In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data.

5.5
2020-03-10 CVE-2020-0061 Google Unspecified vulnerability in Google Android 10.0

In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio.

5.5
2020-03-10 CVE-2020-0059 Google Out-of-bounds Read vulnerability in Google Android 10.0

In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2020-03-10 CVE-2020-0035 Google Missing Authorization vulnerability in Google Android 8.0/8.1/9.0

In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check.

5.5
2020-03-10 CVE-2012-1096 Gnome
Debian
Improper Certificate Validation vulnerability in multiple products

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

5.5
2020-03-10 CVE-2019-11686 Westerndigital Insufficiently Protected Credentials vulnerability in Westerndigital products

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.

5.5
2020-03-10 CVE-2020-10251 Imagemagick Out-of-bounds Read vulnerability in Imagemagick 7.0.9

In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c.

5.5
2020-03-09 CVE-2020-2154 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Zephyr for Jira Test Management

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.

5.5
2020-03-09 CVE-2020-2145 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

5.5
2020-03-09 CVE-2020-10237 Froxlor Race Condition vulnerability in Froxlor

An issue was discovered in Froxlor through 0.10.15.

5.5
2020-03-13 CVE-2019-6699 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiadc

An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.

5.4
2020-03-12 CVE-2020-6643 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiisolator

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).

5.4
2020-03-12 CVE-2020-0903 Microsoft Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

5.4
2020-03-12 CVE-2020-0894 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4
2020-03-12 CVE-2020-0893 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4
2020-03-12 CVE-2020-0891 Microsoft Cross-site Scripting vulnerability in Microsoft products

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.

5.4
2020-03-12 CVE-2020-0795 Microsoft Cross-site Scripting vulnerability in Microsoft products

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.

5.4
2020-03-12 CVE-2020-0700 Microsoft Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

5.4
2020-03-12 CVE-2020-10388 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).

5.4
2020-03-10 CVE-2020-6200 SAP Cross-site Scripting vulnerability in SAP Commerce Cloud

The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.

5.4
2020-03-10 CVE-2020-6199 SAP Missing Authorization vulnerability in SAP ERP 607

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.

5.4
2020-03-10 CVE-2020-6178 SAP Information Exposure vulnerability in SAP Enable NOW 10/1902/1908

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL.

5.4
2020-03-10 CVE-2020-10372 Ramp Cross-site Scripting vulnerability in Ramp Altimeter

Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.

5.4
2020-03-10 CVE-2019-12445 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11.

5.4
2020-03-10 CVE-2020-4162 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting.

5.4
2020-03-10 CVE-2019-4608 IBM Cross-site Scripting vulnerability in IBM Tivoli Workload Scheduler 9.3

IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting.

5.4
2020-03-09 CVE-2020-10191 Munkireport Project Cross-site Scripting vulnerability in Munkireport Project Munkireport

An issue was discovered in MunkiReport before 5.3.0.

5.4
2020-03-09 CVE-2020-4084 Hcltech Cross-site Scripting vulnerability in Hcltech Connections 5.5/6.0/6.5

HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting.

5.4
2020-03-09 CVE-2020-9517 Microfocus Improper Restriction of Rendered UI Layers or Frames vulnerability in Microfocus Service Manager 9.50/9.60

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60.

5.4
2020-03-09 CVE-2020-2136 Jenkins Cross-site Scripting vulnerability in Jenkins GIT

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

5.4
2020-03-13 CVE-2020-10090 Gitlab Information Exposure vulnerability in Gitlab

GitLab 11.7 through 12.8.1 allows Information Disclosure.

5.3
2020-03-13 CVE-2020-10086 Gitlab Path Traversal vulnerability in Gitlab

GitLab 10.4 through 12.8.1 allows Directory Traversal.

5.3
2020-03-13 CVE-2020-10085 Gitlab Unspecified vulnerability in Gitlab

GitLab 12.3.5 through 12.8.1 allows Information Disclosure.

5.3
2020-03-13 CVE-2020-10084 Gitlab Unspecified vulnerability in Gitlab

GitLab EE 11.6 through 12.8.1 allows Information Disclosure.

5.3
2020-03-13 CVE-2020-10082 Gitlab Unspecified vulnerability in Gitlab

GitLab 12.2 through 12.8.1 allows Denial of Service.

5.3
2020-03-13 CVE-2020-10080 Gitlab Unspecified vulnerability in Gitlab

GitLab 8.3 through 12.8.1 allows Information Disclosure.

5.3
2020-03-13 CVE-2020-10079 Gitlab Missing Authentication for Critical Function vulnerability in Gitlab

GitLab 7.10 through 12.8.1 has Incorrect Access Control.

5.3
2020-03-13 CVE-2019-19799 Zohocorp Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager

Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.

5.3
2020-03-12 CVE-2020-7600 Querymen Project Unspecified vulnerability in Querymen Project Querymen

querymen prior to 2.1.4 allows modification of object properties.

5.3
2020-03-12 CVE-2020-10535 Gitlab Unspecified vulnerability in Gitlab

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

5.3
2020-03-12 CVE-2018-20586 Bitcoin Improper Encoding or Escaping of Output vulnerability in Bitcoin Core

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

5.3
2020-03-12 CVE-2018-19516 KDE Improper Input Validation vulnerability in KDE Applications

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.

5.3
2020-03-12 CVE-2020-0517 Intel Out-of-bounds Write vulnerability in Intel Graphics Driver

Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.

5.3
2020-03-12 CVE-2020-0502 Intel Unspecified vulnerability in Intel Graphics Driver

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.

5.3
2020-03-11 CVE-2019-5135 Wago Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers.

5.3
2020-03-11 CVE-2016-1000111 Twisted Forced Browsing vulnerability in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

5.3
2020-03-11 CVE-2019-9103 Moxa Information Exposure vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

5.3
2020-03-11 CVE-2019-9097 Moxa Unspecified vulnerability in Moxa products

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.

5.3
2020-03-10 CVE-2019-13004 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2.

5.3
2020-03-10 CVE-2019-12433 Gitlab Improper Input Validation vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11.

5.3
2020-03-09 CVE-2020-10249 Meinbwa Unspecified vulnerability in Meinbwa Direx-Pro Firmware 1.2181

BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.

5.3
2020-03-09 CVE-2011-4538 Lexmark Information Exposure vulnerability in Lexmark products

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

5.3
2020-03-09 CVE-2020-2155 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Openshift Deployer

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

5.3
2020-03-09 CVE-2020-2151 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Quality Gates

Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

5.3
2020-03-09 CVE-2020-2150 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Sonar Quality Gates

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

5.3
2020-03-09 CVE-2020-2149 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Repository Connector

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

5.3
2020-03-09 CVE-2020-2143 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Logstash

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

5.3
2020-03-11 CVE-2020-1733 Redhat
Fedoraproject
Debian
Race Condition vulnerability in multiple products

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user.

5.0
2020-03-10 CVE-2020-0031 Google Information Exposure vulnerability in Google Android 10.0

In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately.

5.0
2020-03-12 CVE-2020-10460 Chadhaajay Improper Neutralization of Formula Elements in a CSV File vulnerability in Chadhaajay PHPkb 9.0

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.

4.9
2020-03-12 CVE-2020-10387 Chadhaajay Path Traversal vulnerability in Chadhaajay PHPkb 9.0

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

4.9
2020-03-10 CVE-2019-13007 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2.

4.9
2020-03-14 CVE-2020-10577 Meetecho Race Condition vulnerability in Meetecho Janus

An issue was discovered in Janus through 0.9.1.

4.8
2020-03-12 CVE-2020-10477 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10476 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10475 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10474 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10473 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10472 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10471 Chadhasoftware Cross-site Scripting vulnerability in Chadhasoftware PHPkb 9.0

Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10470 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10469 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

4.8
2020-03-12 CVE-2020-10468 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10467 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10466 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10465 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10464 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10463 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10462 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

4.8
2020-03-12 CVE-2020-10456 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10455 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10454 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10453 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10452 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10451 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10450 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10449 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10448 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10447 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10446 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10445 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10444 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10443 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10442 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10441 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10440 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10439 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10438 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10437 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10436 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10435 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10434 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10433 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10432 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10431 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10430 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10429 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10428 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10427 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10426 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10425 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10424 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10423 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10422 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10421 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10420 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10419 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10418 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10417 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10416 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10415 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10414 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10413 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10412 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10411 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10410 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10409 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10408 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10407 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10406 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10405 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10404 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10403 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10402 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10401 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10400 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10399 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10398 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10397 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10396 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10395 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10394 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10393 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10392 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.

4.8
2020-03-12 CVE-2020-10391 Chadhaajay Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.

4.8
2020-03-09 CVE-2020-2137 Jenkins Cross-site Scripting vulnerability in Jenkins Timestamper

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

4.8
2020-03-09 CVE-2015-7344 Hikashop Cross-site Scripting vulnerability in Hikashop 2.5.0

HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].

4.8
2020-03-09 CVE-2015-7343 Joobi Cross-site Scripting vulnerability in Joobi Jnews 8.3.1

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

4.8
2020-03-12 CVE-2020-0507 Intel Unquoted Search Path or Element vulnerability in Intel Graphics Driver

Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.

4.4
2020-03-12 CVE-2019-14625 Intel Unspecified vulnerability in Intel Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware

Improper access control in on-card storage for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable denial of service via local access.

4.4
2020-03-12 CVE-2020-7253 Mcafee Improper Input Validation vulnerability in Mcafee Agent

Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.

4.4
2020-03-10 CVE-2020-0060 Google SQL Injection vulnerability in Google Android 10.0

In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection.

4.4
2020-03-10 CVE-2020-0058 Google Out-of-bounds Read vulnerability in Google Android 10.0

In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check.

4.4
2020-03-10 CVE-2020-0044 Google Out-of-bounds Read vulnerability in Google Android

In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check.

4.4
2020-03-10 CVE-2020-0043 Google Out-of-bounds Read vulnerability in Google Android

In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check.

4.4
2020-03-10 CVE-2020-0042 Google Out-of-bounds Read vulnerability in Google Android

In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check.

4.4
2020-03-12 CVE-2019-12278 Opera Unspecified vulnerability in Opera 52.1.2517.139570

Opera through 53 on Android allows Address Bar Spoofing.

4.3
2020-03-12 CVE-2020-0885 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.

4.3
2020-03-12 CVE-2020-10504 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10503 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10502 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10500 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10499 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10496 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10495 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10494 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10493 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.

4.3
2020-03-12 CVE-2020-10492 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.

4.3
2020-03-12 CVE-2020-10491 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.

4.3
2020-03-12 CVE-2020-10490 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.

4.3
2020-03-12 CVE-2020-10489 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.

4.3
2020-03-12 CVE-2020-10488 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.

4.3
2020-03-12 CVE-2020-10487 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.

4.3
2020-03-12 CVE-2020-10486 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.

4.3
2020-03-12 CVE-2020-10485 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.

4.3
2020-03-12 CVE-2020-10484 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.

4.3
2020-03-12 CVE-2020-10483 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.

4.3
2020-03-12 CVE-2020-10482 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.

4.3
2020-03-12 CVE-2020-10481 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.

4.3
2020-03-12 CVE-2020-10480 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.

4.3
2020-03-12 CVE-2020-10479 Chadhaajay Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

4.3
2020-03-11 CVE-2019-16107 Phpbb Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.7

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.

4.3
2020-03-10 CVE-2020-6206 SAP Cross-Site Request Forgery (CSRF) vulnerability in SAP Cloud Platform Integration 1.0

SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages.

4.3
2020-03-10 CVE-2020-6204 SAP Missing Authorization vulnerability in SAP products

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

4.3
2020-03-10 CVE-2020-0052 Google Missing Authentication for Critical Function vulnerability in Google Android 10.0

In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass.

4.3
2020-03-10 CVE-2019-19295 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).

4.3
2020-03-10 CVE-2019-13457 Otrs Information Exposure vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8.

4.3
2020-03-10 CVE-2019-13011 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2.

4.3
2020-03-10 CVE-2019-13006 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2.

4.3
2020-03-10 CVE-2019-13005 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2.

4.3
2020-03-10 CVE-2019-13002 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2.

4.3
2020-03-10 CVE-2019-13001 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2.

4.3
2020-03-10 CVE-2019-12434 Gitlab Use of Insufficiently Random Values vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11.

4.3
2020-03-10 CVE-2019-12432 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11.

4.3
2020-03-10 CVE-2019-12431 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11.

4.3
2020-03-10 CVE-2019-10065 Otrs Unspecified vulnerability in Otrs

An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6.

4.3
2020-03-09 CVE-2020-9386 Mahara Information Exposure vulnerability in Mahara

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

4.3
2020-03-09 CVE-2020-2157 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Skytap Cloud CI

Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

4.3
2020-03-09 CVE-2020-2156 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Deployhub

Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

4.3
2020-03-09 CVE-2020-2153 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Backlog

Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

4.3
2020-03-09 CVE-2020-2148 Jenkins Incorrect Authorization vulnerability in Jenkins mac

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

4.3
2020-03-09 CVE-2020-2147 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins mac

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

4.3
2020-03-09 CVE-2020-2142 Jenkins Missing Authorization vulnerability in Jenkins P4

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.

4.3
2020-03-09 CVE-2020-2141 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.

4.3
2020-03-09 CVE-2019-10806 Vega Project Unspecified vulnerability in Vega Project Vega

vega-util prior to 1.13.1 allows manipulation of object prototype.

4.3
2020-03-09 CVE-2015-7968 SAP XXE vulnerability in SAP Netweaver Application Server

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

4.3
2020-03-14 CVE-2020-10575 Meetecho Race Condition vulnerability in Meetecho Janus

An issue was discovered in Janus through 0.9.1.

4.2

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-03-12 CVE-2020-1739 Redhat
Fedoraproject
Debian
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node.
3.9
2020-03-12 CVE-2020-0884 Microsoft Cleartext Transmission of Sensitive Information vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.

3.7
2020-03-10 CVE-2020-6197 SAP Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner.

3.3
2020-03-10 CVE-2020-0047 Google Missing Authorization vulnerability in Google Android 10.0

In setMasterMute of AudioService.java, there is a missing permission check.

3.3
2020-03-12 CVE-2020-10459 Chadhaajay Path Traversal vulnerability in Chadhaajay PHPkb 9.0

Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.

2.7
2020-03-12 CVE-2020-10457 Chadhaajay Path Traversal vulnerability in Chadhaajay PHPkb 9.0

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).

2.7
2020-03-12 CVE-2020-0506 Intel Improper Initialization vulnerability in Intel Graphics Driver

Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.

2.3
2020-03-10 CVE-2020-0029 Google Information Exposure vulnerability in Google Android 10.0

In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset.

2.3