Vulnerability Summary for the Week of March 16, 2020

Released
Mar 23, 2020
Document ID
SB20-083

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
anttix_linux_and_mx_linux -- anttix_linux_and_mx_linuxantiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.2020-03-147.2CVE-2020-10587
MISC
MISC
apache -- commons_configuration
 
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.2020-03-137.5CVE-2020-1953
MISC
MLIST
armorx -- lisomail
 
LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.2020-03-187.5CVE-2020-3922
MISC
MISC
MISC
atlassian -- onapAn issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12115
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12118
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.2020-03-187.5CVE-2019-12112
MISC
atlassian -- onap
 
In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-197.5CVE-2019-12127
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12116
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12117
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12119
MISC
atlassian -- onap
 
An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12120
MISC
atlassian -- onap
 
In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-197.5CVE-2019-12125
MISC
atlassian -- onap
 
In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-197.5CVE-2019-12126
MISC
atlassian -- onap
 
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.2020-03-187.5CVE-2019-12114
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.2020-03-187.5CVE-2019-12132
MISC
brother -- multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.2020-03-139CVE-2019-13193
MISC
MISC
MISC
brother -- multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.2020-03-1310CVE-2019-13192
MISC
MISC
MISC
centos-webpanel -- centos_web_panel
 
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.2020-03-167.5CVE-2020-10230
MISC
MISC
closure-compiler-stream -- closure-compiler-streamclosure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.2020-03-157.5CVE-2020-7603
MISC
codiad -- web_ide
 
Codiad Web IDE through 2.8.4 allows PHP Code injection.2020-03-167.5CVE-2019-19208
MISC
MISC
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).2020-03-177.5CVE-2020-10119
MISC
cpanel -- cpanel
 
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).2020-03-179CVE-2020-10115
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).2020-03-179CVE-2020-10120
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).2020-03-177.5CVE-2019-20498
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).2020-03-177.5CVE-2020-10121
MISC
dell -- emc_xtremio_xms
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.2020-03-137.2CVE-2019-18577
MISC
devome -- grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query.2020-03-137.5CVE-2020-10563
MISC
MISC
MISC
docker-compose-remote-api -- docker-compose-remote-api
 
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.2020-03-157.5CVE-2020-7606
MISC
dolibarr -- dolibarr
 
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).2020-03-167.5CVE-2019-19212
MISC
MISC
MISC
fortiguard -- fortiap-s/w2_and_fortiap_and_fortiap-u
 
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.2020-03-157.2CVE-2019-15708
CONFIRM
freebsd -- bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.2020-03-147.2CVE-2020-10565
MISC
gitlab -- gitlab
 
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.2020-03-137.5CVE-2020-10074
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.2020-03-137.5CVE-2020-10077
MISC
CONFIRM
golang -- go
 
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.2020-03-167.8CVE-2020-7919
MISC
CONFIRM
MISC
gulp-scss-lint -- gulp-scss-lint
 
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.2020-03-157.5CVE-2020-7601
MISC
gulp-styledocco -- gulp-styledoccogulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.2020-03-157.5CVE-2020-7607
MISC
gulp-tape -- gulp-tapegulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.2020-03-157.5CVE-2020-7605
MISC
hp -- multiple_printers
 
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.2020-03-167.5CVE-2019-18917
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.2020-03-167.5CVE-2020-10243
MISC
kyocera -- ecosys_m5526cdw_printersSome Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13202
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13201
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-139CVE-2019-13203
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13204
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-139CVE-2019-13206
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13197
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.2020-03-139CVE-2019-13196
MISC
logicaldoc -- logicaldoc
 
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.2020-03-1810CVE-2020-9423
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.2020-03-147.5CVE-2020-10574
MISC
mitsubishi_electric -- melqic_iu1_series_devicesTCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.2020-03-167.5CVE-2020-5545
MISC
MISC
mitsubishi_electric -- melqic_iu1_series_devices
 
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.2020-03-167.5CVE-2020-5547
MISC
MISC
mitsubishi_electric -- melqic_iu1_series_devices
 
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.2020-03-167.5CVE-2020-5542
MISC
MISC
mitsubishi_electric -- melqic_iu1_series_devices
 
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.2020-03-167.5CVE-2020-5544
MISC
MISC
mitsubishi_electric -- melqic_iu1_series_devices
 
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.2020-03-167.5CVE-2020-5543
MISC
MISC
node-prompot-here -- node-prompt-here
 
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization.2020-03-157.5CVE-2020-7602
MISC
perlspeak -- perlspeak
 
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.2020-03-187.5CVE-2020-10674
MISC
MISC
psd-tools -- psd-tools
 
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.2020-03-147.5CVE-2020-10571
MISC
MISC
pulverizr -- pulverizr
 
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.2020-03-157.5CVE-2020-7604
MISC
responsive_filemanager -- responsive_filemanager
 
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)2020-03-147.5CVE-2020-10567
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets2020-03-1310CVE-2019-14310
MISC
MISC
rmysql -- rmysql
 
RMySQL through 0.10.19 allows SQL Injection.2020-03-177.5CVE-2020-10380
CONFIRM
rockwell_automation -- multiple_products
 
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.2020-03-1610CVE-2020-6990
MISC
safescan -- timemoto
 
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.2020-03-137.5CVE-2019-12182
MISC
MISC
MISC
MISC
salesagility -- suitecrmSuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).2020-03-167.5CVE-2020-8784
CONFIRM
CONFIRM
salesagility -- suitecrm
 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).2020-03-167.5CVE-2020-8783
CONFIRM
CONFIRM
salesagility -- suitecrm
 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).2020-03-167.5CVE-2020-8785
CONFIRM
CONFIRM
salesagility -- suitecrm
 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).2020-03-167.5CVE-2020-8786
CONFIRM
CONFIRM
swisscom -- centro_grande
 
Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection.2020-03-169CVE-2019-19940
CONFIRM
MISC
trend_micro -- worry-free_business_security
 
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.2020-03-187.5CVE-2020-8600
MISC
MISC
MISC
trend_micro -- apex_one_and_officescan_xg
 
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.2020-03-1810CVE-2020-8599
MISC
MISC
trend_micro -- multiple_products
 
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.2020-03-189.4CVE-2020-8470
MISC
MISC
MISC
MISC
trend_micro -- multiple_products
 
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.2020-03-1810CVE-2020-8598
MISC
MISC
MISC
MISC
unraid -- unraid
 
Unraid through 6.8.0 allows Remote Code Execution.2020-03-1610CVE-2020-5847
MISC
MISC
MISC
v2rayl -- v2rayl
 
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.2020-03-157.2CVE-2020-10588
MISC
v2rayl -- v2rayl
 
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.2020-03-157.2CVE-2020-10589
MISC
vmware -- multiple_productsFor VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.2020-03-167.2CVE-2019-5543
CONFIRM
vmware -- workstation_and_fusion
 
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.2020-03-167.2CVE-2020-3947
CONFIRM
wordpress -- wordpress
 
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.2020-03-137.5CVE-2020-10564
MISC
MISC
MISC
xerox -- phaser_3320_printersSome Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13165
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.2020-03-1310CVE-2019-13168
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.2020-03-1310CVE-2019-13172
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.2020-03-1310CVE-2019-13171
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.2020-03-1310CVE-2019-13169
MISC
MISC
zoho -- manageengine_opmanager
 
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.2020-03-137.5CVE-2020-10541
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
9folders -- nine_for_androidThe Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12366
MISC
MISC
MISC
administrate_gem_for_ruby_on_rails -- administrate_gem_for_ruby_on_rails
 
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.2020-03-135.5CVE-2020-5257
MISC
CONFIRM
apache -- geode
 
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.2020-03-164CVE-2019-10091
MISC
aquaforest -- tiff_server
 
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.2020-03-185CVE-2020-9323
MISC
MISC
MISC
aquaforest -- tiff_server
 
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.2020-03-185CVE-2020-9325
MISC
MISC
MISC
aquaforest -- tiff_server
 
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.2020-03-185CVE-2020-9324
MISC
MISC
MISC
artica -- pandora_fms
 
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.2020-03-166.5CVE-2020-5844
MISC
MISC
arxes-tolina -- arxes-tolina
 
arxes-tolina 3.0.0 allows User Enumeration.2020-03-184CVE-2019-19677
MISC

atlassian -- onap

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.2020-03-186.4CVE-2019-12131
MISC
atlassian -- onapAn issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.2020-03-186.5CVE-2019-12123
MISC

atlassian -- onap

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.2020-03-185CVE-2019-12121
MISC
atlassian -- onap
 
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.2020-03-186.5CVE-2019-12113
MISC
atlassian -- onap
 
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.2020-03-184CVE-2019-12122
MISC
atlassian -- onap
 
An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.2020-03-186.4CVE-2019-12124
MISC
atutor -- acontent
 
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.2020-03-166.5CVE-2020-10557
MISC
MISC
blix -- bluemail_for_android
 
The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12367
MISC
MISC
MISC
brother -- multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.2020-03-135CVE-2019-13194
MISC
MISC
MISC
citrix -- sd-wan_appliances
 
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.2020-03-164.3CVE-2020-6175
CONFIRM
MISC
combodo -- itop
 
A post-authentication privilege escalation in the web application of Combodo iTop before 2.7 allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.2020-03-165.5CVE-2019-19821
MISC
MISC
contao -- contao
 
Contao before 4.5.7 has XSS in the system log.2020-03-164.3CVE-2018-10125
CONFIRM
cpanel -- cpane
 
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).2020-03-174.3CVE-2019-20493
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).2020-03-174.9CVE-2019-20496
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).2020-03-174CVE-2019-20495
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).2020-03-165.5CVE-2019-20491
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).2020-03-174.3CVE-2020-10114
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).2020-03-175CVE-2020-10116
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).2020-03-174.3CVE-2020-10113
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).2020-03-176.5CVE-2019-20492
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).2020-03-176.4CVE-2020-10122
MISC
cpanel -- cpanel
 
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).2020-03-176.5CVE-2019-20490
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).2020-03-176.4CVE-2020-10117
MISC
cpanel -- cpanel
 
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).2020-03-176.4CVE-2020-10118
MISC
dell -- emc_xtremio_xms
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.2020-03-136CVE-2019-18578
MISC
delta_electronics -- industrial_automation_cncsoft_screeneditor
 
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.2020-03-186.8CVE-2020-7002
MISC
delta_electronics -- industrial_automation_cncsoft_screeneditor
 
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.2020-03-184.3CVE-2020-6976
MISC
devome -- grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.2020-03-136.5CVE-2020-10562
MISC
MISC
MISC
django-nopassword -- django-nopassword
 
django-nopassword before 5.0.0 stores cleartext secrets in the database.2020-03-185CVE-2019-10682
MISC
CONFIRM
MISC
dolibarr -- dolibarr
 
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.2020-03-164.3CVE-2019-19211
MISC
MISC
MISC
dolibarr -- dolibarr
 
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.2020-03-165CVE-2019-19209
MISC
MISC
MISC
dot_project -- dot
 
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.2020-03-156.5CVE-2020-8141
MISC
dradis -- dradis_pro
 
The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.2020-03-164CVE-2019-19946
MISC
MISC
drf-jwt -- drf-jwt
 
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.2020-03-155.8CVE-2020-10594
MISC
MISC
MISC
easy!appointments -- easy!appointments
 
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.2020-03-165CVE-2018-13063
MISC
MISC
easy!appointments -- easy!appointments
 
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.2020-03-165CVE-2018-13060
MISC
MISC
edison_software -- edison_mail
 
The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12368
MISC
MISC
MISC
edx -- open_edx
 
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.2020-03-184.3CVE-2019-20512
MISC
edx -- open_edx
 
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.2020-03-194.3CVE-2019-20513
MISC
facebook -- thrift
 
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.2020-03-185CVE-2019-11939
MISC
CONFIRM
fortinet -- forticlient_ems
 
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.2020-03-156.9CVE-2020-9287
CONFIRM
fortinet -- forticlient_for_windows
 
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.2020-03-156.9CVE-2020-9290
CONFIRM
fortinet -- fortimanager
 
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.2020-03-156.8CVE-2019-17654
CONFIRM
fortinet -- fortiweb 
 
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.2020-03-134CVE-2019-16157
CONFIRM
fortinet -- fortios
 
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.2020-03-155.8CVE-2019-6696
CONFIRM

frappe -- erpnext

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.2020-03-194.3CVE-2019-20519
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.2020-03-194.3CVE-2019-20515
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.2020-03-194.3CVE-2019-20516
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.2020-03-184.3CVE-2019-20511
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.2020-03-194.3CVE-2019-20520
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.2020-03-194.3CVE-2019-20517
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.2020-03-194.3CVE-2019-20521
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.2020-03-194.3CVE-2019-20514
MISC
frappe -- erpnext
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.2020-03-194.3CVE-2019-20518
MISC
freebsd -- bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.2020-03-144.6CVE-2020-10566
MISC
gitlab -- gitlab
 
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.2020-03-136.4CVE-2020-10083
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace2020-03-135CVE-2020-10084
MISC
CONFIRM
gitlab -- gitlabGitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.2020-03-134.3CVE-2020-10092
MISC
CONFIRM
gitlab -- gitlabGitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.2020-03-135CVE-2020-10087
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,2020-03-135CVE-2020-10089
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.2020-03-134.3CVE-2020-10091
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.2020-03-135CVE-2020-10086
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.2020-03-135CVE-2020-10085
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.2020-03-135CVE-2020-10080
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.2020-03-135CVE-2020-10079
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.2020-03-134.3CVE-2020-10076
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.2020-03-135CVE-2020-10090
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.2020-03-135.8CVE-2020-10075
MISC
CONFIRM
gitlab -- gitlab
 
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.2020-03-134CVE-2020-10081
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.2020-03-135.5CVE-2020-10088
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.2020-03-134.3CVE-2020-10078
MISC
CONFIRM
gitlab -- gitlab
 
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.2020-03-135CVE-2020-10082
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
 
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.2020-03-135CVE-2020-10073
MISC
CONFIRM
gnome -- gthumb
 
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.2020-03-166.8CVE-2019-20326
MISC
CONFIRM
CONFIRM
CONFIRM
google -- android
 
In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-1360891022020-03-154.3CVE-2019-2058
CONFIRM
google -- android
 
In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1166088332020-03-154.4CVE-2019-2089
CONFIRM
google -- android
 
In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-383905302020-03-154.4CVE-2019-2216
CONFIRM
google -- android
 
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-799962672020-03-155CVE-2019-9474
CONFIRM
google -- android
 
In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1243898812020-03-154.3CVE-2020-0088
CONFIRM
google -- android
 
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1318593472020-03-156.8CVE-2020-0086
CONFIRM
google -- android
 
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1153635332020-03-155CVE-2019-9473
CONFIRM
graphicsmagick -- graphicsmagick
 
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.2020-03-184.3CVE-2019-12921
MISC
MISC
MLIST
halvotec -- raquest
 
An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user.2020-03-135CVE-2019-19611
MISC
ibm -- mq_and_mq_appliance
 
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.2020-03-164CVE-2019-4656
XF
CONFIRM
ibm -- datapower_gateway
 
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.2020-03-194CVE-2020-4203
XF
CONFIRM
ibm -- datapower_gaweway
 
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.2020-03-196.5CVE-2020-4205
XF
CONFIRM
ibm -- netcool_omnibus
 
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.2020-03-184.3CVE-2020-4199
XF
CONFIRM
ignite_realtime -- openfire
 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.2020-03-194.3CVE-2019-20526
MISC
ignite_realtime -- openfire
 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.2020-03-194.3CVE-2019-20527
MISC
ignite_realtime -- openfire
 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.2020-03-194.3CVE-2019-20525
MISC
ignite_realtime -- openfire
 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.2020-03-184.3CVE-2019-20528
MISC
ilch -- ilch_cms
 
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter.2020-03-194.3CVE-2019-20524
MISC
ilch -- ilch_cms
 
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter.2020-03-194.3CVE-2019-20523
MISC
ilch -- ilch_cms
 
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter.2020-03-194.3CVE-2019-20522
MISC
intelliants -- subrion_cms
 
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.2020-03-176.8CVE-2018-21037
MISC
invision_power_services -- invision_power_boardInvision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.2020-03-134.3CVE-2009-5159
MISC
MISC
MISC
MISC
joomla! -- joomla!An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.2020-03-165CVE-2020-10240
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.2020-03-165CVE-2020-10238
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.2020-03-166.8CVE-2020-10241
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.2020-03-166.5CVE-2020-10239
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.2020-03-164.3CVE-2020-10242
MISC
kyocera -- ecosys_m5526cdw_printers
 
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.2020-03-135CVE-2019-13205
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-134.3CVE-2019-13198
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-134.3CVE-2019-13200
MISC
kyocera -- ecosys_m5526cdw_printers
 
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.2020-03-135CVE-2019-13195
MISC
kyocera -- ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.2020-03-134.3CVE-2019-13199
MISC
limesurvey -- limesurvey
 
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.2020-03-164.3CVE-2019-14512
CONFIRM
CONFIRM
MISC
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.2020-03-145.8CVE-2020-10577
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.2020-03-144.3CVE-2020-10576
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.2020-03-145CVE-2020-10573
MISC
meetecho -- janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.2020-03-144CVE-2020-10575
MISC
micro_focus -- micro_focus_service_manager
 
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.2020-03-165CVE-2020-9519
MISC
micro_focus -- micro_focus_service_manager
 
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.2020-03-165CVE-2020-9518
MISC
mitsubishi_electric -- melqic_iu1_series_devicesImproper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.2020-03-165.8CVE-2020-5546
MISC
MISC
moodle -- moodle
 
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.2020-03-185.8CVE-2019-14882
CONFIRM
CONFIRM
moodle -- moodle
 
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.2020-03-184.3CVE-2019-14884
CONFIRM
CONFIRM
moodle -- moodle
 
A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.2020-03-184.3CVE-2019-14881
CONFIRM
CONFIRM
nagios -- nagios_log_serverNagios Log Server 2.1.3 has CSRF.2020-03-166.8CVE-2020-6585
MISC
MISC
MISC
nagios -- nagios_log_server
 
Nagios Log Server 2.1.3 has Incorrect Access Control.2020-03-164CVE-2020-6584
MISC
MISC
MISC
nagios -- nagios_remote_plugin_executor
 
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.2020-03-166.8CVE-2020-6581
MISC
MISC
nagios -- nagios_remote_plugin_executor
 
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.2020-03-165CVE-2020-6582
MISC
MISC
netgear -- cg3700b_voo_device
 
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.2020-03-135CVE-2019-13393
MISC
netgear -- cg3700b_voo_device
 
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.2020-03-135CVE-2019-13394
MISC
netgear -- cg3700b_voo_device
 
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.2020-03-136.8CVE-2019-13395
MISC
netsas -- enigma_network_management_solution
 
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs.2020-03-194.3CVE-2019-16070
MISC
netsas -- enigma_network_management_solution
 
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol.2020-03-194.3CVE-2019-16069
MISC
netsas -- enigma_network_management_solution
 
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data.2020-03-194CVE-2019-16062
MISC
newton -- newton_for_android
 
The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12365
MISC
MISC
MISC
opc_foundation -- opc_ua_net_standard
 
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.2020-03-165.8CVE-2019-19135
MISC
CONFIRM
openwrt_project -- openwrt
 
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.2020-03-165CVE-2020-7248
MISC
CONFIRM
openwrt_project -- openwrt
 
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.2020-03-165CVE-2019-19945
MISC
CONFIRM
osquery -- osquery
 
Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.2020-03-135.8CVE-2020-1887
CONFIRM
CONFIRM
primetek -- primefaces
 
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.2020-03-134.3CVE-2020-10544
MISC
pydio -- pydio_core_and_pydio_enterprise
 
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.2020-03-176.5CVE-2019-20452
MISC
MISC
pydio -- pydio_core_and_pydio_enterprise
 
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.2020-03-176.5CVE-2019-20453
MISC
MISC
qcms -- qcms
 
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.2020-03-145CVE-2020-10578
MISC
readdle -- spark_for_android
 
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12370
MISC
MISC
MISC
red_hat -- ansible_engine
 
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.2020-03-164.4CVE-2020-1738
CONFIRM
CONFIRM
red_hat -- openshift
 
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.2020-03-184.4CVE-2019-19351
CONFIRM
red_hat --wildfly
 
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.2020-03-166.4CVE-2019-14887
CONFIRM
CONFIRM
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.2020-03-135CVE-2019-14309
MISC
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.2020-03-135CVE-2019-14303
MISC
MISC
ricoh -- sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.2020-03-135CVE-2019-14299
MISC
MISC
rockwell_automation -- multiple_products
 
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.2020-03-165CVE-2020-6984
MISC
rockwell_automation -- multiple_products
 
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.2020-03-165CVE-2020-6988
MISC
salesagility -- suitecrm
 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.2020-03-165CVE-2020-8787
CONFIRM
CONFIRM
sangoma -- freepbx
 
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.2020-03-166.5CVE-2019-19538
MISC
CONFIRM
sapplica -- sentrifugo
 
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.2020-03-134CVE-2020-10218
MISC
EXPLOIT-DB
solarwinds -- serv-u_managed_file_transfer
 
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.2020-03-186.8CVE-2019-12769
MISC
MISC
storagegrid-- storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).2020-03-135CVE-2020-8571
CONFIRM
swisscom -- multiple_products
 
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.2020-03-165CVE-2019-19942
CONFIRM
MISC
sync -- oxygen_xml_editor
 
Oxygen XML Editor 21.1.1 allows XXE to read any file.2020-03-165CVE-2019-20191
MISC
tcpdump -- tcpdump
 
tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization.2020-03-165CVE-2018-19325
MISC
trend_micro -- apex_one
 
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.2020-03-186.5CVE-2020-8468
MISC
MISC
MISC
MISC
trend_micro -- apex_one
 
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.2020-03-186.5CVE-2020-8467
MISC
MISC
typeapp -- typeapp
 
The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.2020-03-184.3CVE-2019-12369
MISC
MISC
MISC
umbraco -- cloud
 
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.2020-03-166.5CVE-2020-9471
MISC
umbraco -- umbraco_cms
 
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.2020-03-164CVE-2020-9472
MISC
unraid -- unraid
 
Unraid 6.8.0 allows authentication bypass.2020-03-165CVE-2020-5849
MISC
MISC
MISC
untis -- webuntis
 
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.2020-03-136.8CVE-2020-10540
MISC
vmware -- harbor_container_registry_for_pivotal_platformCloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.2020-03-206.5CVE-2019-19023
MISC
CONFIRM
vmware -- harbor_container_registry_for_pivotal_platform
 
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.2020-03-204CVE-2019-19026
MISC
MISC
CONFIRM
vmware -- harbor_container_registry_for_pivotal_platform
 
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.2020-03-206.5CVE-2019-19029
MISC
MISC
CONFIRM
vmware -- harbor_container_registry_for_pivotal_platform
 
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.2020-03-206.8CVE-2019-19025
MISC
MISC
CONFIRM
vmware -- multiple_products
 
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.2020-03-164.6CVE-2020-3948
CONFIRM
wagtail-2fa -- wagtail-2fa
 
In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1.2020-03-135.5CVE-2020-5240
MISC
CONFIRM
walmart -- concord
 
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.2020-03-155CVE-2020-10591
MISC
MISC
wordpress -- wordpress
 
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.2020-03-175CVE-2018-18576
MISC
MISC
wordpress -- wordpress
 
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data.2020-03-164CVE-2020-7916
CONFIRM
wordpress -- wordpress
 
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications.2020-03-134.3CVE-2020-10196
MISC
MISC
wordpress -- wordpress
 
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.2020-03-146.8CVE-2020-10568
MISC
MISC
wordpress -- wordpress
 
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.2020-03-136.5CVE-2020-10195
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.2020-03-134.3CVE-2019-13170
MISC
MISC
xerox -- phaser_3320_printers
 
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.2020-03-134.3CVE-2019-13167
MISC
MISC
xerox -- phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.2020-03-135CVE-2019-13166
MISC
MISC
yargs_parser -- yargs_parser 
 
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.2020-03-166.4CVE-2020-7608
MISC
yarnpkg -- yarn
 
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.2020-03-154.3CVE-2019-15608
MISC
MISC
MISC
zoho -- manageengine_applications_manager
 
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.2020-03-135CVE-2019-19799
MISC
CONFIRM
zoho -- manageengine_password_manager_pro
 
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.2020-03-166.8CVE-2020-9346
MISC
MISC
zulip -- zulip_desktop
 
Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.2020-03-184.3CVE-2020-9443
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cpanel -- cpanel
 
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).2020-03-173.5CVE-2019-20497
MISC
cpanel -- cpanel
 
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).2020-03-172.1CVE-2019-20494
MISC
dell -- emc_xtremio_xms
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.2020-03-132.1CVE-2019-18576
MISC
dell -- wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.2020-03-133.5CVE-2019-3769
MISC
dell -- wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.2020-03-133.5CVE-2019-3770
MISC
dolibarr -- dolibarr
 
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.2020-03-163.5CVE-2019-19210
MISC
MISC
MISC
fortinet -- fortiadc
 
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.2020-03-133.5CVE-2019-6699
CONFIRM
fortinet -- fortiweb
 
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.2020-03-173.5CVE-2020-6646
MISC
google -- android
 
In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1438950552020-03-151.9CVE-2019-2088
CONFIRM
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.2020-03-163.6CVE-2019-4617
XF
CONFIRM
ibm -- mq_and_mq_appliance
 
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.2020-03-162.1CVE-2019-4619
XF
CONFIRM
ibm -- mq_and_mq_appliance
 
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.2020-03-162.1CVE-2019-4719
XF
CONFIRM
lenovo -- xclarity_administrator
 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.2020-03-133.6CVE-2019-19756
CONFIRM
libvirt -- libvirt
 
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).2020-03-192.7CVE-2019-20485
MISC
MISC
CONFIRM
MISC
MISC
mcafee -- network_security_manager
 
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.2020-03-183.5CVE-2020-7256
CONFIRM
mcafee -- network_security_manager
 
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.2020-03-183.5CVE-2020-7258
CONFIRM
nagios -- nagios_log_server
 
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.2020-03-163.5CVE-2020-6586
MISC
MISC
MISC
opencart -- opencart
 
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.2020-03-173.5CVE-2020-10596
MISC
pki-core -- pki-core
 
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.2020-03-182.6CVE-2019-10146
CONFIRM
red_hat -- ansible_and_ansible_engine
 
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.2020-03-162.1CVE-2020-1753
CONFIRM
CONFIRM
red_hat -- ansible_engineA flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.2020-03-163.6CVE-2020-1735
CONFIRM
CONFIRM
red_hat -- ansible_engine
 
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.2020-03-161.9CVE-2020-1740
CONFIRM
CONFIRM
red_hat -- ansible_engine
 
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.2020-03-162.1CVE-2020-1736
CONFIRM
CONFIRM
rockwell_automation -- micrologix_1400_controllers_series_b
 
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.2020-03-162.1CVE-2020-6980
MISC
sangoma -- freepbxAn XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.2020-03-163.5CVE-2019-19852
CONFIRM
MISC
sangoma -- freepbxAn XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.2020-03-163.5CVE-2019-19851
CONFIRM
MISC
sangoma -- freepbx
 
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.2020-03-163.5CVE-2019-19615
MISC
CONFIRM
swisscom -- centro_grande_router
 
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.2020-03-163.5CVE-2019-19941
CONFIRM
MISC
team_password_manager -- team_password_manager
 
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title.2020-03-163.5CVE-2019-19461
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info

actionview_gem_for_ruby_on_rails -- actionview_gem_for_ruby_on_rails

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.2020-03-19not yet calculatedCVE-2020-5267
MLIST
MISC
CONFIRM
MLIST
adaware -- adaware_antivirus
 
Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.2020-03-18not yet calculatedCVE-2019-18979
MISC
apache -- deltaspike
 
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.2020-03-19not yet calculatedCVE-2019-12416
MISC
arxes-tolina -- arxes-tolina
 
A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.2020-03-18not yet calculatedCVE-2019-19676
MISC
asus -- multiple_routersAn issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.2020-03-20not yet calculatedCVE-2018-20333
MISC
asus -- multiple_routers
 
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.2020-03-20not yet calculatedCVE-2018-20335
MISC
asus -- multiple_routers
 
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.2020-03-20not yet calculatedCVE-2018-20334
MISC
asustor -- exfat_driver
 
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.2020-03-18not yet calculatedCVE-2019-11689
MISC
MISC
asustor -- exfat_driver
 
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.2020-03-18not yet calculatedCVE-2019-11688
MISC
MISC
atlassian -- atlassian
 
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.2020-03-17not yet calculatedCVE-2019-20105
MISC
MISC
atlassian -- jira_software_and_jira_software_data_center
 
The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.2020-03-17not yet calculatedCVE-2019-20407
N/A
atlassian -- onap
 
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-19not yet calculatedCVE-2019-12128
MISC
atlassian -- onap
 
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-19not yet calculatedCVE-2019-12129
MISC
atlassian -- onap
 
In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.2020-03-19not yet calculatedCVE-2019-12130
MISC

beyondtrust -- privilege_management_for_windows_and_mac

BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.2020-03-18not yet calculatedCVE-2020-9326
CONFIRM
bitcoin -- core
 
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.2020-03-16not yet calculatedCVE-2017-12842
MISC
MISC
MISC
blamer -- blamer
 
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.2020-03-20not yet calculatedCVE-2020-8137
MISC
canon -- oce_colorwave_500_printer
 
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.2020-03-19not yet calculatedCVE-2020-10670
MISC
MISC
canon -- oce_colorwave_500_printer
 
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.2020-03-19not yet calculatedCVE-2020-10669
MISC
FULLDISC
MISC
canon -- oce_colorwave_500_printer
 
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.2020-03-19not yet calculatedCVE-2020-10671
MISC
MISC
canon -- oce_colorwave_500_printer
 
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.2020-03-19not yet calculatedCVE-2020-10668
MISC
FULLDISC
MISC
canon -- oce_colorwave_500_printer
 
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.2020-03-19not yet calculatedCVE-2020-10667
MISC
FULLDISC
MISC
centreon -- centreonCommand Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.2020-03-20not yet calculatedCVE-2019-19487
MISC
centreon -- centreon
 
Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior.2020-03-20not yet calculatedCVE-2019-19484
MISC
centreon -- centreon
 
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.2020-03-20not yet calculatedCVE-2019-19486
MISC
cisco -- sd-wan_solution_software
 
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.2020-03-19not yet calculatedCVE-2020-3266
CISCO
cisco -- sd-wan_solution_software
 
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.2020-03-19not yet calculatedCVE-2020-3265
CISCO
cisco -- sd-wan_solution_software
 
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.2020-03-19not yet calculatedCVE-2020-3264
CISCO
cisco -- sd_wan_vmanage_software
 
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2020-03-19not yet calculatedCVE-2019-16010
CISCO
cisco -- sd_wan_vmanage_software
 
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.2020-03-19not yet calculatedCVE-2019-16012
CISCO
cms_made_simple -- cms_made_simpleThe Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.2020-03-20not yet calculatedCVE-2020-10681
MISC
cms_made_simple -- cms_made_simple
 
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).2020-03-20not yet calculatedCVE-2020-10682
MISC
comba -- ap2600-i_devices
 
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.2020-03-19not yet calculatedCVE-2019-15654
MISC
MISC
comba -- ap2600-i_devices
 
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).2020-03-19not yet calculatedCVE-2019-15653
MISC
MISC
containous -- traefik_and_traefik_enterprise_editionconfigurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.2020-03-16not yet calculatedCVE-2020-9321
MISC
MISC
d-link -- dap-1650_devicesAn issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.2020-03-21not yet calculatedCVE-2019-12767
CONFIRM
d-link -- dsl-2875al_devices
 
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.2020-03-19not yet calculatedCVE-2019-15656
MISC
MISC
d-link -- dsl-2875al_devices
 
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.2020-03-19not yet calculatedCVE-2019-15655
MISC
MISC
das_u-boot -- das_u-boot
 
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.2020-03-19not yet calculatedCVE-2020-10648
MISC
MISC
MISC
dell -- emc_data_protection_advisor
 
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system.2020-03-18not yet calculatedCVE-2019-18582
MISC
dell -- emc_data_protection_advisor
 
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.2020-03-18not yet calculatedCVE-2019-18581
MISC
dell -- emc_data_protection_central
 
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.2020-03-18not yet calculatedCVE-2019-3762
MISC
docker -- docker_desktop
 
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.2020-03-18not yet calculatedCVE-2020-10665
MISC
MISC
easybuild -- easybuild
 
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.2020-03-19not yet calculatedCVE-2020-5262
MISC
MISC
CONFIRM
entrust -- entelligence_security_provider
 
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.2020-03-18not yet calculatedCVE-2020-10659
MISC
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).2020-03-18not yet calculatedCVE-2020-10673
MISC
MLIST
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).2020-03-18not yet calculatedCVE-2020-10672
MISC
MLIST
MISC
fastify -- fastify-multipartPrototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.2020-03-20not yet calculatedCVE-2020-8136
MISC
fortinet --fortibalancer
 
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.2020-03-19not yet calculatedCVE-2014-2723
CONFIRM
fortinet --fortibalancer
 
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.2020-03-19not yet calculatedCVE-2014-2722
CONFIRM
fortinet --fortibalancer
 
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.2020-03-19not yet calculatedCVE-2014-2721
CONFIRM
foxit -- studio_photoThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.2020-03-20not yet calculatedCVE-2020-8881
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.2020-03-20not yet calculatedCVE-2020-8878
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811.2020-03-20not yet calculatedCVE-2020-8882
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880.2020-03-20not yet calculatedCVE-2020-8883
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624.2020-03-20not yet calculatedCVE-2020-8877
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773.2020-03-20not yet calculatedCVE-2020-8880
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626.2020-03-20not yet calculatedCVE-2020-8879
MISC
MISC
frappe -- frappe
 
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.2020-03-18not yet calculatedCVE-2019-20529
MISC
MISC
freeradius -- freeradius
 
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.2020-03-21not yet calculatedCVE-2019-17185
MISC
CONFIRM
ghost -- ghost_cms
 
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.2020-03-20not yet calculatedCVE-2020-8134
MISC
gnupg -- gnupg
 
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.2020-03-20not yet calculatedCVE-2019-14855
CONFIRM
MISC
MISC
MISC
hancom -- hancom_office
 
The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file.2020-03-19not yet calculatedCVE-2019-16338
MISC
MISC
hancom -- hancom_office
 
The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.2020-03-19not yet calculatedCVE-2019-16337
MISC
MISC
homee -- brain_cube
 
The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface.2020-03-20not yet calculatedCVE-2019-16258
MISC
MISC
huawei -- campusinsight_and_manageoneThere is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.2020-03-20not yet calculatedCVE-2020-1862
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-20not yet calculatedCVE-2020-1796
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-20not yet calculatedCVE-2020-1793
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-20not yet calculatedCVE-2020-1795
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

 

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).2020-03-20not yet calculatedCVE-2020-1794
MISC

huawei -- multiple_products

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3).2020-03-20not yet calculatedCVE-2020-1879
MISC
huawei -- oxfords-an00a_smartphone
 
Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.2020-03-20not yet calculatedCVE-2020-1878
MISC
huawei -- secocspace_antiddos8000
 
Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.2020-03-20not yet calculatedCVE-2020-1864
MISC
inextrix -- astpp
 
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.2020-03-20not yet calculatedCVE-2019-15075
MISC
insulet -- omnipod_insulet_management_system
 
The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.2020-03-20not yet calculatedCVE-2020-10597
MISC
it-novum -- openitcockpit
 
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.2020-03-20not yet calculatedCVE-2020-10792
MISC
ivanti -- workspace_control
 
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.2020-03-19not yet calculatedCVE-2019-16382
CONFIRM
MISC
jfrog -- artifactory
 
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."2020-03-16not yet calculatedCVE-2019-19937
MISC
MISC
MISC
jsonparser -- jsonparser
 
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.2020-03-19not yet calculatedCVE-2020-10675
MISC
liferay -- liferay_portal
 
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).2020-03-20not yet calculatedCVE-2020-7961
MISC
CONFIRM
linbit -- csync2
 
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.2020-03-20not yet calculatedCVE-2019-15522
MISC
lix-pm -- lix
 
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.2020-03-21not yet calculatedCVE-2020-10800
MISC
logicaldoc -- logicaldocLogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database.2020-03-18not yet calculatedCVE-2020-10365
MISC
mantisbt -- mantisbt
 
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.2020-03-19not yet calculatedCVE-2019-15539
CONFIRM
MISC
marketplace_expert_sl -- subversion_alm_for_enterprise
 
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.2020-03-20not yet calculatedCVE-2020-9344
MISC
MISC
mediawiki -- mediawikiIn the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.2020-03-19not yet calculatedCVE-2019-15124
MISC
mediawiki -- mediawiki
 
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.2020-03-19not yet calculatedCVE-2019-16529
CONFIRM
MISC
mediawiki -- mediawiki
 
An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33.2020-03-20not yet calculatedCVE-2019-16528
MISC
MISC
MISC
MISC
moodle -- moodle
 
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.2020-03-18not yet calculatedCVE-2019-14883
CONFIRM
CONFIRM
netsas -- enigma_network_management_solutionNETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.2020-03-19not yet calculatedCVE-2019-16067
MISC
netsas -- enigma_network_management_solutionNETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance.2020-03-19not yet calculatedCVE-2019-16064
MISC
netsas -- enigma_network_management_solution
 
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data.2020-03-19not yet calculatedCVE-2019-16063
MISC
netsas -- enigma_network_management_solution
 
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system.2020-03-19not yet calculatedCVE-2019-16061
MISC
netsas -- enigma_network_management_solution
 
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.2020-03-19not yet calculatedCVE-2019-16065
MISC
netsas -- enigma_network_management_solution
 
An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system.2020-03-19not yet calculatedCVE-2019-16066
MISC
netsas -- enigma_network_management_solution
 
Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator.2020-03-20not yet calculatedCVE-2019-16071
MISC
netsas -- enigma_network_management_solution
 
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.2020-03-19not yet calculatedCVE-2019-16068
MISC
netsas -- enigma_network_management_solution
 
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.2020-03-20not yet calculatedCVE-2019-16072
MISC

newlib -- newlib

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.2020-03-19not yet calculatedCVE-2019-14872
CONFIRM
newlib -- newlib
 
The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).2020-03-18not yet calculatedCVE-2019-14871
CONFIRM
newlib -- newlib
 
In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14874
CONFIRM
newlib -- newlib
 
In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14876
CONFIRM
newlib -- newlib
 
In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14878
CONFIRM
newlib -- newlib
 
In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14875
CONFIRM
newlib -- newlib
 
In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14877
CONFIRM
newlib -- newlib
 
In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.2020-03-19not yet calculatedCVE-2019-14873
CONFIRM
nextcloud -- nextcloud_desktop_clientA code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.2020-03-20not yet calculatedCVE-2020-8140
MISC
CONFIRM
nextcloud -- nextcloud_server
 
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.2020-03-20not yet calculatedCVE-2020-8139
MISC
CONFIRM
nextcloud -- nextcloud_server
 
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.2020-03-20not yet calculatedCVE-2020-8138
MISC
CONFIRM
octopus -- deploy
 
In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.2020-03-19not yet calculatedCVE-2020-10678
MISC
openwrt_project -- openwrt
 
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).2020-03-16not yet calculatedCVE-2020-7982
MISC
CONFIRM
otrs -- open_ticket_request_systemAn issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.2020-03-19not yet calculatedCVE-2019-16375
MISC
CONFIRM
ovirt -- engine
 
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.2020-03-19not yet calculatedCVE-2019-19336
CONFIRM
paessler -- prtg_network_monitorA Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.2020-03-16not yet calculatedCVE-2019-11073
MISC
MISC
MISC
paessler -- prtg_network_monitor
 
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.2020-03-17not yet calculatedCVE-2019-11074
MISC
MISC
MISC
phpbb -- phpbb
 
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.2020-03-20not yet calculatedCVE-2019-16108
CONFIRM
pki-core -- pki-core
 
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.2020-03-20not yet calculatedCVE-2019-10179
CONFIRM
pki-core -- pki-core
 
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.2020-03-20not yet calculatedCVE-2020-1696
CONFIRM
pki-core -- pki-core
 
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.2020-03-20not yet calculatedCVE-2019-10221
CONFIRM
pki-tps --pki-tps
 
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.2020-03-18not yet calculatedCVE-2019-10178
CONFIRM
postgresql -- postgresqlA flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.2020-03-17not yet calculatedCVE-2020-1720
CONFIRM
MISC
python -- python
 
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.2020-03-20not yet calculatedCVE-2020-10799
MISC
rainloop -- webmail
 
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.2020-03-20not yet calculatedCVE-2019-13389
MISC
rconfig -- rconfig
 
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.2020-03-20not yet calculatedCVE-2020-9425
MISC
CONFIRM
red_hat -- openshift
 
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.2020-03-18not yet calculatedCVE-2019-19335
CONFIRM
red_hat -- openshift/postgresql-apbA vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-20not yet calculatedCVE-2020-1707
CONFIRM
red_hat -- openshift/template-service-broker-operator
 
A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-19not yet calculatedCVE-2020-1705
CONFIRM
red_hat -- openshift_container_platform
 
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.2020-03-18not yet calculatedCVE-2019-19355
CONFIRM
red_hat -- openshift_container_platform
 
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-20not yet calculatedCVE-2019-19345
CONFIRM
red_hat -- openshift_container_platform
 
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.2020-03-20not yet calculatedCVE-2020-1709
CONFIRM
rivet_networks -- killer_control_center
 
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges.2020-03-20not yet calculatedCVE-2019-15661
MISC
CONFIRM
MISC
rivet_networks -- killer_control_center
 
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.2020-03-20not yet calculatedCVE-2019-15662
MISC
CONFIRM
MISC
rivet_networks -- killer_control_center
 
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2).2020-03-20not yet calculatedCVE-2019-15663
MISC
CONFIRM
MISC
rivet_networks -- killer_control_center
 
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges.2020-03-20not yet calculatedCVE-2019-15665
MISC
CONFIRM
MISC
rivet_networks -- killer_control_center
 
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2).2020-03-20not yet calculatedCVE-2019-15664
MISC
CONFIRM
MISC
salesagility -- suitecrmSuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.2020-03-20not yet calculatedCVE-2019-18785
CONFIRM
CONFIRM
salesagility -- suitecrm
 
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.2020-03-20not yet calculatedCVE-2019-18782
CONFIRM
CONFIRM
signotec -- signopad-api/web
 
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.2020-03-20not yet calculatedCVE-2020-9343
MISC
signotec -- signopad-api/web
 
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.2020-03-20not yet calculatedCVE-2020-9345
MISC
simple_machines -- simple_machines_forum
 
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.2020-03-20not yet calculatedCVE-2019-11574
MISC
MISC
spark_development_network -- rock_rmsRock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.2020-03-20not yet calculatedCVE-2019-18641
CONFIRM
MISC
squid -- squidSquid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.2020-03-20not yet calculatedCVE-2019-18860
CONFIRM
MISC
swann -- multiple_devices
 
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.2020-03-21not yet calculatedCVE-2013-7487
MISC
synacor -- zimbra_zm-mailbox
 
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.2020-03-20not yet calculatedCVE-2020-10194
MISC
MISC
CONFIRM
systech_corporation -- nds5000_terminal_server
 
Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.2020-03-19not yet calculatedCVE-2020-7006
MISC
tellabs -- optical_line_terminal_1150_devices
 
Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH.2020-03-20not yet calculatedCVE-2019-19148
MISC
tesla -- tesla_model_3_vehicles
 
The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.2020-03-20not yet calculatedCVE-2020-10558
MISC
transloadit -- uppy
 
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.2020-03-20not yet calculatedCVE-2020-8135
MISC
univalue -- univalue
 
UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.2020-03-21not yet calculatedCVE-2019-18936
MISC
MISC
vmware -- multiple_products
 
VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.2020-03-17not yet calculatedCVE-2020-3951
MISC
vmware -- multiple_products
 
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.2020-03-17not yet calculatedCVE-2020-3950
MISC
MISC
wordpress -- wordpress
 
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.2020-03-20not yet calculatedCVE-2019-13463
MISC
MISC
wordpress -- wordpress
 
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.2020-03-20not yet calculatedCVE-2019-12498
CONFIRM
CONFIRM
MISC
xmidt -- cjwt
 
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.2020-03-20not yet calculatedCVE-2019-19324
MISC
MISC
zoho -- manageengine_remote_access_plus
 
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.2020-03-19not yet calculatedCVE-2019-11361
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.