US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 1 óra 4 perc
2020. március 30.

Vulnerability Summary for the Week of March 23, 2020

Original release date: March 30, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3797
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3793
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 10 CVE-2020-3805
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3795
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3799
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3807
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3801
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 7.5 CVE-2020-3792
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3787
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3775
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3785
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3788
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3784
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3783
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3789
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 7.5 CVE-2020-3786
CONFIRM apache -- traffic_server There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. 2020-03-23 7.5 CVE-2019-17559
MISC apache -- traffic_server There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. 2020-03-23 7.5 CVE-2019-17565
MISC apache -- traffic_server There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. 2020-03-23 7.5 CVE-2020-1944
MISC asus -- asuswrt An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. 2020-03-20 7.8 CVE-2018-20335
MISC asus -- asuswrt An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. 2020-03-20 10 CVE-2018-20334
MISC autoupdater.net -- autoupdater.net AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. 2020-03-23 7.5 CVE-2019-20627
MISC
MISC blamer -- blamer Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. 2020-03-20 7.5 CVE-2020-8137
MISC cutephp -- cutenews CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. 2020-03-25 9 CVE-2020-5558
MISC d-link -- dap-1650_devices An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. 2020-03-21 7.5 CVE-2019-12767
CONFIRM d-link -- multiple_routers This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. 2020-03-23 8.3 CVE-2020-8864
MISC
MISC d-link -- multiple_routers This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. 2020-03-23 8.3 CVE-2020-8863
MISC
MISC ekakin -- shihonkanri_plus_goout Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2020-03-25 10 CVE-2020-5556
MISC ez_platform -- ez_publish_kernel eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. 2020-03-22 7.5 CVE-2020-10806
MISC google -- chrome Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6428
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6427
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6424
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6449
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6422
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 9.3 CVE-2020-6429
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN grandstream -- ucm6200_series_devices The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. 2020-03-23 10 CVE-2020-5722
MISC
MISC graphicsmagick -- graphicsmagick GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. 2020-03-24 7.5 CVE-2020-10938
MISC homee -- brain_cube The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. 2020-03-20 7.2 CVE-2019-16258
MISC
MISC it-novum -- openitcockpit openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. 2020-03-25 10 CVE-2020-10789
MISC
CONFIRM keijiban_tsumiki_project -- keijiban_tsumiki Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2020-03-25 10 CVE-2020-5561
MISC keitai-site.net -- maliform mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. 2020-03-25 10 CVE-2020-5553
MISC liferay -- liferay_portal Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). 2020-03-20 7.5 CVE-2020-7961
MISC
CONFIRM linbit -- csync2 An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. 2020-03-20 7.5 CVE-2019-15522
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. 2020-03-24 10 CVE-2020-7007
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. 2020-03-24 10 CVE-2020-6981
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. 2020-03-24 10 CVE-2020-6985
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. 2020-03-24 7.5 CVE-2020-6989
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. 2020-03-24 7.5 CVE-2020-6995
MISC naver -- cloud_explorer Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. 2020-03-23 7.5 CVE-2020-9752
CONFIRM netsas -- eigma_network_management_solution An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. 2020-03-20 10 CVE-2019-16072
MISC parallels -- parallels_desktop
  This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10028. 2020-03-23 7.2 CVE-2020-8875
MISC quest -- foglight_evolve
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. 2020-03-23 10 CVE-2020-8868
MISC
MISC rconfig-- rconfig rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. 2020-03-23 7.5 CVE-2020-10879
MISC
EXPLOIT-DB rivet_networks -- killer_control_center An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges. 2020-03-20 9 CVE-2019-15665
MISC
CONFIRM
MISC rivet_networks -- killer_control_center An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges. 2020-03-20 9 CVE-2019-15661
MISC
CONFIRM
MISC rockwell_automation -- factorytalk_diagnostics In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. 2020-03-23 10 CVE-2020-6967
MISC s9y -- serendipity Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. 2020-03-25 7.5 CVE-2020-10964
MISC
MISC samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019). 2020-03-24 7.5 CVE-2019-20561
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019). 2020-03-24 10 CVE-2019-20622
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The BIOSUB Trustlet has an out of bounds write. The Samsung ID is SVE-2019-15261 (October 2019). 2020-03-24 7.5 CVE-2019-20560
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020). 2020-03-24 7.5 CVE-2020-10836
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019). 2020-03-24 10 CVE-2019-20583
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019). 2020-03-24 7.5 CVE-2019-20571
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019). 2020-03-24 7.5 CVE-2019-20558
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019). 2020-03-24 7.5 CVE-2019-20582
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019). 2020-03-24 7.5 CVE-2019-20562
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019). 2020-03-24 7.5 CVE-2019-20556
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019). 2020-03-24 7.5 CVE-2019-20553
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019). 2020-03-24 7.5 CVE-2019-20578
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019). 2020-03-24 10 CVE-2019-20584
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020). 2020-03-24 10 CVE-2020-10848
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019). 2020-03-24 10 CVE-2019-20585
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019). 2020-03-24 7.5 CVE-2019-20567
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019). 2020-03-24 7.5 CVE-2019-20572
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019). 2020-03-24 10 CVE-2019-20621
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019). 2020-03-24 10 CVE-2019-20545
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019). 2020-03-24 7.5 CVE-2019-20566
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019). 2020-03-24 10 CVE-2019-20586
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019). 2020-03-24 10 CVE-2019-20587
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019). 2020-03-24 7.5 CVE-2019-20581
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020). 2020-03-24 10 CVE-2020-10835
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November 2019). 2020-03-24 10 CVE-2019-20537
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020). 2020-03-24 10 CVE-2020-10837
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019). 2020-03-24 7.5 CVE-2019-20563
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019). 2020-03-24 7.5 CVE-2019-20530
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). 2020-03-24 7.5 CVE-2019-20536
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019). 2020-03-24 7.5 CVE-2019-20548
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019). 2020-03-24 7.5 CVE-2019-20544
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020). 2020-03-24 10 CVE-2020-10850
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019). 2020-03-24 7.5 CVE-2019-20549
CONFIRM schneider_electric -- andover_continuum_controllers A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. 2020-03-23 7.5 CVE-2020-7480
MISC

schneider_electric -- multiple_products

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. 2020-03-23 7.5 CVE-2020-7475
MISC simple_machines -- simple_machines_forum An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. 2020-03-20 7.5 CVE-2019-11574
MISC
MISC spark_development_network -- rock_rms Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. 2020-03-20 7.5 CVE-2019-18641
CONFIRM
MISC svglib--svglib The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. 2020-03-20 7.5 CVE-2020-10799
MISC tellabs -- optical_line_terminal_1150_devices Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. 2020-03-20 10 CVE-2019-19148
MISC tesla -- tesla_model_3_vehicles The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. 2020-03-20 7.1 CVE-2020-10558
MISC uppy -- uppy The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems. 2020-03-20 7.5 CVE-2020-8135
MISC vesta -- vesta_control_panel Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. 2020-03-22 9 CVE-2020-10808
MISC
MISC
MISC videolabs -- libmicrodns An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. 2020-03-24 7.5 CVE-2020-6072
MISC weechat -- weechat An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. 2020-03-23 7.5 CVE-2020-9760
MISC
MLIST
GENTOO
MISC wonderlink -- wl-enq WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. 2020-03-25 10 CVE-2020-5560
MISC wordpress -- wordpress An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. 2020-03-23 7.5 CVE-2020-9392
MISC wordpress -- wordpress The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. 2020-03-20 7.5 CVE-2019-12498
CONFIRM
CONFIRM
MISC zendto -- zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests. 2020-03-24 7.5 CVE-2020-8986
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info acyba -- acymailing Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. 2020-03-24 6.5 CVE-2020-10934
MISC adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . 2020-03-25 5 CVE-2020-3800
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . 2020-03-25 6.8 CVE-2020-3802
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-03-25 5 CVE-2020-3804
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . 2020-03-25 5 CVE-2020-3806
CONFIRM adobe -- acrobat_and_reader Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. 2020-03-25 4.4 CVE-2020-3803
CONFIRM adobe -- bridge Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-9552
CONFIRM adobe -- bridge Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-9551
CONFIRM adobe -- creative_cloud_desktop_application Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. 2020-03-25 5.8 CVE-2020-3808
CONFIRM adobe -- experience_manager Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. 2020-03-25 5 CVE-2020-3769
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3780
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 5 CVE-2020-3777
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 4.3 CVE-2020-3778
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 4.3 CVE-2020-3771
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 4.3 CVE-2020-3782
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 4.3 CVE-2020-3781
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3773
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3790
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2020-03-25 4.3 CVE-2020-3791
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3776
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3774
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3772
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3770
CONFIRM adobe -- photoshop_cc_2019_and_2020 Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 2020-03-25 6.8 CVE-2020-3779
CONFIRM apache -- tika A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. 2020-03-23 4.3 CVE-2020-1950
CONFIRM
MLIST apache -- tika A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. 2020-03-23 4.3 CVE-2020-1951
MISC
MLIST arm -- mbed_tls Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. 2020-03-24 4.3 CVE-2020-10941
MISC artica -- artica_proxy Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. 2020-03-22 6.5 CVE-2020-10818
MISC artica -- pandora_fms Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. 2020-03-23 6.5 CVE-2020-7935
MISC artica -- pandora_fms In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. 2020-03-23 5 CVE-2020-8497
MISC artica -- pandora_fms In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. 2020-03-23 6.5 CVE-2020-8511
MISC asus -- asuswrt An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. 2020-03-20 5 CVE-2018-20333
MISC auto-maskin -- multiple_devices In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. 2020-03-23 6.4 CVE-2019-6560
MISC auto-maskin -- multiple_products In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. 2020-03-23 5 CVE-2019-6558
MISC centreon -- centreon Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. 2020-03-20 6.5 CVE-2019-19487
MISC centreon -- centreon Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. 2020-03-20 4 CVE-2019-19486
MISC centreon -- centreon Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. 2020-03-20 5.8 CVE-2019-19484
MISC cmsmadesimple -- cms_made_simple The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). 2020-03-20 6.8 CVE-2020-10682
MISC cutephp -- cutenews Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-03-25 4.3 CVE-2020-5557
MISC druva -- insync_client Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. 2020-03-24 4.6 CVE-2019-4001
MISC eaton -- ups_companion_software UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.&#x201D;eval&#x201D; in &#x201C;Update Manager&#x201D; class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. 2020-03-23 5.8 CVE-2020-6650
MISC ekakin -- shihonkanri_plus_goout Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. 2020-03-25 6.4 CVE-2020-5555
MISC ekakin -- shihonkanri_plus_goout Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. 2020-03-25 6.4 CVE-2020-5554
MISC elog -- electronic_logbook This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115. 2020-03-23 5 CVE-2020-8859
MISC
MISC fastify -- fastify-multipart Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. 2020-03-20 5 CVE-2020-8136
MISC foxit -- studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. 2020-03-20 6.8 CVE-2020-8881
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625. 2020-03-20 6.8 CVE-2020-8878
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. 2020-03-20 4.3 CVE-2020-8877
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. 2020-03-20 6.8 CVE-2020-8880
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. 2020-03-20 4.3 CVE-2020-8879
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880. 2020-03-20 4.3 CVE-2020-8883
MISC
MISC foxit -- studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811. 2020-03-20 6.8 CVE-2020-8882
MISC
MISC freeradius -- freeradius In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. 2020-03-21 5 CVE-2019-17185
MISC
CONFIRM frozennode -- laravel_administrator FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. 2020-03-25 6.5 CVE-2020-10963
MISC ghost -- ghost_cms Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. 2020-03-20 5.5 CVE-2020-8134
MISC gnupg -- gnupg A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. 2020-03-20 5 CVE-2019-14855
CONFIRM
MISC
MISC
MISC google -- chrome Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-03-23 4.3 CVE-2020-6426
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. 2020-03-23 5.8 CVE-2020-6425
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN google -- chrome Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2020-03-23 6.8 CVE-2020-6420
MISC
MISC
FEDORA gpac -- gpac An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. 2020-03-24 4.3 CVE-2019-20632
MISC gpac -- gpac An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. 2020-03-24 4.3 CVE-2019-20631
MISC gpac -- gpac An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. 2020-03-24 4.3 CVE-2019-20630
MISC
MISC gpac -- gpac An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. 2020-03-24 4.3 CVE-2019-20629
MISC
MISC gpac -- gpac An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. 2020-03-24 4.3 CVE-2019-20628
MISC
MISC
MISC hashicorp -- vault_and_vault_enterprise HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. 2020-03-23 5.8 CVE-2020-10661
CONFIRM
MISC hdf_group -- hdf5 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. 2020-03-22 4.3 CVE-2020-10811
MISC
MISC
MISC hdf_group -- hdf5 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. 2020-03-22 4.3 CVE-2020-10809
MISC
MISC
MISC hdf_group -- hdf5 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. 2020-03-22 4.3 CVE-2020-10810
MISC
MISC
MISC hdf_group -- hdf5 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. 2020-03-22 5 CVE-2020-10812
MISC
MISC
MISC honeywell -- notifier_web_server In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. 2020-03-24 6.4 CVE-2020-6972
MISC honeywell -- win-pak_devices In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. 2020-03-24 6.4 CVE-2020-6978
MISC honeywell -- win-pak_devices In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. 2020-03-24 5.8 CVE-2020-6982
MISC honeywell -- win-pak_devices In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. 2020-03-24 6.8 CVE-2020-7005
MISC horde -- groupware_webmail_edition This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125. 2020-03-23 4 CVE-2020-8866
MLIST
MISC
MISC horde -- groupware_webmail_edition This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469. 2020-03-23 6.5 CVE-2020-8865
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). 2020-03-20 4.6 CVE-2020-1796
MISC huawei -- secospace_antiddos8000_versions Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. 2020-03-20 6.8 CVE-2020-1864
MISC ibm -- api_connect IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. 2020-03-24 5 CVE-2019-4553
XF
CONFIRM ibm -- content_navigator IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. 2020-03-24 5 CVE-2020-4309
XF
CONFIRM ibm -- content_navigator IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. 2020-03-24 6.5 CVE-2020-4253
XF
CONFIRM ibm -- tivoli_netcool_impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. 2020-03-24 4.3 CVE-2019-4681
XF
CONFIRM inextrix_technologies -- astpp An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. 2020-03-20 5 CVE-2019-15075
MISC insulet -- omnipod_insulin_management_system The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. 2020-03-20 4.6 CVE-2020-10597
MISC it-novum -- openitcockpit openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. 2020-03-20 5 CVE-2020-10792
MISC
CONFIRM it-novum -- openitcockpit app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. 2020-03-25 4 CVE-2020-10791
MISC
CONFIRM jenkins -- jenkins Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 2020-03-25 5 CVE-2020-2165
MLIST
CONFIRM jenkins -- jenkins A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. 2020-03-25 4.3 CVE-2020-2169
MLIST
CONFIRM jenkins -- jenkins Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. 2020-03-25 4 CVE-2020-2164
MLIST
CONFIRM kde -- okular KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. 2020-03-24 6.8 CVE-2020-9359
CONFIRM
CONFIRM
MLIST
FEDORA keitai-site.net -- mailform Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-03-25 4.3 CVE-2020-5552
MISC linux -- linux_kernel In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. 2020-03-24 4.9 CVE-2020-10942
MISC
MISC
MISC lix-pm -- lix lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field. 2020-03-21 6.8 CVE-2020-10800
MISC marketplace_expert -- subversion_alm Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. 2020-03-20 4.3 CVE-2020-9344
MISC
MISC mediawiki -- mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. 2020-03-20 5 CVE-2019-16528
MISC
MISC
MISC
MISC memcached -- memcached Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. 2020-03-24 5 CVE-2020-10931
MISC
MISC
MISC mikrotik -- multiple_routers The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. 2020-03-23 5 CVE-2020-10364
MISC
MISC mitre -- caldera auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. 2020-03-22 5 CVE-2020-10807
MISC
MISC
MISC
MISC motorola -- fx9500_devices Motorola FX9500 devices allow remote attackers to read database files. 2020-03-23 5 CVE-2020-10874
MISC motorola -- fx9500_devices Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. 2020-03-23 5 CVE-2020-10875
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. 2020-03-24 5 CVE-2020-6979
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. 2020-03-24 5 CVE-2020-7001
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. 2020-03-24 5 CVE-2020-6991
MISC moxa -- eds-g516e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. 2020-03-24 5 CVE-2020-6997
MISC

moxa -- iologik_2500_series_controllers_and_ioexpress_configuration_utility

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. 2020-03-24 5 CVE-2019-18242
MISC

moxa -- iologik_2500_series_controllers_and_ioxpres_configuration_utility

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. 2020-03-24 5 CVE-2020-7003
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. 2020-03-24 5 CVE-2020-6983
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. 2020-03-24 5 CVE-2020-6987
MISC moxa -- pt-7528_series_devices In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. 2020-03-24 5 CVE-2020-6993
MISC mozilla -- bleach In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. 2020-03-24 4.3 CVE-2020-6816
MISC mozilla -- bleach In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. 2020-03-24 4.3 CVE-2020-6802
MISC mozilla -- firefox When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. 2020-03-25 4.3 CVE-2020-6808
MISC
MISC mozilla -- thunderbird_and_firefox_and_firefox_esr When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 6.8 CVE-2020-6805
MISC
MISC
MISC
MISC mozilla -- thunderbird_and_firefox_and_firefox_esr When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 6.8 CVE-2020-6807
MISC
MISC
MISC
MISC mozilla -- thunderbird_and_firefox_and_firefox_esr By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 6.8 CVE-2020-6806
MISC
MISC
MISC
MISC netgear -- gs728tps_devices On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. 2020-03-23 4 CVE-2019-19964
CONFIRM netgear -- multiple_prosafe_devices NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. 2020-03-23 6.5 CVE-2016-11022
MISC
MISC
MISC netsas -- enigma_network_management_solution Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator. 2020-03-20 6.5 CVE-2019-16071
MISC nextcloud -- nextcloud_desktop_client A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. 2020-03-20 4.6 CVE-2020-8140
MISC
CONFIRM nextcloud -- nextcloud_server A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. 2020-03-20 4 CVE-2020-8139
MISC
CONFIRM nextcloud -- nextcloud_server A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. 2020-03-20 4 CVE-2020-8138
MISC
CONFIRM parallells -- parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032. 2020-03-23 4.6 CVE-2020-8874
MISC parallells -- parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031. 2020-03-23 4.6 CVE-2020-8873
MISC parallells -- parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403. 2020-03-23 4.6 CVE-2020-8871
MISC phpbb -- phpbb phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. 2020-03-20 5 CVE-2019-16108
CONFIRM phpmyadmin -- phpmyadmin In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). 2020-03-22 6 CVE-2020-10804
SUSE
MISC phpmyadmin -- phpmyadmin In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. 2020-03-22 6 CVE-2020-10802
SUSE
MLIST
MISC pki-core -- pki-core A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. 2020-03-20 4.3 CVE-2019-10221
CONFIRM pki-core -- pki-core A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. 2020-03-20 4.3 CVE-2019-10179
CONFIRM rainloop -- webmail RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. 2020-03-20 4.3 CVE-2019-13389
MISC rconfig -- rconfig An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. 2020-03-20 5 CVE-2020-9425
MISC
CONFIRM red_hat -- jboss_keycloak A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. 2020-03-24 5 CVE-2020-1744
CONFIRM
CONFIRM red_hat -- openshift/mediawiki A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-03-20 4.6 CVE-2020-1709
CONFIRM red_hat -- openshift/mediawiki-apb A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-03-20 4.6 CVE-2019-19345
CONFIRM red_hat -- openshift/postgresql-apb A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. 2020-03-20 4.4 CVE-2020-1707
CONFIRM rivet_networks -- killer_control_center An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2). 2020-03-20 4 CVE-2019-15663
MISC
CONFIRM
MISC rivet_networks -- killer_control_center An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2). 2020-03-20 4 CVE-2019-15664
MISC
CONFIRM
MISC rivet_networks -- killer_control_center An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges. 2020-03-20 4 CVE-2019-15662
MISC
CONFIRM
MISC salesagility -- suitecrm SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. 2020-03-20 5 CVE-2019-18785
CONFIRM
CONFIRM salesagility -- suitecrm SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. 2020-03-20 5 CVE-2019-18782
CONFIRM
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019). 2020-03-24 5 CVE-2019-20619
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019). 2020-03-24 5 CVE-2019-20612
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). 2020-03-24 5 CVE-2020-10854
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020). 2020-03-24 4.6 CVE-2020-10829
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). 2020-03-24 5 CVE-2020-10849
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). 2020-03-24 5 CVE-2019-20555
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). 2020-03-24 5 CVE-2020-10834
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019). 2020-03-24 5 CVE-2019-20564
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019). 2020-03-24 5 CVE-2019-20618
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). 2020-03-24 5 CVE-2019-20616
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). 2020-03-24 5 CVE-2020-10831
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020). 2020-03-24 4.6 CVE-2020-10841
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). 2020-03-24 5 CVE-2020-10853
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019). 2020-03-24 5 CVE-2019-20602
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019). 2020-03-24 4.6 CVE-2019-20594
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). 2020-03-24 4.6 CVE-2019-20574
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). 2020-03-24 4.6 CVE-2019-20573
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019). 2020-03-24 4.6 CVE-2019-20542
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019). 2020-03-24 5 CVE-2019-20603
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). 2020-03-24 4.8 CVE-2019-20575
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. There is a heap overflow in the knox_kap driver. The Samsung ID is SVE-2019-14857 (November 2019). 2020-03-24 4.6 CVE-2019-20538
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). 2020-03-24 5 CVE-2019-20599
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020). 2020-03-24 4.6 CVE-2020-10838
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020). 2020-03-24 4.6 CVE-2020-10852
MISC samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019). 2020-03-24 5 CVE-2019-20570
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019). 2020-03-24 6.4 CVE-2019-20596
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019). 2020-03-24 5 CVE-2019-20551
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019). 2020-03-24 5 CVE-2019-20552
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020). 2020-03-24 4.6 CVE-2020-10842
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020). 2020-03-24 4.6 CVE-2020-10851
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019). 2020-03-24 6.4 CVE-2019-20597
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020). 2020-03-24 4.4 CVE-2020-10843
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020). 2020-03-24 4.4 CVE-2020-10845
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019). 2020-03-24 5 CVE-2019-20617
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020). 2020-03-24 6.4 CVE-2020-10844
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). 2020-03-24 4.6 CVE-2020-10839
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). 2020-03-24 5 CVE-2019-20624
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019). 2020-03-24 5 CVE-2019-20547
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020). 2020-03-24 4.6 CVE-2020-10832
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019). 2020-03-24 6.8 CVE-2019-20568
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). 2020-03-24 5 CVE-2019-20565
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019). 2020-03-24 5 CVE-2019-20620
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019). 2020-03-24 5 CVE-2019-20539
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019). 2020-03-24 5 CVE-2019-20532
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020). 2020-03-24 5 CVE-2020-10833
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). 2020-03-24 5 CVE-2019-20601
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019). 2020-03-24 4.6 CVE-2019-20541
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). 2020-03-24 5 CVE-2019-20614
CONFIRM schneider_electric -- andover_continuum_controllers A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server. 2020-03-23 4.3 CVE-2020-7482
MISC schneider_electric -- andover_continuum_controllers A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. 2020-03-23 4.3 CVE-2020-7481
MISC schneider_electric -- interactive_graphical_scada_system A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. 2020-03-23 5 CVE-2020-7478
MISC schneider_electric -- interactive_graphical_scada_system A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. 2020-03-23 4.6 CVE-2020-7479
MISC schneider_electric -- multiple_devices A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus. 2020-03-23 5 CVE-2020-7477
MISC schneider_electric -- pmepxm0100_devices A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. 2020-03-23 4.4 CVE-2020-7474
MISC schneider_electric -- zigbee_installation_kit A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. 2020-03-23 4.4 CVE-2020-7476
MISC signotec -- signopad-api/web An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. 2020-03-20 4.3 CVE-2020-9343
MISC signotec -- signopad-api/web An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. 2020-03-20 4.3 CVE-2020-9345
MISC squid -- squid Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. 2020-03-20 4.3 CVE-2019-18860
CONFIRM
MISC sustainsys -- saml2 Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use. 2020-03-25 4.9 CVE-2020-5261
MISC
MISC
CONFIRM swann -- multiple_dvr_devices On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to &#x201C;system&#x201D;, which allows remote attackers to execute arbitrary code via TCP port 9000. 2020-03-21 6.8 CVE-2013-7487
MISC synacor -- zimbra_zm-mailbox cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. 2020-03-20 4 CVE-2020-10194
MISC
MISC
CONFIRM tor_project -- tor Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. 2020-03-23 5 CVE-2020-10593
SUSE
GENTOO
MISC tor_project -- tor Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. 2020-03-23 5 CVE-2020-10592
SUSE
GENTOO
MISC univalue -- univalue UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. 2020-03-21 5 CVE-2019-18936
MISC
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. 2020-03-24 5 CVE-2020-6078
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. 2020-03-24 5 CVE-2020-6080
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. 2020-03-24 5 CVE-2020-6079
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 2020-03-24 5 CVE-2020-6073
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 2020-03-24 5 CVE-2020-6071
MISC videolabs -- libmicrodns An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 2020-03-24 5 CVE-2020-6077
MISC wago -- pfc200_devices An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. 2020-03-23 4.6 CVE-2019-5184
MISC wago -- pfc200_devices An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. 2020-03-23 4.4 CVE-2019-5185
MISC wago -- pfc200_devices An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. 2020-03-23 4.4 CVE-2019-5186
MISC weechat -- weechat An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash. 2020-03-23 5 CVE-2020-9759
MISC
MLIST
GENTOO
MISC wonderlink -- wl-enq Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2020-03-25 4.3 CVE-2020-5559
MISC wordpress -- wordpress An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. 2020-03-20 4.3 CVE-2019-13463
MISC
MISC xmidt -- cjwt Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance. 2020-03-20 5 CVE-2019-19324
MISC
MISC zendto -- zendto ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. 2020-03-24 6.8 CVE-2020-8985
MISC zendto -- zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. 2020-03-24 5 CVE-2020-8984
MISC
MISC zoho -- manageengine_asset_explorer Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges. 2020-03-23 6.5 CVE-2019-19034
CONFIRM zoho -- manageengine_assetexplorer An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. 2020-03-23 4.9 CVE-2020-8838
CONFIRM zoho -- manageengine_desktop_central ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. 2020-03-23 4.3 CVE-2019-15510
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info cmsmadesimple -- cms_made_simple The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. 2020-03-20 3.5 CVE-2020-10681
MISC honda -- hr-v_2017_vehicles The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. 2020-03-23 3.3 CVE-2019-20626
MISC huawei -- campusinsight_and_manageone There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050. 2020-03-20 2.1 CVE-2020-1862
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). 2020-03-20 2.1 CVE-2020-1794
MISC

huawei -- mate_20_and_mate_30_pro_smartphones

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). 2020-03-20 2.1 CVE-2020-1795
MISC huawei -- mate_20_and_mate_30_pro_smartphones There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). 2020-03-20 2.1 CVE-2020-1793
MISC huawei -- multiple_products There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). 2020-03-20 3.6 CVE-2020-1879
MISC huawei -- oxfords-an00a_smartphone Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. 2020-03-20 2.1 CVE-2020-1878
MISC ibm -- jazz_for_service_management IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. 2020-03-23 3.5 CVE-2019-4718
XF
CONFIRM it-novum -- openitcockpit openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. 2020-03-25 3.5 CVE-2020-10790
MISC
MISC
CONFIRM jenkins -- jenkins Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. 2020-03-25 3.5 CVE-2020-2163
MLIST
CONFIRM jenkins -- jenkins Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. 2020-03-25 3.5 CVE-2020-2162
MLIST
CONFIRM jenkins -- jenkins Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. 2020-03-25 3.5 CVE-2020-2170
MLIST
CONFIRM micro_focus -- vibe A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. 2020-03-25 3.5 CVE-2020-9520
FULLDISC
MISC nagios -- nagios_xi Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. 2020-03-22 3.5 CVE-2020-10819
MISC nagios -- nagios_xi Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. 2020-03-22 3.5 CVE-2020-10820
MISC nagios -- nagios_xi Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. 2020-03-22 3.5 CVE-2020-10821
MISC netapp -- oncommand_system_manager OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. 2020-03-24 3.5 CVE-2019-17276
MISC parallels -- parallells_desktop This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428. 2020-03-23 2.1 CVE-2020-8872
MISC parallels -- parallells_desktop This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029. 2020-03-23 2.1 CVE-2020-8876
MISC phpmyadmin -- phpmyadmin In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. 2020-03-22 3.5 CVE-2020-10803
SUSE
MLIST
MISC piwigo -- piwigo Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. 2020-03-26 3.5 CVE-2020-9467
CONFIRM pki-core -- pki-core A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. 2020-03-20 3.5 CVE-2020-1696
CONFIRM prestashop -- prestashop PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0 2020-03-25 3.5 CVE-2020-5277
MISC
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019). 2020-03-24 2.1 CVE-2019-20550
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020). 2020-03-24 2.1 CVE-2020-10830
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). 2020-03-24 2.1 CVE-2019-20625
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020). 2020-03-24 1.9 CVE-2020-10846
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020). 2020-03-24 3.6 CVE-2020-10840
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019). 2020-03-24 2.1 CVE-2019-20533
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). 2020-03-24 3.6 CVE-2019-20600
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019). 2020-03-24 2.1 CVE-2019-20535
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019). 2020-03-24 2.1 CVE-2019-20540
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019). 2020-03-24 2.1 CVE-2019-20543
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019). 2020-03-24 2.1 CVE-2019-20557
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019). 2020-03-24 2.1 CVE-2019-20554
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). 2020-03-24 3.3 CVE-2019-20546
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). 2020-03-24 2.1 CVE-2019-20559
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019). 2020-03-24 2.1 CVE-2019-20569
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019). 2020-03-24 2.1 CVE-2019-20595
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019). 2020-03-24 2.1 CVE-2019-20534
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019). 2020-03-24 2.1 CVE-2019-20615
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). 2020-03-24 1.9 CVE-2019-20623
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). 2020-03-24 2.1 CVE-2019-20598
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). 2020-03-24 2.1 CVE-2020-10855
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019). 2020-03-24 3.6 CVE-2019-20531
CONFIRM telegram -- telegram_for_android The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. 2020-03-24 3.6 CVE-2020-10570
MISC wordpress -- wordpress A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. 2020-03-24 3.5 CVE-2020-10385
MISC
MISC
MISC
MISC
MISC zim -- zim Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. 2020-03-23 2.1 CVE-2020-10870
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 3s-smart_software_solutions -- codesys_gatewayservice An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. 2020-03-26 not yet calculated CVE-2019-5105
MISC accenture -- mercury An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. 2020-03-27 not yet calculated CVE-2020-10990
MISC
MISC

adobe -- coldfusion

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. 2020-03-25 not yet calculated CVE-2020-3794
CONFIRM adobe -- coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. 2020-03-25 not yet calculated CVE-2020-3761
CONFIRM adobe -- genuine_integrity_service Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. 2020-03-25 not yet calculated CVE-2020-3766
CONFIRM advantech -- webaccess In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. 2020-03-27 not yet calculated CVE-2020-10607
MISC apache -- shiro Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. 2020-03-25 not yet calculated CVE-2020-1957
MISC
MLIST asus -- asus_device_activation DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. 2020-03-25 not yet calculated CVE-2020-10649
MISC
MISC
MISC
MISC azkaban -- azkaban Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. 2020-03-27 not yet calculated CVE-2020-10992
MISC canonical -- ubuntu Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. 2020-03-26 not yet calculated CVE-2019-15796
UBUNTU
UBUNTU canonical -- ubuntu python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. 2020-03-26 not yet calculated CVE-2019-15795
UBUNTU
UBUNTU cesnet -- perun In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. 2020-03-25 not yet calculated CVE-2020-5281
MISC
MISC
CONFIRM dart -- dart An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. 2020-03-26 not yet calculated CVE-2020-8923
CONFIRM draytek -- multiple_devices A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. 2020-03-26 not yet calculated CVE-2020-10828
MISC draytek -- multiple_devices /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. 2020-03-26 not yet calculated CVE-2020-10826
MISC draytek -- multiple_devices A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). 2020-03-26 not yet calculated CVE-2020-10825
MISC draytek -- multiple_devices A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). 2020-03-26 not yet calculated CVE-2020-10824
MISC draytek -- multiple_devices A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). 2020-03-26 not yet calculated CVE-2020-10823
MISC draytek -- multiple_devices A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. 2020-03-26 not yet calculated CVE-2020-10827
MISC f5 -- big-ip On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). 2020-03-27 not yet calculated CVE-2020-5860
MISC f5 -- big-ip On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. 2020-03-27 not yet calculated CVE-2020-5861
MISC f5 -- big-ip On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS. 2020-03-27 not yet calculated CVE-2020-5862
MISC f5 -- big-ip On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. 2020-03-27 not yet calculated CVE-2020-5857
MISC f5 -- big-ip On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command. 2020-03-27 not yet calculated CVE-2020-5858
MISC f5 -- big-ip On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. 2020-03-27 not yet calculated CVE-2020-5859
MISC f5 -- nginx_controller In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. 2020-03-27 not yet calculated CVE-2020-5863
MISC fasterxml -- jackson-databind FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. 2020-03-26 not yet calculated CVE-2020-10969
MISC
MISC fasterxml -- jackson-databind FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). 2020-03-26 not yet calculated CVE-2020-10968
MISC
MISC finalwire -- aida64 An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-03-25 not yet calculated CVE-2019-7244
MISC gigabyte -- app_center An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-03-25 not yet calculated CVE-2019-7630
MISC

gitlab -- gillab_enterprise_and_community_editions

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. 2020-03-27 not yet calculated CVE-2020-10955
CONFIRM
MISC gitlab -- gitlab GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. 2020-03-27 not yet calculated CVE-2020-10956
CONFIRM
MISC gitlab -- gitlab GitLab through 12.9 is affected by a potential DoS in repository archive download. 2020-03-27 not yet calculated CVE-2020-10954
CONFIRM
MISC

gitlab -- gitlab_enterprise_and_community_editions

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. 2020-03-27 not yet calculated CVE-2020-10952
CONFIRM
MISC gitlab -- gitlab_enterprise_edition In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. 2020-03-27 not yet calculated CVE-2020-10953
CONFIRM
MISC gnu_patch -- gnu_patch GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. 2020-03-25 not yet calculated CVE-2019-20633
MISC google -- closure-library A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315. 2020-03-26 not yet calculated CVE-2020-8910
CONFIRM
CONFIRM gstreamer -- gst-rtsp-server An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. 2020-03-27 not yet calculated CVE-2020-6095
MISC harris_ormed_self_service -- harris_ormed_self_service Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more. 2020-03-25 not yet calculated CVE-2019-18626
MISC hashicorp -- vault_and_vault_enterprise HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. 2020-03-23 not yet calculated CVE-2020-10660
CONFIRM
MISC http4s -- http4s http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. 2020-03-25 not yet calculated CVE-2020-5280
MISC
MISC
MISC
CONFIRM huawei -- oxfordp-an10b_smartphones Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. 2020-03-26 not yet calculated CVE-2020-9066
MISC huawei -- p30_smartphones HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations. 2020-03-26 not yet calculated CVE-2020-1800
MISC huawei -- taurus-al00b_smartphones Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. 2020-03-26 not yet calculated CVE-2020-9065
MISC ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. 2020-03-26 not yet calculated CVE-2020-4276
XF
CONFIRM it-novum -- openitcockpit openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. 2020-03-25 not yet calculated CVE-2020-10788
MISC
CONFIRM jenkins -- jenkins Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-03-25 not yet calculated CVE-2020-2166
MLIST
CONFIRM jenkins -- jenkins Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-03-25 not yet calculated CVE-2020-2168
MLIST
CONFIRM jenkins -- jenkins Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-03-25 not yet calculated CVE-2020-2171
MLIST
CONFIRM jenkins -- jenkins Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. 2020-03-25 not yet calculated CVE-2020-2160
MLIST
CONFIRM jenkins -- jenkins Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. 2020-03-25 not yet calculated CVE-2020-2161
MLIST
CONFIRM jenkins -- jenkins Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 2020-03-25 not yet calculated CVE-2020-2167
MLIST
CONFIRM kiali -- kiali A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. 2020-03-26 not yet calculated CVE-2020-1764
CONFIRM
MISC kubernetes -- api_server The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. 2020-03-27 not yet calculated CVE-2020-8552
MISC
MISC kubernetes -- kubelet The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. 2020-03-27 not yet calculated CVE-2020-8551
MISC
MISC lenovo -- multiple_notebooks MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. 2020-03-27 not yet calculated CVE-2015-5684
MISC lenovo -- solution_center MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 not yet calculated CVE-2015-8534
MISC lenovo -- solution_center MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. 2020-03-27 not yet calculated CVE-2015-8536
MISC lenovo -- solution_center MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 not yet calculated CVE-2015-8535
MISC lenovo -- system_update MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 not yet calculated CVE-2015-7334
MISC lenovo -- system_update MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 not yet calculated CVE-2015-7335
MISC lenovo -- system_update MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. 2020-03-27 not yet calculated CVE-2015-7336
MISC lenovo -- system_update MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. 2020-03-27 not yet calculated CVE-2015-7333
MISC

mcafee -- mcafee_application_and_change_control

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. 2020-03-26 not yet calculated CVE-2020-7260
CONFIRM micro_focus -- service_manager_automation An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. 2020-03-26 not yet calculated CVE-2020-9521
MISC moo0 -- moo0_system_monitor An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-03-25 not yet calculated CVE-2019-7240
MISC moxa -- eds-g16e_series_devices In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. 2020-03-26 not yet calculated CVE-2020-6999
MISC mozilla -- firefox When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. 2020-03-25 not yet calculated CVE-2020-6813
MISC
MISC mozilla -- firefox Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. 2020-03-25 not yet calculated CVE-2020-6815
MISC
MISC mozilla -- firefox After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74. 2020-03-25 not yet calculated CVE-2020-6810
MISC
MISC mozilla -- firefox When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. 2020-03-25 not yet calculated CVE-2020-6809
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 not yet calculated CVE-2020-6812
MISC
MISC
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 not yet calculated CVE-2020-6814
MISC
MISC
MISC
MISC

mozilla -- thunderbird_and_firefox_and_firefox_esr

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. 2020-03-25 not yet calculated CVE-2020-6811
MISC
MISC
MISC
MISC mulesoft -- apikit Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java 2020-03-27 not yet calculated CVE-2020-10991
MISC nick_chan_bot -- nick_chan_bot In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta 2020-03-25 not yet calculated CVE-2020-5282
MISC
CONFIRM osmand -- osmand Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. 2020-03-27 not yet calculated CVE-2020-10993
MISC otrs -- open_ticket_request_system It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. 2020-03-27 not yet calculated CVE-2020-1773
MISC otrs -- open_ticket_request_system Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 not yet calculated CVE-2020-1771
MISC otrs -- open_ticket_request_system It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 not yet calculated CVE-2020-1772
MISC otrs -- open_ticket_request_system Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 not yet calculated CVE-2020-1770
MISC otrs -- open_ticket_request_system In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. 2020-03-27 not yet calculated CVE-2020-1769
MISC phoenix_contact -- pc_worx_srt Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. 2020-03-27 not yet calculated CVE-2020-10939
CONFIRM phoenix_contact -- portico_server Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. 2020-03-27 not yet calculated CVE-2020-10940
CONFIRM piwigo -- piwigo The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. 2020-03-26 not yet calculated CVE-2020-9468
MISC
MISC puppet -- continuous_delivery_for_puppet_enterprise In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. 2020-03-26 not yet calculated CVE-2020-7944
MISC pyup -- pyup_safety_tool The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to &#x201C;poison-pill&#x201D; command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker. 2020-03-23 not yet calculated CVE-2020-5252
CONFIRM
CONFIRM
CONFIRM red_hat -- ansible_engine A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. 2020-03-24 not yet calculated CVE-2020-10684
CONFIRM rsa -- authentication_manager RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. 2020-03-26 not yet calculated CVE-2020-5340
MISC rsa -- authentication_manager RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser. 2020-03-26 not yet calculated CVE-2020-5339
MISC samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019). 2020-03-24 not yet calculated CVE-2019-20606
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019). 2020-03-24 not yet calculated CVE-2019-20613
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019). 2020-03-24 not yet calculated CVE-2019-20605
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019). 2020-03-24 not yet calculated CVE-2019-20604
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). 2020-03-24 not yet calculated CVE-2019-20610
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019). 2020-03-24 not yet calculated CVE-2019-20611
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019). 2020-03-24 not yet calculated CVE-2019-20607
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019). 2020-03-24 not yet calculated CVE-2019-20580
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019). 2020-03-24 not yet calculated CVE-2019-20608
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019). 2020-03-24 not yet calculated CVE-2019-20589
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019). 2020-03-24 not yet calculated CVE-2019-20576
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019). 2020-03-24 not yet calculated CVE-2019-20592
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019). 2020-03-24 not yet calculated CVE-2019-20577
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019). 2020-03-24 not yet calculated CVE-2019-20591
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020). 2020-03-24 not yet calculated CVE-2020-10847
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019). 2020-03-24 not yet calculated CVE-2019-20590
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019). 2020-03-24 not yet calculated CVE-2019-20579
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019). 2020-03-24 not yet calculated CVE-2019-20588
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). 2020-03-24 not yet calculated CVE-2019-20593
CONFIRM samsung -- multiple_mobile_devices An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). 2020-03-24 not yet calculated CVE-2019-20609
CONFIRM sonicwall -- sma1000_http_extraweb_server A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. 2020-03-26 not yet calculated CVE-2020-5129
CONFIRM sunnet -- sunnet_ehrd Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. 2020-03-27 not yet calculated CVE-2020-10509
MISC sunnet -- sunnet_ehrd Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. 2020-03-27 not yet calculated CVE-2020-10508
MISC sunnet -- sunnet_ehrd Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. 2020-03-27 not yet calculated CVE-2020-10510
MISC techpowerup -- gpu-z An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-03-25 not yet calculated CVE-2019-7245
MISC tenable -- codesys_control CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. 2020-03-26 not yet calculated CVE-2020-10245
CONFIRM
MISC teradici -- pcoip_mangement_console Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2. 2020-03-25 not yet calculated CVE-2020-10965
MISC
MISC totemo -- totemomail An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. 2020-03-27 not yet calculated CVE-2020-7918
MISC
MISC tp-link -- archer_a7_devices This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. 2020-03-25 not yet calculated CVE-2020-10887
MISC tp-link -- archer_a7_devices This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. 2020-03-25 not yet calculated CVE-2020-10882
MISC tp-link -- archer_a7_devices This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. 2020-03-25 not yet calculated CVE-2020-10881
MISC tp-link -- archer_a7_devices This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. 2020-03-25 not yet calculated CVE-2020-10885
MISC tp-link -- archer_a7_devices This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. 2020-03-25 not yet calculated CVE-2020-10888
MISC tp-link -- archer_a7_devices This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. 2020-03-25 not yet calculated CVE-2020-10884
MISC tp-link -- archer_a7_devices This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651. 2020-03-25 not yet calculated CVE-2020-10883
MISC tp-link -- archer_a7_devices This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. 2020-03-25 not yet calculated CVE-2020-10886
MISC tp-link -- archer_c50_devices TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. 2020-03-25 not yet calculated CVE-2020-9375
MISC
MISC
CONFIRM tribal_group -- sits:vision An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does. 2020-03-25 not yet calculated CVE-2019-19127
MISC
FULLDISC unisoon -- ultralog_express UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. 2020-03-27 not yet calculated CVE-2020-3936
MISC unisoon -- ultralog_express UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. 2020-03-27 not yet calculated CVE-2020-3920
MISC unisoon -- ultralog_express UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. 2020-03-27 not yet calculated CVE-2020-3921
MISC vesta_and_hestia -- vesta_control_panel_and_hestia_control_panel In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. 2020-03-25 not yet calculated CVE-2020-10966
MISC
CONFIRM
MISC wordpress -- wordpress The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. 2020-03-27 not yet calculated CVE-2020-10817
MISC
MISC yaml_project -- pyyaml A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. 2020-03-24 not yet calculated CVE-2020-1747
CONFIRM
MISC
FEDORA
FEDORA
FEDORA Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.