Adobe Releases Security Updates for Magento

January 31, 2020, 7:50 am

≫ Next: Detecting Citrix CVE-2019-19781

≪ Previous: Cisco Releases Security Updates for Cisco Small Business Switches

Original release date: January 31, 2020

Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Open Source editions. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-02 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Detecting Citrix CVE-2019-19781

January 31, 2020, 10:07 am

≫ Next: Vulnerability Summary for the Week of January 27, 2020

≪ Previous: Adobe Releases Security Updates for Magento

Original release date: January 31, 2020

Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1]

Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations were likely to be targeted once exploit code began circulating on the internet a few weeks later.

Compromised systems cannot be remediated by applying software patches that were released to fix the vulnerability. Once CNE actors establish a foothold on an affected device, their presence remains even though the original attack vector has been closed.

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Alert to provide tools and technologies to assist with detecting the presence of these CNE actors. Unpatched systems and systems compromised before the updates were applied remain susceptible to exploitation.

Contact CISA, or the FBI to report an intrusion or to request assistance.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Vulnerability Summary for the Week of January 27, 2020

February 3, 2020, 8:36 am

≫ Next: OpenSMTPD Vulnerability

≪ Previous: Detecting Citrix CVE-2019-19781

Original release date: February 3, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- illustrator_cc	Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	9.3	CVE-2020-3714 CONFIRM
adobe -- illustrator_cc	Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	9.3	CVE-2020-3713 CONFIRM
adobe -- illustrator_cc	Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	9.3	CVE-2020-3712 CONFIRM
adobe -- illustrator_cc	Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	9.3	CVE-2020-3711 CONFIRM
adobe -- illustrator_cc	Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	9.3	CVE-2020-3710 CONFIRM
alienvault -- ossim	OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability	2020-01-27	7.8	CVE-2013-6056 MISC
amd -- atidxx64.dll_driver	An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.	2020-01-25	7.8	CVE-2019-5124 MISC
amd -- atidxx64.dll_driver	An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.	2020-01-25	7.8	CVE-2019-5146 MISC
amd -- atidxx64.dll_driver	An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.	2020-01-25	7.8	CVE-2019-5147 MISC
apache -- spamassassin	A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.	2020-01-30	9.3	CVE-2020-1931 CONFIRM BUGTRAQ DEBIAN
apache -- spamassassin	A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.	2020-01-30	9.3	CVE-2020-1930 CONFIRM MLIST BUGTRAQ DEBIAN
asus -- rt-n56u_devices	ASUS RT-N56U devices allow CSRF.	2020-01-28	9.3	CVE-2013-3093 MISC
avast -- secure_browser	A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker.	2020-01-27	7.2	CVE-2019-17190 MISC
bitdefender -- bitdefender_box_2	A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.	2020-01-27	10	CVE-2019-17095 ETC CONFIRM ETC
bitdefender -- bitdefender_box_2	A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.	2020-01-27	9.3	CVE-2019-17096 CONFIRM
cisco -- sd-wan_solution	A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.	2020-01-26	9	CVE-2019-12629 CISCO
cisco -- sd-wan_solution_vmanage	A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.	2020-01-26	7.2	CVE-2020-3115 CISCO
cisco -- small_business_switches	A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18	2020-01-30	7.8	CVE-2020-3147 CISCO
cisco -- webex_video_mesh	A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.	2020-01-26	9	CVE-2019-16005 CISCO
core_security -- vivotek_ip_cameras	A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.	2020-01-24	9	CVE-2013-1598 MISC MISC MISC MISC MISC
core_security -- vivotek_pt7135_ip_camera	A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.	2020-01-24	7.5	CVE-2013-1595 MISC MISC MISC MISC MISC
d-link -- dir-859_devices	D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.	2020-01-29	10	CVE-2019-20216 MISC MISC CONFIRM
d-link -- dir-859_devices	D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.	2020-01-29	10	CVE-2019-20215 MISC CONFIRM
d-link -- dir-859_devices	D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.	2020-01-29	10	CVE-2019-20217 MISC MISC CONFIRM
d-link -- dsr-250n_devices	D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.	2020-01-25	9	CVE-2012-6613 EXPLOIT-DB
dolibarr -- dolibarr	The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.	2020-01-26	10	CVE-2020-7995 MISC MISC
exiv2 -- exiv2	In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.	2020-01-27	7.1	CVE-2019-20421 MISC MISC
fudforum -- fudforum_bulletin_board	PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.	2020-01-27	9	CVE-2013-2267 BID XF
geocoder -- geocoder	sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.	2020-01-25	7.5	CVE-2020-7981 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.	2020-01-28	7.5	CVE-2019-5464 MISC MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.	2020-01-28	7.5	CVE-2019-15585 MISC MISC
git -- git	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.	2020-01-24	9.3	CVE-2019-1352 SUSE REDHAT MISC MISC
git -- git	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.	2020-01-24	9.3	CVE-2019-1354 SUSE MISC MISC
git -- git	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.	2020-01-24	9.3	CVE-2019-1349 SUSE REDHAT MISC MISC
git -- git	A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.	2020-01-24	9.3	CVE-2019-1350 SUSE MISC MISC
gnu -- gnu_coreutils	Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.	2020-01-24	7.5	CVE-2015-4042 MISC MISC
handsomeweb -- sos_webpages	backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.	2020-01-28	7.5	CVE-2014-3445 MISC MISC MISC MISC MISC
huawei -- e587_3g_mobile_hotspot	Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.	2020-01-27	10	CVE-2013-2612 XF BID
i_read_it_somewhere -- i_read_it_somewhere	IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.	2020-01-25	7.5	CVE-2013-1744 MISC
intellian_technologies -- aptus	The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.	2020-01-27	10	CVE-2020-8001 MISC
intellian_technologies -- aptus_web	Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.	2020-01-27	10	CVE-2020-8000 MISC
intellian_technologies -- aptus_web	Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.	2020-01-25	10	CVE-2020-7980 MISC MISC MISC
intellian -- aptus	The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY.	2020-01-27	7.5	CVE-2020-7999 MISC
irfanview -- flashpix_plugin	IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability	2020-01-27	9.3	CVE-2013-3486 MISC MISC
isof -- isof	All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.	2020-01-29	7.5	CVE-2019-10783 MISC
jenkins -- jenkins	Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.	2020-01-29	7.5	CVE-2020-2099 MLIST CONFIRM
koha -- koha	SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.	2020-01-24	7.5	CVE-2014-1925 MISC MISC MISC MISC
koha -- koha	The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.	2020-01-24	7.5	CVE-2014-1924 MISC MISC MISC MISC
lexmark -- markvision_enterprise	Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.	2020-01-27	7.8	CVE-2014-8742 CONFIRM MISC
lexmark -- markvision_enterprise	Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.	2020-01-27	10	CVE-2014-8741 CONFIRM MISC
lorex_technology -- lnc116_and_lnc104_ip_cameras	Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability	2020-01-24	7.5	CVE-2012-6451 MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.	2020-01-27	7.8	CVE-2019-20424 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.	2020-01-27	7.8	CVE-2019-20432 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.	2020-01-27	7.8	CVE-2019-20425 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.	2020-01-27	7.8	CVE-2019-20430 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.	2020-01-27	7.8	CVE-2019-20431 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.	2020-01-27	7.8	CVE-2019-20429 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.	2020-01-27	7.8	CVE-2019-20428 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.	2020-01-27	7.8	CVE-2019-20426 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.	2020-01-27	7.8	CVE-2019-20423 MISC MISC MISC MISC
lustre -- lustre	In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.	2020-01-27	9	CVE-2019-20427 MISC MISC MISC MISC
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.	2020-01-29	7.8	CVE-2020-3719 CONFIRM
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	10	CVE-2020-3716 CONFIRM
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-29	10	CVE-2020-3718 CONFIRM
microsoft -- visual_studio_code	An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.	2020-01-24	7.2	CVE-2019-1414 MISC
netgear -- centria_wndr4700_devices	NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.	2020-01-28	7.5	CVE-2013-3071 BID
netgear -- wndr4700_media_server_devices	NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).	2020-01-28	7.8	CVE-2013-3074 BID
netgear -- wnr1000v3	Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.	2020-01-29	10	CVE-2013-3317 EXPLOIT-DB
netgear -- wnr1000v3	Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".	2020-01-29	10	CVE-2013-3316 EXPLOIT-DB
opensmtpd -- opensmtpd	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.	2020-01-29	10	CVE-2020-7247 MISC MISC FULLDISC MISC CONFIRM BUGTRAQ DEBIAN CERT-VN CONFIRM
postgresql -- postgresql	PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.	2020-01-27	7.5	CVE-2015-0244 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
red_hat -- openshift_origin	The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.	2020-01-28	10	CVE-2013-2060 MISC MISC MISC MISC
ruckus -- zoneflex_r500_devices	Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=\|cat${IFS} substring.	2020-01-29	9	CVE-2020-8438 MISC
soapbox -- soapbox	Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox.	2020-01-24	7.2	CVE-2012-6302 MISC
suse -- Linux_enterprise_server_11	A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.	2020-01-24	7.2	CVE-2019-3693 SUSE CONFIRM
suse -- linux_enterprise_server_11	The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.	2020-01-24	7.2	CVE-2019-3692 CONFIRM
suse -- opensuse	UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.	2020-01-24	7.2	CVE-2019-3697 CONFIRM
suse -- opensuse_factory	A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.	2020-01-24	7.2	CVE-2019-3694 CONFIRM
synacor -- zimbra_collaboration	Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.	2020-01-27	7.5	CVE-2014-8563 CONFIRM CONFIRM
tp-link -- tp-link_ip_cameras	A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.	2020-01-29	10	CVE-2013-2573 MISC MISC MISC MISC MISC
vtiger -- vtiger_crm	vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.	2020-01-29	7.5	CVE-2013-3215 BID XF
vtiger -- vtiger_crm	vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.	2020-01-28	7.5	CVE-2013-3214 EXPLOIT-DB BID XF
webcalendar_project -- webcalendar	install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.	2020-01-27	7.5	CVE-2012-1495 MISC MISC MISC MISC
xnview -- xnview	XnView 2.03 has an integer overflow vulnerability	2020-01-27	7.5	CVE-2013-3493 MISC
xnview -- xnview	XnView 2.03 has a stack-based buffer overflow vulnerability	2020-01-27	7.5	CVE-2013-3492 MISC
zavio -- zavio_ip_cameras	A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.	2020-01-29	10	CVE-2013-2568 MISC MISC MISC MISC MISC
zavio -- zavio_ip_cameras	A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.	2020-01-29	7.5	CVE-2013-2570 MISC MISC MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
3s-smart_software_solutions -- codesys_control_and_gateway_and_hmi	CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.	2020-01-24	4	CVE-2020-7052 CONFIRM MISC
N/A -- N/A	Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.	2020-01-28	6.8	CVE-2015-8011 MISC MISC MISC
N/A -- N/A	svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.	2020-01-27	4.3	CVE-2020-8091 MISC MISC
N/A -- N/A	BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.	2020-01-29	5	CVE-2020-8416 CONFIRM CONFIRM CONFIRM MISC
N/A -- N/A	Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.	2020-01-28	4.3	CVE-2014-8490 MISC MISC
N/A -- secure_entry_server	Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default.	2020-01-28	5.8	CVE-2013-2764 BID XF
adive -- adive	Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.	2020-01-26	6.8	CVE-2020-7991 MISC MISC MISC
adive -- adive_framework	Adive Framework 2.0.8 has admin/user/add userName XSS.	2020-01-26	4.3	CVE-2020-7990 MISC MISC
adive -- adive_framework	Adive Framework 2.0.8 has admin/user/add userUsername XSS.	2020-01-26	4.3	CVE-2020-7989 MISC MISC
amazon -- aws_xms	Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.	2020-01-27	5	CVE-2013-2474 EXPLOIT-DB BID XF
amd -- atidxx64.dll_driver	An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.	2020-01-25	6.8	CVE-2019-5183 MISC
angular_expressions -- angular_expressions	Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.	2020-01-24	6.8	CVE-2020-5219 MISC MISC CONFIRM
apache -- nifi	A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.	2020-01-28	4.3	CVE-2020-1933 CONFIRM
apache -- nifi	An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.	2020-01-28	5	CVE-2020-1928 CONFIRM
apache -- superset	An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.	2020-01-28	4	CVE-2020-1932 MISC
asus -- wrt-ac66u_3_rt_devices	ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.	2020-01-28	4.3	CVE-2020-7997 MISC
big_switch_networks -- big_monitoring_fabric	An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.	2020-01-24	4.3	CVE-2019-19632 MISC MISC
bitdefender -- epsecurityservice.exe	An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.	2020-01-27	4.4	CVE-2019-17099 CONFIRM
bytemark -- symbiosis	Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.	2020-01-27	5	CVE-2014-3979 MISC MISC MISC
chamilo -- chamilo	Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.	2020-01-30	4.3	CVE-2013-0739 MISC MISC
chamilo -- chamilo	Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.	2020-01-30	4.3	CVE-2013-0738 MISC MISC
cisco -- application_policy_infrastructure_controller	A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).	2020-01-26	5	CVE-2020-3139 CISCO
cisco -- asyncos_software	A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.	2020-01-26	6.4	CVE-2020-3134 CISCO
cisco -- crosswork_change_automation	A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.	2020-01-26	4.3	CVE-2019-16024 CISCO
cisco -- data_center_analytics_framework	A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system.	2020-01-26	4.3	CVE-2019-16015 CISCO
cisco -- finesse	A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.	2020-01-26	4.3	CVE-2019-15278 CISCO
cisco -- identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.	2020-01-26	4	CVE-2019-15255 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-01-26	5	CVE-2019-16022 CISCO
cisco -- ios_xr_software	A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.	2020-01-26	5	CVE-2019-15989 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-01-26	5	CVE-2019-16020 CISCO
cisco -- ios_xr_software	A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.	2020-01-26	4	CVE-2019-16027 CISCO
cisco -- jabber_guest	A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier.	2020-01-26	4.3	CVE-2020-3136 CISCO
cisco -- mobility_management_entity	A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition.	2020-01-26	4.3	CVE-2019-16026 CISCO
cisco -- sd-wan_solution_vmanage	A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.	2020-01-26	4	CVE-2019-12619 CISCO
cisco -- small_business_smart_and_managed_switches	A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.	2020-01-26	4.3	CVE-2020-3121 CISCO
cisco -- smart_software_manager_on-prem	A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.	2020-01-26	6.4	CVE-2019-16029 CISCO
cisco -- ucs_director	A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator.	2020-01-26	5	CVE-2019-16003 CISCO
cisco -- webex_meetings_suite_and_online	A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3.	2020-01-26	5	CVE-2020-3142 CISCO
cisco -- webex_teams	A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131.	2020-01-26	4	CVE-2020-3131 CISCO
codecov -- codecov	Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.	2020-01-25	6.5	CVE-2020-7596 MISC
contao -- contao	contao prior to 2.11.4 has a sql injection vulnerability	2020-01-29	6.5	CVE-2012-4383 MISC
core_security -- vivotek_pt7135_ip_camera	An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.	2020-01-24	5	CVE-2013-1594 MISC MISC MISC MISC MISC MISC
core_security -- vivotek_pt7135_ip_camera	An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.	2020-01-24	5	CVE-2013-1596 MISC MISC MISC MISC MISC
core_security -- tp-link_ip_cameras	A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.	2020-01-29	5	CVE-2013-2572 MISC MISC MISC MISC MISC
core_security -- vivotek_pt7135_ip_cameras	A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.	2020-01-24	4	CVE-2013-1597 MISC MISC MISC MISC MISC
core_security -- zavio_ip_cameras	An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.	2020-01-29	5	CVE-2013-2567 MISC MISC MISC MISC MISC
core_security -- zavio_ip_cameras	A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.	2020-01-29	5	CVE-2013-2569 MISC MISC MISC MISC
cpanel -- webhost_manager	Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-27	4.3	CVE-2012-6448 EXPLOIT-DB
dolibarr -- dolibarr	Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page.	2020-01-26	4.3	CVE-2020-7994 MISC MISC
dolibarr -- dolibarr	htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.	2020-01-26	4.3	CVE-2020-7996 MISC MISC
eucalyptus -- eucalyptus_management_control	Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-27	4.3	CVE-2013-4770 MISC
f-revocrm -- f-revocrm	Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-27	4.3	CVE-2019-6036 MISC MISC
fuji_xerox -- netprint	The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2020-01-27	5.8	CVE-2020-5520 MISC MISC
fuji_xerox -- kantan_netprint	The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2020-01-27	5.8	CVE-2020-5521 MISC MISC
fuji_xerox -- kantan_netprint	The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2020-01-27	5.8	CVE-2020-5522 MISC MISC
gitlab -- gitlab	An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.	2020-01-28	5	CVE-2019-5470 MISC MISC MISC
gitlab -- gitlab	An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.	2020-01-28	5	CVE-2019-5472 MISC MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.	2020-01-28	5	CVE-2019-15578 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.	2020-01-28	5	CVE-2019-15579 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.	2020-01-28	5	CVE-2019-15581 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.	2020-01-28	5	CVE-2019-15582 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration	2020-01-28	5	CVE-2019-15590 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.	2020-01-28	5	CVE-2019-15583 MISC MISC
gitlab -- gitlab_community_and_enterprise_edition	A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.	2020-01-28	4.3	CVE-2019-15586 MISC MISC
gitlab -- gitlab_community_end_enterprise_edition	A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.	2020-01-28	6.8	CVE-2019-5462 MISC MISC MISC
git -- git	A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.	2020-01-24	5	CVE-2019-1351 SUSE MISC MISC
gnu -- aspell	libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.	2020-01-27	6.4	CVE-2019-20433 MISC
gnu -- gnucoreutils	The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.	2020-01-24	4.6	CVE-2015-4041 MISC MISC MISC
gnu -- gnutls	GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.	2020-01-27	5	CVE-2015-0294 MISC MISC MISC
google -- android	audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.	2020-01-24	4.3	CVE-2015-1525 MISC
google -- android	media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.	2020-01-24	6	CVE-2015-1530 MISC
ibm -- content_navigator	IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.	2020-01-28	4	CVE-2019-4679 XF CONFIRM
ibm -- mq_and_mq_appliance	IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.	2020-01-28	4	CVE-2019-4614 XF CONFIRM
ibm -- mq_and_mq_appliance	IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.	2020-01-28	4.3	CVE-2019-4568 XF CONFIRM
ibm -- mq_appliance_and_lts	IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.	2020-01-28	4.6	CVE-2019-4620 XF CONFIRM
ibm -- security_access_manager_appliance	IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.	2020-01-28	5.5	CVE-2019-4707 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.	2020-01-28	4.3	CVE-2019-4632 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.	2020-01-28	4.3	CVE-2019-4638 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.	2020-01-28	4	CVE-2019-4635 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.	2020-01-28	5.8	CVE-2019-4631 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.	2020-01-28	5	CVE-2019-4639 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.	2020-01-28	4	CVE-2019-4636 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.	2020-01-28	4	CVE-2019-4637 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.	2020-01-28	4.3	CVE-2019-4633 XF CONFIRM
icewarp -- webmail_server	In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.	2020-02-01	4.3	CVE-2020-8512 MISC MISC
jazzband -- django-user-sessions	In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen.	2020-01-24	4	CVE-2020-5224 CONFIRM MISC
jenkins -- fortify_plugin	Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.	2020-01-29	4	CVE-2020-2107 MLIST CONFIRM
jenkins -- jenkins	Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.	2020-01-29	4	CVE-2020-2104 MLIST CONFIRM
jenkins -- jenkins	Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.	2020-01-29	5	CVE-2020-2100 MLIST CONFIRM
jenkins -- jenkins	Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.	2020-01-29	4	CVE-2020-2103 MLIST CONFIRM
jenkins -- jenkins	REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.	2020-01-29	4.3	CVE-2020-2105 MLIST CONFIRM
jenkins -- websphere_deployer_plugin	Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.	2020-01-29	6.5	CVE-2020-2108 MLIST CONFIRM
jetbrains -- intellij_idea	Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.	2020-01-30	5	CVE-2020-7905 MISC CONFIRM
jetbrains -- intellij_idea	In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.	2020-01-30	5.8	CVE-2020-7904 MISC CONFIRM
jetbrains -- rider	In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.	2020-01-30	5	CVE-2020-7906 MISC MISC
jetbrains -- teamcity	In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.	2020-01-30	4.3	CVE-2020-7908 MISC CONFIRM
jetbrains -- teamcity	In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.	2020-01-30	5	CVE-2020-7909 MISC CONFIRM
jetbrains -- teamcity	In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.	2020-01-30	4.3	CVE-2020-7911 MISC CONFIRM
jetbrains -- youtrack	In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.	2020-01-30	5	CVE-2020-7912 MISC CONFIRM
jetbrains -- youtrack	JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.	2020-01-30	4.3	CVE-2020-7913 MISC CONFIRM
koha -- koha	Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.	2020-01-24	5	CVE-2014-1923 MISC MISC MISC MISC MISC
koha -- koha	Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.	2020-01-24	5	CVE-2014-1922 MISC MISC MISC MISC
lldpd -- lldpd	lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.	2020-01-28	5	CVE-2015-8012 MISC MISC CONFIRM CONFIRM
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.	2020-01-29	5	CVE-2020-3717 CONFIRM
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2020-01-29	4.3	CVE-2020-3715 CONFIRM
magento -- magento	Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2020-01-29	4.3	CVE-2020-3758 CONFIRM
mediawiki -- N/A	Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.	2020-01-28	4.3	CVE-2013-6451 MISC
mediawiki -- mediawiki	The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.	2020-01-28	5	CVE-2013-6455 MISC
microsoft -- Microsoft_dynamics_365_server	An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.	2020-01-24	4	CVE-2018-8654 MISC
mirumee -- saleor	An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).	2020-01-24	5	CVE-2020-7964 MISC MISC
mympc -- media_player_classic_home_cinema	Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file.	2020-01-31	6.8	CVE-2013-3488 CONFIRM MISC
mympc -- media_player_classic_home_cinema	Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file	2020-01-31	6.8	CVE-2013-3489 MISC MISC
netapp -- oncommand_system_manager	Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.	2020-01-29	4.3	CVE-2013-3320 BID XF XF
netapp -- oncommand_system_manager	NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.	2020-01-29	6	CVE-2013-3321 XF MISC
netty -- netty	Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.	2020-01-27	5	CVE-2020-7238 MISC MISC
netty -- netty	HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."	2020-01-29	6.4	CVE-2019-20444 MISC MISC MLIST MLIST MLIST
netty -- netty	HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.	2020-01-29	6.4	CVE-2019-20445 MISC MISC MLIST MLIST MLIST
novell -- zenworks_configuration_management	Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.	2020-01-25	5	CVE-2012-6345 MISC
novell -- zenworks_configuration_management	Novell ZENworks Configuration Management before 11.2.4 allows XSS.	2020-01-25	4.3	CVE-2012-6344 MISC
ntt_data_corporation -- mypallete	Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2020-01-28	5.8	CVE-2020-5523 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
openpne -- openpne_3	OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability	2020-01-24	6.4	CVE-2013-4333 MISC MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.	2020-01-30	6.5	CVE-2020-8442 MISC MISC MISC
postgresql -- postgresql	PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.	2020-01-27	4	CVE-2014-8161 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
postgresql -- postgresql	Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.	2020-01-27	6.5	CVE-2015-0243 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
postgresql -- postgresql	Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.	2020-01-27	6.5	CVE-2015-0242 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
postgresql -- postgresql	The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.	2020-01-27	6.5	CVE-2015-0241 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
proxmox -- proxmox	Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability	2020-01-27	5	CVE-2014-4156 MISC MISC
pwgen_project -- pwgen	The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.	2020-01-27	5	CVE-2013-4441 MISC MISC MISC MISC
pyradius -- pyrad	packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.	2020-01-28	4.3	CVE-2013-0294 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM MISC CONFIRM
python -- python	In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.	2020-01-28	4.3	CVE-2020-8315 MISC
qt -- qt	Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.	2020-01-24	5	CVE-2015-9541 MISC
rapid7 -- nexpose	Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.	2020-01-25	4.3	CVE-2012-6494 BID XF
ratpack -- ratpack	All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.	2020-01-28	4.3	CVE-2019-10770 CONFIRM
roundup -- roundup	Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.	2020-01-30	4.3	CVE-2012-6133 CONFIRM MISC MISC MISC CONFIRM
simplehrm -- simplehrm	SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.	2020-01-27	5	CVE-2013-2499 MISC BID XF
simplesamlphp -- simplesamlphp	Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.	2020-01-24	5.5	CVE-2020-5225 CONFIRM MISC
smb4k -- smb4k	Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.	2020-01-28	5	CVE-2014-2581 CONFIRM CONFIRM CONFIRM MISC MISC MISC
stroom -- stroom	All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.	2020-01-28	4.3	CVE-2019-10779 CONFIRM
synacor -- zimbra-collaboration	Synacor Zimbra Collaboration before 8.0.8 has XSS.	2020-01-27	4.3	CVE-2014-5500 CONFIRM
synacor -- zimbra_collaboration	Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.	2020-01-27	4.3	CVE-2019-8945 MISC MISC MISC MISC
synacor -- zimbra_collaboration	In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.	2020-01-27	4.3	CVE-2019-15313 MISC MISC
synacor -- zimbra_collaboration	Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.	2020-01-27	4.3	CVE-2019-8946 MISC MISC MISC MISC
synacor -- zimbra_collaboration	Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.	2020-01-27	4.3	CVE-2019-8947 MISC MISC MISC MISC
tiki_software -- tiki_wiki_cms_groupware	Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.	2020-01-27	6	CVE-2011-4558 MISC
tor_project -- tor	buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.	2020-01-24	5	CVE-2015-2688 MISC MISC
tor_project -- tor	The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.	2020-01-24	5	CVE-2015-2929 MISC MISC
tor_project -- tor	The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.	2020-01-24	5	CVE-2015-2928 MLIST CONFIRM
tor_project -- tor	Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.	2020-01-24	5	CVE-2015-2689 MISC MISC
tornadoweb -- tornado	Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.	2020-01-24	4.3	CVE-2014-9720 MISC MISC MISC MISC MISC
tp-link -- tp-link_tl-wr849n	TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.	2020-01-27	4.1	CVE-2019-19143 MISC
valve_dota_2 -- valve_dota_2	rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.	2020-01-27	6.8	CVE-2020-7952 MISC
valve_dota_2 -- valve_dota_2	schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.	2020-01-27	6.8	CVE-2020-7949 MISC
valve_dota_2 -- valve_dota_2	meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.	2020-01-27	6.8	CVE-2020-7951 MISC
valve_dota_2 -- valve_dota_2	meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call.	2020-01-27	6.8	CVE-2020-7950 MISC
videolan -- vlc_media_player	Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.	2020-01-24	6.8	CVE-2014-9626 MISC MISC CONFIRM
videolan -- vlc_media_player	The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.	2020-01-24	6.8	CVE-2014-9630 MISC MISC CONFIRM
videolan -- vlc_media_player	The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.	2020-01-24	6.8	CVE-2014-9628 MISC MISC CONFIRM
videolan -- vlc_media_player	Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.	2020-01-24	6.8	CVE-2014-9629 MISC MISC CONFIRM
videolan -- vlc_media_player	The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.	2020-01-24	6.8	CVE-2014-9625 MISC MISC CONFIRM
videolan -- vlc_media_player	The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.	2020-01-24	6.8	CVE-2014-9627 MISC MISC CONFIRM
viewgit -- viewgit	Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.	2020-01-30	4.3	CVE-2013-2294 CONFIRM MISC MISC MISC
webcalendar_project -- webcalendar	Local file inclusion in WebCalendar before 1.2.5.	2020-01-27	6.5	CVE-2012-1496 MISC
wiz -- wiz	Wiz 5.0.3 has a user mode write access violation	2020-01-27	5	CVE-2013-5659 MISC MISC
wordpress -- wordpress	Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.	2020-01-28	6.8	CVE-2015-5483 MISC MISC MISC
wordpress -- wordpress	WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability	2020-01-27	6.4	CVE-2013-4462 MISC MISC
wordpress -- wordpress	Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.	2020-01-28	4.3	CVE-2013-2714 BID
wso2 -- multiple_products	An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects.	2020-01-28	4.3	CVE-2019-20436 MISC MISC
wso2 -- multiple_products	An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations.	2020-01-28	4.3	CVE-2019-20437 MISC MISC
zend -- zend_mail	CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.	2020-01-27	4.3	CVE-2015-3154 CONFIRM
zeuscart -- zeuscart	Multiple SQL injection vulnerabilities in ZeusCart 4.x.	2020-01-31	6.5	CVE-2014-3868 MISC MISC MISC MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
N/A -- N/A	A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.	2020-01-28	3.5	CVE-2019-15607 MISC
N/A -- N/A	The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).	2020-01-27	3.5	CVE-2020-8090 MISC
bitdefender -- bitdefender_av_for_mac	An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.	2020-01-27	2.1	CVE-2019-17103 CONFIRM
cisco -- multiple_products	A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.	2020-01-26	3.5	CVE-2019-16008 CISCO
cisco -- unity_connection_software	A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element.	2020-01-26	3.5	CVE-2020-3129 CISCO
dokeos -- dokeos	Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.	2020-01-29	3.5	CVE-2012-5776 MISC MISC
fortinet -- fortisiem	An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.	2020-01-28	3.5	CVE-2019-17651 CONFIRM
git -- git	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.	2020-01-24	3.6	CVE-2019-1348 SUSE REDHAT MISC MISC
google -- android	A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.	2020-01-24	3.5	CVE-2019-1460 MISC
havalite -- havalite_cms	Havalite CMS 1.1.7 has a stored XSS vulnerability	2020-01-29	3.5	CVE-2013-0161 MISC
jenkins -- jenkins	Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.	2020-01-29	3.5	CVE-2020-2101 MLIST CONFIRM
jenkins -- jenkins	Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.	2020-01-29	3.5	CVE-2020-2106 MLIST CONFIRM
jenkins -- jenkins	Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.	2020-01-29	3.5	CVE-2020-2102 MLIST CONFIRM
jetbrains -- teamcity	JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.	2020-01-30	3.5	CVE-2020-7910 MISC CONFIRM
linux -- Linux_kernel	fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.	2020-01-29	3.6	CVE-2020-8428 MLIST MLIST MISC MISC MISC
linux -- linux_kernel	In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.	2020-01-27	2.1	CVE-2019-20422 MISC MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.	2020-01-24	3.6	CVE-2019-1454 MISC
netapp -- e-series_santricity_os_controller_software	E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.	2020-01-30	3.3	CVE-2019-17273 CONFIRM
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.	2020-01-30	2.1	CVE-2020-8446 MISC MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.	2020-01-30	2.1	CVE-2020-8448 MISC MISC MISC
simplesamlphp -- simplesamlphp	Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field.	2020-01-24	3.5	CVE-2020-5226 CONFIRM MISC
suse -- linux_enterprise_server	The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.	2020-01-24	1.9	CVE-2019-3687 CONFIRM
suse -- networkmanager	NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.	2020-01-27	3.2	CVE-2006-7246 MISC MISC MISC MISC
synacor -- zimbra_collaboration	Zimbra Collaboration before 8.6.0 patch5 has XSS.	2020-01-27	3.5	CVE-2015-2249 CONFIRM
synacor -- zimbra_collaboration	Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.	2020-01-27	3.5	CVE-2019-11318 MISC MISC MISC MISC
synacor -- zimbra_collaboration	Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.	2020-01-27	3.5	CVE-2019-12427 MISC MISC MISC
virgl -- virglrenderer	A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.	2020-01-27	2.1	CVE-2020-8003 MISC MISC MISC MISC
virgl -- virglrenderer	A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).	2020-01-27	2.1	CVE-2020-8002 MISC MISC MISC
wordpress -- wordpress	Pinboard 1.0.6 theme for Wordpress has XSS.	2020-01-27	3.5	CVE-2013-0286 MISC
wordpress -- wordpress	The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.	2020-01-28	3.5	CVE-2020-8426 MISC MISC MISC
wowza_media_systems -- wowza_streaming_engine	Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form.	2020-01-29	3.5	CVE-2019-7655 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.	2020-01-28	3.5	CVE-2019-20434 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.	2020-01-28	3.5	CVE-2019-20435 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.	2020-01-28	3.5	CVE-2019-20438 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher.	2020-01-28	3.5	CVE-2019-20439 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.	2020-01-28	3.5	CVE-2019-20440 MISC MISC
wso2 -- api_manager	An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.	2020-01-28	3.5	CVE-2019-20441 MISC MISC
wso2 -- multiple_products	An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.	2020-01-28	3.5	CVE-2019-20443 MISC MISC
wso2 -- multiple_products	An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.	2020-01-28	3.5	CVE-2019-20442 MISC MISC

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
abrt -- abrt	ABRT might allow attackers to obtain sensitive information from crash reports.	2020-01-31	not yet calculated	CVE-2011-4088 MISC MISC
adobe -- acrobat_and_reader	Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-01-28	not yet calculated	CVE-2019-8257 CONFIRM
adobe -- acrobat_and_reader	Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-01-28	not yet calculated	CVE-2019-7131 CONFIRM
aircrack-ng -- aircrack-ng	Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.	2020-01-31	not yet calculated	CVE-2014-8321 CONFIRM MISC MISC CONFIRM MISC
aircrack-ng -- aircrack-ng	Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.	2020-01-31	not yet calculated	CVE-2014-8322 CONFIRM MISC MISC MISC CONFIRM MISC
alcatel-lucent -- 1830_photonic_service_switch	Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.	2020-01-31	not yet calculated	CVE-2014-3809 MISC
apache -- jackrabbit_oak	The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.	2020-01-28	not yet calculated	CVE-2020-1940 MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.	2020-01-31	not yet calculated	CVE-2020-8505 MISC
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.	2020-01-31	not yet calculated	CVE-2020-8504 MISC
aruba -- airwave_management_platform	A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672	2020-01-31	not yet calculated	CVE-2016-2032 MISC MISC MISC MISC
aruba -- clearpass_policy_manager	Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to 6.5.6 and 6.6.0 includes SQL injection issues, unauthenticated arbitrary file read via XXE, remote root command execution, and elevated privilege issues.	2020-01-31	not yet calculated	CVE-2016-2033 CONFIRM
aruba -- instate	Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.	2020-01-31	not yet calculated	CVE-2016-2031 MISC MISC MISC MISC
belkin -- wemo_switch	Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.	2020-01-28	not yet calculated	CVE-2013-2748 EXPLOIT-DB BID XF
belkin_wemo_insight_switch	A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.	2020-01-27	not yet calculated	CVE-2019-17094 CONFIRM
biscom -- biscom_secure_file_transfer	Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.	2020-01-31	not yet calculated	CVE-2020-8503 MISC
bitdefender -- bitdefender_antivirus_for_mac	A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.	2020-01-30	not yet calculated	CVE-2020-8092 MISC
bitdefender -- bitdefender_antivirus_for_mac	A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution	2020-01-30	not yet calculated	CVE-2020-8093 MISC
bitdefender -- bitdefender_total_security_2020	A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.	2020-01-30	not yet calculated	CVE-2020-8095 CONFIRM
bitdefender -- box_2	An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.	2020-01-27	not yet calculated	CVE-2019-17102 CONFIRM
bitdefender -- total_security_2020	An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.	2020-01-27	not yet calculated	CVE-2019-17100 MISC
c-lightning -- c-lightning	c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."	2020-01-31	not yet calculated	CVE-2019-12998 MISC CONFIRM
cisco -- ios_xr_software	A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-01-26	not yet calculated	CVE-2019-16018 CISCO
com.puppycrawl.tools:checkstyle -- com.puppycrawl.tools:checkstyle	All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.	2020-01-30	not yet calculated	CVE-2019-10782 MISC
cups_easy -- cups_easy_purchase_&_inventory	Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.	2020-01-28	not yet calculated	CVE-2020-8425 MISC MISC
cups_easy -- cups_easy_purchase_&_inventory	Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.	2020-01-28	not yet calculated	CVE-2020-8424 MISC MISC
cysharp -- messagepack_for_c#_and_unity	MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.	2020-01-31	not yet calculated	CVE-2020-5234 MISC CONFIRM
d-link -- multiple_cameras	An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.	2020-01-28	not yet calculated	CVE-2013-1600 MISC MISC MISC MISC MISC
d-link -- multiple_ip_cameras	An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.	2020-01-28	not yet calculated	CVE-2013-1603 MISC MISC MISC MISC MISC
d-link -- multiple_ip_cameras	A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera?s web interface.	2020-01-28	not yet calculated	CVE-2013-1599 MISC MISC MISC MISC FULLDISC MISC
d-link -- multiple_ip_cameras	An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.	2020-01-28	not yet calculated	CVE-2013-1601 MISC MISC MISC MISC MISC
d-link -- multiple_ip_cameras	An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.	2020-01-28	not yet calculated	CVE-2013-1602 MISC MISC MISC MISC
das_u-boot -- das_u-bootN/A	In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.	2020-01-29	not yet calculated	CVE-2020-8432 MISC MISC
draytek -- multiple_devices	DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.	2020-02-01	not yet calculated	CVE-2020-8515 MISC
drupal -- drupal	The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.	2020-01-30	not yet calculated	CVE-2013-2198 MISC CONFIRM CONFIRM CONFIRM
drupal -- drupal	The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.	2020-01-30	not yet calculated	CVE-2013-4187 MISC MISC MISC CONFIRM MISC
drupal -- drupal	Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.	2020-01-31	not yet calculated	CVE-2014-8338 MISC MISC
eclair -- eclair	Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."	2020-01-31	not yet calculated	CVE-2019-13000 MISC MISC CONFIRM
edk2 -- unified_extensible_firmware_interface	Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.	2020-01-31	not yet calculated	CVE-2014-4859 MISC
edk2 -- unified_extensible_firmware_interface	Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.	2020-01-31	not yet calculated	CVE-2014-4860 MISC
ensdomains -- ens	A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.	2020-01-31	not yet calculated	CVE-2020-5232 MISC CONFIRM
eucalyptus -- eucalyptus_management_console	Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	not yet calculated	CVE-2014-5039 CONFIRM
evernote -- evernote	Evernote before 5.5.1 has insecure PIN storage	2020-01-31	not yet calculated	CVE-2013-5112 MISC MISC
evernote -- evernote	Evernote prior to 5.5.1 has insecure password change	2020-01-31	not yet calculated	CVE-2013-5116 MISC MISC MISC
feedgen -- feedgen	Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources.	2020-01-28	not yet calculated	CVE-2020-5227 MISC MISC CONFIRM
fish-shell -- fish-shell	fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.	2020-01-28	not yet calculated	CVE-2014-2914 MISC CONFIRM
fish-shell -- fish-shell	The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.	2020-01-28	not yet calculated	CVE-2014-3856 MISC CONFIRM MISC
fish-shell -- fish-shell	The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.	2020-01-28	not yet calculated	CVE-2014-2906 MISC MISC CONFIRM
foscam -- ip_camera_fi8620	An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.	2020-01-29	not yet calculated	CVE-2013-2574 MISC MISC MISC MISC MISC
fuji_xerox -- awms_mobile_app	The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2020-01-31	not yet calculated	CVE-2020-5526 MISC MISC
fusionauth -- fusionauth	An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.	2020-01-28	not yet calculated	CVE-2020-7799 MISC MISC MISC BUGTRAQ
gemalto -- gemalto_tokend	Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability	2020-01-30	not yet calculated	CVE-2013-1867 MISC MISC
git -- git	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.	2020-01-24	not yet calculated	CVE-2019-1353 SUSE MISC MISC
git-extras -- git-extras	The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.	2020-01-28	not yet calculated	CVE-2012-6114 MISC MISC MISC
gitlab -- ce/ee	An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.	2020-01-28	not yet calculated	CVE-2019-5466 MISC MISC MISC
gitlab -- ce/ee	An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.	2020-01-28	not yet calculated	CVE-2019-5465 MISC MISC MISC
gitlab -- ee	An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.	2020-01-28	not yet calculated	CVE-2019-5474 MISC MISC MISC
gitlab -- gitlab	The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.	2020-01-28	not yet calculated	CVE-2013-4583 MISC MISC MISC
gitlab -- gitlab	The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.	2020-01-28	not yet calculated	CVE-2013-4582 MISC MISC MISC
gitlab -- gitlab	An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.	2020-01-28	not yet calculated	CVE-2019-5468 MISC MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.	2020-01-31	not yet calculated	CVE-2020-7219 MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.	2020-01-31	not yet calculated	CVE-2020-7955 MISC MISC
hashicorp -- nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.	2020-01-31	not yet calculated	CVE-2020-7218 MISC MISC
hashicorp -- nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.	2020-01-31	not yet calculated	CVE-2020-7956 MISC MISC
hp -- intel-based_business_pcs	A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).	2020-01-31	not yet calculated	CVE-2019-18913 CONFIRM
htcondor -- mrg_grid	The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.	2020-01-31	not yet calculated	CVE-2014-8126 MISC MISC MISC MISC
ibm -- watson_iot_message_gateway	IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.	2020-01-28	not yet calculated	CVE-2020-4207 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.	2020-01-31	not yet calculated	CVE-2019-4720 XF CONFIRM
idelji -- web_viewpoint_and_web_viewpoint_plus_and_web_viewpoint_enterprise	An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.	2020-01-27	not yet calculated	CVE-2019-19539 CONFIRM
info-zip -- unzip	Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	not yet calculated	CVE-2014-8140 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	not yet calculated	CVE-2014-8139 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	not yet calculated	CVE-2014-8141 MISC MISC MISC MISC
infoware -- mapsuite mapapi	Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	not yet calculated	CVE-2014-2843 MISC MISC MISC
intel -- multiple_intel_processors	Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.	2020-01-28	not yet calculated	CVE-2020-0549 CONFIRM
intel -- multiple_intel_processors	Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.	2020-01-28	not yet calculated	CVE-2020-0548 CONFIRM
intergraph_corporation -- erdas_er_viewer	ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities	2020-01-30	not yet calculated	CVE-2013-0725 MISC MISC
israeli_ex_libris -- aleph_500	Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.	2020-01-30	not yet calculated	CVE-2014-3719 MISC MISC
israeli_ex_libris -- aleph_500	Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter.	2020-01-30	not yet calculated	CVE-2014-3718 MISC MISC
jetbrains -- intellij_idea	In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.	2020-01-31	not yet calculated	CVE-2020-7914 MISC CONFIRM
joomla! -- joomla!	An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.	2020-01-28	not yet calculated	CVE-2020-8419 MISC
joomla! -- joomla!	An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.	2020-01-28	not yet calculated	CVE-2020-8421 MISC
joomla! -- joomla!	An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.	2020-01-28	not yet calculated	CVE-2020-8420 MISC
kronos -- kronos_web_time_and_attendance	A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator.	2020-01-30	not yet calculated	CVE-2020-8493 MISC MISC
kronos -- kronos_web_time_and_attendance	In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.	2020-01-30	not yet calculated	CVE-2020-8495 MISC MISC
kronos -- kronos_web_time_and_attendance	In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.	2020-01-30	not yet calculated	CVE-2020-8496 MISC MISC
kronos -- kronos_web_time_and_attendance	In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters.	2020-01-30	not yet calculated	CVE-2020-8494 MISC MISC
ktor -- ktor	In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.	2020-01-27	not yet calculated	CVE-2020-5207 MISC CONFIRM
liferay -- portal_ce	In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results).	2020-01-28	not yet calculated	CVE-2020-7934 MISC
lightning_labs -- lightning_network_daemon	Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.	2020-01-31	not yet calculated	CVE-2019-12999 MISC MISC CONFIRM
linux -- linux_kernel	In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.	2020-01-31	not yet calculated	CVE-2019-3016 CONFIRM CONFIRM CONFIRM
logmein -- lastpass	LastPass prior to 2.5.1 allows secure wipe bypass.	2020-01-31	not yet calculated	CVE-2013-5114 MISC MISC MISC
logmein -- lastpass	LastPass prior to 2.5.1 has an insecure PIN implementation.	2020-01-31	not yet calculated	CVE-2013-5113 MISC MISC MISC
lzx_apps -- super_file_explorer	An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.	2020-01-28	not yet calculated	CVE-2020-7998 MISC MISC
manageengine -- desktopcentral	Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.	2020-01-27	not yet calculated	CVE-2013-7390 MISC MISC
mediawiki -- mediawiki	The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.	2020-01-27	not yet calculated	CVE-2014-9481 MISC MISC CONFIRM MISC
micasaverde -- veralite	The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.	2020-01-28	not yet calculated	CVE-2013-4863 MISC MISC MISC
micasaverde -- veralite	MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.	2020-01-28	not yet calculated	CVE-2013-4862 MISC MISC MISC
micasaverde -- veralite	Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.	2020-01-28	not yet calculated	CVE-2013-4861 MISC MISC MISC
micasaverde -- veralite	MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.	2020-01-28	not yet calculated	CVE-2013-4864 MISC MISC MISC
micasaverde -- veralite	Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.	2020-01-28	not yet calculated	CVE-2013-4865 MISC MISC MISC
motu -- motu_avb_devices	AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.	2020-01-27	not yet calculated	CVE-2020-8009 MISC
multiple_vendors -- multiple_bios_implementations	The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.	2020-01-30	not yet calculated	CVE-2015-0949 MISC
multiple_vendors -- multiple_realtek_sdk_based_routers	A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.	2020-01-27	not yet calculated	CVE-2019-19822 MISC MISC FULLDISC FULLDISC MISC MISC
multiple_vendors -- multiple_realtek_sdk_based_routers	A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.	2020-01-27	not yet calculated	CVE-2019-19823 MISC MISC FULLDISC FULLDISC MISC MISC
neato -- botvac_connected	An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.	2020-01-27	not yet calculated	CVE-2018-19441 MISC MISC
netapp -- oncommand_system_manager	NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.	2020-01-31	not yet calculated	CVE-2013-3322 XF MISC
nethack -- nethack	In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5214 CONFIRM
nethack -- nethack	In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5213 CONFIRM
nethack -- nethack	In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5212 CONFIRM
nethack -- nethack	In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5210 MISC CONFIRM
nethack -- nethack	In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5209 MISC CONFIRM
nethack -- nethack	In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.	2020-01-28	not yet calculated	CVE-2020-5211 CONFIRM
network_time_protocol -- network_time_protocol	Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.	2020-01-28	not yet calculated	CVE-2015-7851 MISC MISC MISC
node-uuid -- node-uuid	node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.	2020-01-30	not yet calculated	CVE-2015-8851 MISC MISC CONFIRM CONFIRM
oauth2_proxy -- oauth2_proxy	OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.	2020-01-30	not yet calculated	CVE-2020-5233 MISC MISC CONFIRM
open-xchange -- open-xchange_app_suite	Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.	2020-01-31	not yet calculated	CVE-2014-5236 MISC MISC MISC
opencast -- opencast	Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint.	2020-01-30	not yet calculated	CVE-2020-5229 MISC CONFIRM
opencast -- opencast	Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1	2020-01-30	not yet calculated	CVE-2020-5222 MISC CONFIRM
opencast -- opencast	Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(?) vs Id.compact(?) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.	2020-01-30	not yet calculated	CVE-2020-5230 MISC CONFIRM
opencast -- opencast	In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name ? implying an admin for a specific course ? users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration.	2020-01-30	not yet calculated	CVE-2020-5231 MISC CONFIRM
opencast -- opencast	Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows.	2020-01-30	not yet calculated	CVE-2020-5228 MISC CONFIRM
opencast -- opencast	In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1	2020-01-30	not yet calculated	CVE-2020-5206 MISC CONFIRM
openjpeg_2.3.1 -- openjpeg_2.3.1N/A	opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.	2020-01-28	not yet calculated	CVE-2020-8112 MISC MLIST
opensc -- opensc.tokend	OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability	2020-01-30	not yet calculated	CVE-2013-1866 MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).	2020-01-30	not yet calculated	CVE-2020-8443 MISC MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).	2020-01-30	not yet calculated	CVE-2020-8444 MISC MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data.	2020-01-30	not yet calculated	CVE-2020-8445 MISC MISC MISC
ossec -- ossec-hids	In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).	2020-01-30	not yet calculated	CVE-2020-8447 MISC MISC MISC
pandora_fms -- pandora_fms	Pandora FMS ? 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.	2020-01-30	not yet calculated	CVE-2019-20050 MISC
perl -- perl	Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.	2020-01-31	not yet calculated	CVE-2011-4115 MISC MISC CONFIRM
perl -- perl	Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.	2020-01-28	not yet calculated	CVE-2013-1437 MISC MISC MISC
perl -- perl	The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.	2020-01-31	not yet calculated	CVE-2011-4117 MISC MISC MISC
perl -- perl	The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.	2020-01-28	not yet calculated	CVE-2014-3230 MISC MISC MISC MISC MISC
perl -- perl	_is_safe in the File::Temp module for Perl does not properly handle symlinks.	2020-01-31	not yet calculated	CVE-2011-4116 MISC MISC MISC MISC MISC
pivotal -- pivotal_tc_server_and_pivotal_tc_runtime	In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.	2020-01-27	not yet calculated	CVE-2019-11288 CONFIRM
polycom -- hdx_video_end_points_and_uc_ap	Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.	2020-01-28	not yet calculated	CVE-2012-6610 MISC MISC
polycom -- web_management_interface_g3/hdx_8000_hd	Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.	2020-01-28	not yet calculated	CVE-2012-6609 MISC MISC
prosody -- prosody	The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.	2020-01-28	not yet calculated	CVE-2020-8086 MISC MISC CONFIRM BUGTRAQ DEBIAN
python -- python	The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.	2020-01-28	not yet calculated	CVE-2013-1895 MISC MISC MISC MISC MISC
python -- python	Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.	2020-01-30	not yet calculated	CVE-2020-8492 MISC MISC MISC
qemu -- qemu	The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.	2020-01-31	not yet calculated	CVE-2015-6815 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM CONFIRM
rockwell_automation -- arena_simulation_software	A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.	2020-01-27	not yet calculated	CVE-2019-13521 MISC MISC
rockwell_automation -- arena_simulation_software	A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.	2020-01-27	not yet calculated	CVE-2019-13519 MISC MISC
senior -- rubiweb	Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.	2020-01-31	not yet calculated	CVE-2019-19550 CONFIRM
silicon_graphics_international -- sgi_tempo	SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.	2020-01-27	not yet calculated	CVE-2014-7303 MISC MISC
silicon_graphics_international -- sgi_tempo	SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.	2020-01-27	not yet calculated	CVE-2014-7302 MISC MISC
silicon_graphics_international -- sgi_tempo	SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.	2020-01-27	not yet calculated	CVE-2014-7301 MISC MISC
simplejobscript -- simplejobscript	controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.	2020-01-31	not yet calculated	CVE-2020-8440 CONFIRM
smc_networks -- d3g0804w_d3gnv5m-3.5.1.6.10_ga_devices	SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.	2020-01-27	not yet calculated	CVE-2020-8087 MISC
solarwinds -- n-central	SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.	2020-01-26	not yet calculated	CVE-2020-7984 MISC MISC MISC MISC MISC MISC MISC MISC
sonalak -- verax_nms	Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities	2020-01-30	not yet calculated	CVE-2013-1350 MISC MISC
sonalak -- verax_nms	Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.	2020-01-30	not yet calculated	CVE-2013-1352 MISC MISC MISC
sonalak -- verax_nms	Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.	2020-01-30	not yet calculated	CVE-2013-1351 MISC MISC MISC
sonalak -- verax_nms	Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action	2020-01-30	not yet calculated	CVE-2013-1631 MISC MISC
sudo -- sudo	In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.	2020-01-29	not yet calculated	CVE-2019-18634 FULLDISC MLIST MLIST MLIST BUGTRAQ BUGTRAQ BUGTRAQ CONFIRM DEBIAN CONFIRM MISC
suse -- linux_enterprise_server_15_obs-service-tar_scm_and_opensuse_factory_obs-service-tar_scm	Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.	2020-01-27	not yet calculated	CVE-2018-12476 CONFIRM
suse -- opensuse_leap_yast2-rmt	A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.	2020-01-27	not yet calculated	CVE-2018-20105 CONFIRM
suse -- suse_studio_onsite_susestudio-common	A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.	2020-01-27	not yet calculated	CVE-2017-14806 CONFIRM
suse -- suse_studio_onsite_susestudio-ui-server	An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.	2020-01-27	not yet calculated	CVE-2017-14807 CONFIRM
sylius -- resourcebundle	Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 \|\| >=1.3.0 <=1.3.12 \|\| >=1.4.0 <=1.4.5 \|\| >=1.5.0 <=1.5.0 \|\| >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.	2020-01-27	not yet calculated	CVE-2020-5220 MISC CONFIRM
sylius -- sylius	Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.	2020-01-27	not yet calculated	CVE-2020-5218 MISC CONFIRM
tensorflow -- tensorflow	In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.	2020-01-28	not yet calculated	CVE-2020-5215 MISC MISC MISC CONFIRM
tibco_software -- tibco_patterns_-_search	The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.	2020-01-28	not yet calculated	CVE-2019-17338 CONFIRM CONFIRM
totolink -- realtek_sdk_based_routers	On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.	2020-01-27	not yet calculated	CVE-2019-19825 MISC FULLDISC FULLDISC MISC
totolink -- realtek_sdk_based_routers	On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.	2020-01-27	not yet calculated	CVE-2019-19824 MISC FULLDISC FULLDISC MISC
trend_micro -- anti-threat_toolkit	Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.	2020-01-30	not yet calculated	CVE-2019-20358 FULLDISC N/A N/A
united_planet -- intrexx_professional	Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.	2020-01-31	not yet calculated	CVE-2014-2025 MISC MISC CONFIRM
usebb -- usebb	panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.	2020-01-27	not yet calculated	CVE-2020-8088 MISC
videolan -- vlc_media_player	Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.	2020-01-31	not yet calculated	CVE-2013-3565 MISC MISC MISC MISC
vtiger -- vtiger_crm	vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.	2020-01-28	not yet calculated	CVE-2013-3212 EXPLOIT-DB BID XF
web2project -- web2project	Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.	2020-01-31	not yet calculated	CVE-2014-3119 MISC MISC MISC
webargs -- webargs	flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF.	2020-01-29	not yet calculated	CVE-2020-7965 CONFIRM
wolfssl -- cyassl	The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.	2020-01-28	not yet calculated	CVE-2014-2896 MISC MISC CONFIRM CONFIRM
wolfssl -- cyassl	wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.	2020-01-28	not yet calculated	CVE-2014-2898 MISC MISC CONFIRM CONFIRM
wolfssl -- cyassl	The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.	2020-01-28	not yet calculated	CVE-2014-2897 MISC MISC CONFIRM CONFIRM
wordpress -- wordpress	Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).	2020-01-30	not yet calculated	CVE-2013-4241 MISC MISC MISC MISC MISC
wordpress -- wordpress	The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.	2020-01-28	not yet calculated	CVE-2020-8417 MISC MISC
wordpress -- wordpress	NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability	2020-01-30	not yet calculated	CVE-2013-0291 MISC MISC
wordpress -- wordpress	XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).	2020-01-30	not yet calculated	CVE-2020-8498 MISC MISC MISC
wowza -- wowza_streaming_engine	A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse.	2020-01-29	not yet calculated	CVE-2019-7656 MISC MISC
wowza -- wowza_streaming_engine	Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component.	2020-01-29	not yet calculated	CVE-2019-7654 MISC MISC
xpient -- xpient_point_of_sale_systems	Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.	2020-01-28	not yet calculated	CVE-2013-2571 MISC MISC MISC MISC
zoho_manageengine -- remote_access_plus	An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).	2020-01-31	not yet calculated	CVE-2020-8422 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

↧

OpenSMTPD Vulnerability

February 3, 2020, 10:29 am

≫ Next: IRS Launches “Identity Theft Central” Webpage

≪ Previous: Vulnerability Summary for the Week of January 27, 2020

Original release date: February 3, 2020

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#390745 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

IRS Launches “Identity Theft Central” Webpage

February 4, 2020, 7:53 am

≫ Next: Google Releases Security Updates for Chrome

≪ Previous: OpenSMTPD Vulnerability

Original release date: February 4, 2020

The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, tax professionals, and businesses to review the IRS news release and CISA’s Tip on Preventing and Responding to Identity Theft for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Google Releases Security Updates for Chrome

February 5, 2020, 8:32 am

≫ Next: Cisco Releases Security Updates for Multiple Products

≪ Previous: IRS Launches “Identity Theft Central” Webpage

Original release date: February 5, 2020

Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Cisco Releases Security Updates for Multiple Products

February 6, 2020, 9:11 am

≫ Next: ACSC Releases Advisory on Mailto Ransomware Incidents

≪ Previous: Google Releases Security Updates for Chrome

Original release date: February 6, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories, as well Vulnerability Note #261385 from the CERT Coordination Center (CERT/CC), and apply the necessary updates:

IP Phone Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-20200205-voip-phones-rce-dos
NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability cisco-sa-20200205-nxos-cdp-rce
Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-20200205-ipcameras-rce-dos
IOS XR Software Cisco Discovery Protocol Format String Vulnerability cisco-sa-20200205-iosxr-cdp-rce
FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial-of-Service Vulnerability cisco-sa-20200205-fxnxos-iosxr-cdp-dos

This product is provided subject to this Notification and this Privacy & Use policy.

↧

ACSC Releases Advisory on Mailto Ransomware Incidents

February 6, 2020, 11:13 am

≫ Next: Safer Internet Day

≪ Previous: Cisco Releases Security Updates for Multiple Products

Original release date: February 6, 2020

The Australian Cyber Security Centre (ACSC) has released an advisory on Mailto ransomware incidents. The ACSC has limited information regarding the initial intrusion vector for Mailto, also known as Kazakavkovkiz, but evidence suggests that Mailto actors may have used phishing and password spray attacks to comprise user accounts. The ACSC provides recommendations for users to detect and mitigate these types of attacks and assist with limiting their spread within networks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on Mailto ransomware incidents and CISA’s Tip on Protecting Against Ransomware for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Safer Internet Day

February 10, 2020, 7:58 am

≫ Next: Vulnerability Summary for the Week of February 3, 2020

≪ Previous: ACSC Releases Advisory on Mailto Ransomware Incidents

Original release date: February 10, 2020

February 11, 2020, is Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's theme—Together for a better internet—encourages everyone to play their part in creating a safer, more secure internet.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to view the Safer Internet Day website and the following tips:

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Vulnerability Summary for the Week of February 3, 2020

February 10, 2020, 4:28 am

≫ Next: Mozilla Releases Security Updates for Multiple Products

≪ Previous: Safer Internet Day

Original release date: February 10, 2020

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
aircrack-ng -- aircrack-ng	Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.	2020-01-31	7.5	CVE-2014-8322 CONFIRM MISC MISC MISC CONFIRM MISC
aruba_networks -- instant	Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.	2020-01-31	7.5	CVE-2016-2031 MISC MISC MISC MISC
changing_information_technology -- servisign	An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.	2020-02-03	7.8	CVE-2020-3926 CONFIRM
changing_information_technology -- servisign	An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.	2020-02-03	8.5	CVE-2020-3927 CONFIRM
cisco -- multiple_ip_phones	A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).	2020-02-05	8.3	CVE-2020-3111 MISC CISCO
cisco -- video_surveillance_8000_series_ip_cameras	A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.	2020-02-05	8.3	CVE-2020-3110 MISC CISCO
coppermine_development_team -- coppermine_gallery	Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.	2020-02-05	7.5	CVE-2010-4815 MISC MISC MISC
curling -- curling	All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.	2020-02-06	10	CVE-2019-10789 MISC MISC
django -- django	Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.	2020-02-03	7.5	CVE-2020-7471 MLIST CONFIRM CONFIRM CONFIRM UBUNTU CONFIRM CONFIRM
dot-prop -- dot-prop	Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.	2020-02-04	7.5	CVE-2020-8116 MISC
dotcms -- dotcms	dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).	2020-02-05	7.5	CVE-2020-6754 CONFIRM CONFIRM
edk2 -- unified_extensible_firmware_interface	Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.	2020-01-31	7.2	CVE-2014-4860 MISC
edk2 -- unified_extensible_firmware_interface	Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.	2020-01-31	7.2	CVE-2014-4859 MISC
eg_innovations -- eg_manager	eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).	2020-02-03	7.5	CVE-2020-8592 MISC
eg_innovations -- eg_manager	eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.	2020-02-03	7.5	CVE-2020-8591 MISC
fortinet -- fortimanager	A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.	2020-02-04	9	CVE-2015-3611 MISC MISC CONFIRM
fortinet -- mortimanager	A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page	2020-02-04	7.5	CVE-2015-3613 MISC MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.9 and later through 12.7.2 has Insecure Permission	2020-02-05	7.5	CVE-2020-8114 CONFIRM MISC MISC
hashicorp -- nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.	2020-01-31	7.5	CVE-2020-7956 MISC MISC
jobberbase -- jobberbase	Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.	2020-02-05	7.5	CVE-2019-20447 MISC MISC
klona -- klona	Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.	2020-02-04	7.5	CVE-2020-8125 MISC
nanopb -- nanopb	There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.	2020-02-04	7.5	CVE-2020-5235 MISC MISC MISC CONFIRM
netapp -- oncommand_system_manager	NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.	2020-01-31	9	CVE-2013-3322 XF MISC
norman -- malware_cleaner	nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.	2020-02-03	7.5	CVE-2020-8508 MISC
phpabook -- phpabook	An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.	2020-02-03	7.5	CVE-2020-8510 MISC MISC
phplist -- phplist	phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.	2020-02-03	7.5	CVE-2020-8547 MISC
playsms -- playsms	PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.	2020-02-05	7.5	CVE-2020-8644 MISC MISC
ppp -- ppp	eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.	2020-02-03	7.5	CVE-2020-8597 MISC MLIST
python -- python	Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.	2020-02-04	7.1	CVE-2019-9674 MISC MISC MISC MISC MISC
qualcomm -- mdm9206_and_mdm9607_devices	Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607	2020-02-07	7.2	CVE-2019-14051 CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24	2020-02-07	7.2	CVE-2019-14046 CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24	2020-02-07	7.2	CVE-2019-14044 CONFIRM
qualcomm -- multiple_snapdragon_products	Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	7.2	CVE-2019-14055 CONFIRM
qualcomm -- multiple_snapdragon_products	APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130	2020-02-07	7.2	CVE-2019-14002 CONFIRM
qualcomm -- multiple_snapdragon_products	There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	7.2	CVE-2019-10567 CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130	2020-02-07	9.4	CVE-2019-14063 CONFIRM
qualcomm -- multiple_snapdragon_products	Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	7.2	CVE-2019-14060 CONFIRM
qualcomm -- multiple_snapdragon_products	Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	9.4	CVE-2019-14057 CONFIRM
qualcomm -- multiple_snapdragon_products	Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130	2020-02-07	7.2	CVE-2019-14049 CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	10	CVE-2019-10590 CONFIRM
sap -- netweaver	SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.	2020-02-05	7.5	CVE-2011-1517 MISC MISC MISC
simplejobscript.com -- simplejobscript.com	controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.	2020-01-31	7.5	CVE-2020-8440 CONFIRM
smartbear -- readyapi_and_soapui	An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.	2020-02-05	9.3	CVE-2019-12180 MISC
squid -- squid	An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.	2020-02-04	7.5	CVE-2020-8450 MISC MISC MISC MISC MISC MISC
the_update_framework -- tuf	TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.	2020-02-05	7.5	CVE-2020-6174 CONFIRM
tp-link -- tg-sg105e_devices	The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.	2020-02-03	7.8	CVE-2019-16893 EXPLOIT-DB
zpanel_project -- zpanel	ZPanel 10.0.1 has insufficient entropy for its password reset process.	2020-02-04	7.5	CVE-2012-5686 MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
1up -- oneupuploaderbundle	oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5.	2020-02-05	6.5	CVE-2020-5237 MISC CONFIRM
abrt -- abrt	ABRT might allow attackers to obtain sensitive information from crash reports.	2020-01-31	5	CVE-2011-4088 MISC MISC
aircrack-ng -- aircrack-ng	Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.	2020-01-31	4.6	CVE-2014-8321 CONFIRM MISC MISC CONFIRM MISC
alcatel-lucent -- 1830_photonic_service_switch	Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.	2020-01-31	4.3	CVE-2014-3809 MISC
apache -- ofbiz	an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06	2020-02-06	5	CVE-2019-12426 MLIST CONFIRM
apple -- bonjour	Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.	2020-02-05	4.9	CVE-2011-0220 MISC
apple -- safari	A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.	2020-02-03	5	CVE-2016-4676 MISC MISC MISC CONFIRM MISC
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.	2020-01-31	4.3	CVE-2020-8505 MISC
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.	2020-01-31	4.3	CVE-2020-8504 MISC
aruba -- airwave_management_platform	A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672	2020-01-31	5	CVE-2016-2032 MISC MISC MISC MISC
atlassian -- crowd	The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.	2020-02-06	5	CVE-2019-20104 N/A
atlassian -- jira	The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.	2020-02-06	4	CVE-2019-20404 N/A
atlassian -- jira	The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.	2020-02-06	4.4	CVE-2019-20400 N/A
atlassian -- jira	The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.	2020-02-06	4.3	CVE-2019-20405 N/A
atlassian -- jira	Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.	2020-02-06	4.3	CVE-2019-20401 N/A
atlassian -- jira	The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.	2020-02-06	5	CVE-2019-20403 N/A
atlassian -- jira	Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.	2020-02-06	4	CVE-2019-20106 N/A
atlassian -- jira	Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.	2020-02-06	4	CVE-2019-20402 N/A
auth0 -- auth0_lock	Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.	2020-02-03	4.3	CVE-2019-20174 CONFIRM MISC
batavi -- batavi	Batavi before 1.0 has CSRF.	2020-02-05	6.8	CVE-2011-0525 MISC MISC
brocade -- fabric_os	Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.	2020-02-05	5	CVE-2019-16204 CONFIRM
brocade -- fabric_os	Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.	2020-02-05	5	CVE-2019-16203 CONFIRM
brother -- mfc-9970cdw_devices	Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.	2020-02-03	5	CVE-2013-2674 MISC XF BID
brother -- mfc-9970cdw_devices	Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.	2020-02-03	5	CVE-2013-2672 MISC XF
brother -- mfc-9970cdw_devices	Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.	2020-02-03	4.6	CVE-2013-2673 MISC BID
c-lightning -- c-lightning	c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."	2020-01-31	5	CVE-2019-12998 MISC CONFIRM
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.	2020-02-06	5	CVE-2013-2683 MISC BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.	2020-02-05	5	CVE-2013-2680 MISC BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.	2020-02-04	6.8	CVE-2013-2678 MISC EXPLOIT-DB BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.	2020-02-05	4.3	CVE-2013-2681 MISC BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.	2020-02-05	4.3	CVE-2013-2682 MISC BID XF
cisco -- linksys_e4200	Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-02-06	4.3	CVE-2013-2684 MISC BID XF
computer_incident_response_center_luxembourg -- ail-framework	Global.py in AIL framework 2.8 allows path traversal.	2020-02-03	5	CVE-2020-8545 MISC
cysharp -- messagepack_for_c#_and_unity	MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.	2020-01-31	6.8	CVE-2020-5234 MISC CONFIRM
d-link -- dir-100_devices	D-Link DIR-100 4.03B07 has PPTP and poe information disclosure	2020-02-04	5	CVE-2013-7055 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script	2020-02-04	5	CVE-2013-7052 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi CSRF	2020-02-04	6.8	CVE-2013-7053 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters	2020-02-04	6.8	CVE-2013-7051 MISC MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi XSS	2020-02-04	4.3	CVE-2013-7054 MISC MISC MISC
drupal -- drupal	Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.	2020-01-31	4.3	CVE-2014-8338 MISC MISC
eclair -- eclair	Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."	2020-01-31	5	CVE-2019-13000 MISC MISC CONFIRM
ens_domains -- ens	A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.	2020-01-31	4.9	CVE-2020-5232 MISC CONFIRM
eucalyptus -- eucalyptus_management_console	Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	6.8	CVE-2014-5039 CONFIRM
evernote_corporation -- evernote	Evernote prior to 5.5.1 has insecure password change	2020-01-31	6.6	CVE-2013-5116 MISC MISC MISC
f5 -- big-ip	On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.	2020-02-06	5	CVE-2020-5856 CONFIRM
f5 -- big-ip_edge_client_for_windows	When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.	2020-02-06	4.6	CVE-2020-5855 CONFIRM
gitlab -- gitlab_enterprise_edition	An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.	2020-02-05	5	CVE-2020-6833 MISC CONFIRM
gitlab -- gitlab	GitLab through 12.7.2 allows XSS.	2020-02-05	4.3	CVE-2020-7973 MISC CONFIRM MISC
gitlab -- gitlab_enterprise_edition	GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.	2020-02-05	5	CVE-2020-7966 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 10.1 through 12.7.2 allows Information Disclosure.	2020-02-05	5	CVE-2020-7974 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.9 and later through 12.7.2 has Insecure Permission	2020-02-05	4.3	CVE-2020-7979 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).	2020-02-05	4	CVE-2020-7967 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.	2020-02-05	5	CVE-2020-7976 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.	2020-02-05	5	CVE-2020-7968 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.	2020-02-05	5	CVE-2020-7969 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 11.0 and later through 12.7.2 allows XSS.	2020-02-05	4.3	CVE-2020-7971 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.	2020-02-05	5	CVE-2020-7978 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).	2020-02-05	5	CVE-2020-7972 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.	2020-02-05	4.3	CVE-2020-7977 MISC CONFIRM
google -- android	An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition.	2020-02-05	6.8	CVE-2019-11516 CONFIRM MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.	2020-01-31	5	CVE-2020-7955 MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.	2020-01-31	5	CVE-2020-7219 MISC MISC
hashicorp -- nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.	2020-01-31	5	CVE-2020-7218 MISC MISC
htcondor -- mrg_grid	The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.	2020-01-31	6.5	CVE-2014-8126 MISC MISC MISC MISC
ibm -- infosphere_information_server	IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability	2020-02-05	5.8	CVE-2013-0507 MISC
ibm -- planning_analytics	IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.	2020-02-05	6.8	CVE-2019-4613 XF CONFIRM
ibm -- sdk_java_technology	IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.	2020-02-03	6.9	CVE-2019-4732 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.	2020-02-04	6.5	CVE-2019-4541 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.	2020-02-04	6	CVE-2020-4163 XF CONFIRM
ibm -- workflow_for_bluemix	IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.	2020-02-05	5.8	CVE-2015-0102 MISC CONFIRM CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.	2020-02-04	5	CVE-2019-4562 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.	2020-02-04	4.3	CVE-2019-4548 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.	2020-02-04	5	CVE-2019-4551 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.	2020-02-04	5	CVE-2019-4550 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.	2020-02-04	5	CVE-2019-4540 XF CONFIRM
ibm -- security_identity_manager	IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.	2020-02-04	4	CVE-2019-4674 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.	2020-01-31	5	CVE-2019-4720 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.	2020-02-05	4	CVE-2019-4670 XF CONFIRM
icewarp -- webmail_server	In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.	2020-02-01	4.3	CVE-2020-8512 MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8140 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8139 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8141 MISC MISC MISC MISC
infoware -- mapsuite_mapapi	Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	4.3	CVE-2014-2843 MISC MISC MISC
ipmitool -- ipmitool	It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.	2020-02-05	6.5	CVE-2020-5208 MISC CONFIRM MLIST
jetbrains -- intellij_idea	In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.	2020-01-31	5	CVE-2020-7914 MISC CONFIRM
joomla! -- joomla!	Joomla! 1.7.1 has core information disclosure due to inadequate error checking.	2020-02-04	5	CVE-2011-4937 MISC MISC MISC MISC
joomla! -- joomla!	Joomla! core 1.7.1 allows information disclosure due to weak encryption	2020-02-04	5	CVE-2011-3629 MISC MISC MISC MISC
joomla! -- joomla!	Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.	2020-02-05	6.4	CVE-2011-1151 MISC MISC
joomla! -- joomla!	Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.	2020-02-04	5	CVE-2011-4912 MISC MISC
joomla! -- joomla!	The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).	2020-02-03	4.3	CVE-2020-5182 CONFIRM
kubernetes -- kubernetes	The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.	2020-02-03	4.3	CVE-2019-11251 CONFIRM MLIST
libvncserver -- libvncserver	A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.	2020-02-05	5	CVE-2010-5304 MISC MISC MISC MISC MISC MISC
lightning_labs -- lightning_network_daemon	Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.	2020-01-31	5	CVE-2019-12999 MISC MISC CONFIRM
logmein -- lastpass	LastPass prior to 2.5.1 allows secure wipe bypass.	2020-01-31	6.6	CVE-2013-5114 MISC MISC MISC
lotus_core -- lotus_core_cms	Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.	2020-02-05	6.5	CVE-2020-8641 MISC
masscode -- masscode	massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).	2020-02-03	4.3	CVE-2020-8548 MISC MISC
maxum_development_corporation -- rumpus	An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.	2020-02-02	4.3	CVE-2020-8514 MISC MISC
microsoft -- windows_operating_system	The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.	2020-02-06	4.4	CVE-2019-20406 N/A
movable_type -- multiple_products	Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.	2020-02-06	4.3	CVE-2020-5528 MISC MISC
nextcloud -- nextcloud_server	Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.	2020-02-04	4	CVE-2020-8117 MISC MISC
nextcloud -- nextcloud_server	A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.	2020-02-04	4.3	CVE-2020-8120 MISC MISC
nextcloud -- nextcloud_server	Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.	2020-02-04	5	CVE-2019-15623 MISC MISC
nextcloud -- nextcloud_server	Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.	2020-02-04	4	CVE-2020-8119 MISC MISC
nextcloud -- talk	Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.	2020-02-04	4	CVE-2019-15620 MISC MISC
open-xchange -- ox_app_suite	Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.	2020-01-31	5	CVE-2014-5236 MISC MISC MISC
openwall -- openwall	bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.	2020-02-05	4.3	CVE-2011-1150 MISC
perl -- perl	_is_safe in the File::Temp module for Perl does not properly handle symlinks.	2020-01-31	5	CVE-2011-4116 MISC MISC MISC MISC MISC
perl -- perl	The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.	2020-01-31	5	CVE-2011-4117 MISC MISC MISC
perl -- perl	Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.	2020-01-31	6.4	CVE-2011-4115 MISC MISC CONFIRM
phpshop -- phpshop	PHPShop through 0.8.1 has XSS.	2020-02-05	4.3	CVE-2011-1069 MISC
pmwiki -- pmwiki	PmWiki before 2.2.21 has XSS.	2020-02-05	4.3	CVE-2010-4662 MISC MISC
prototype -- prototype	Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.	2020-02-03	4	CVE-2020-7993 MISC MISC
pylons_project -- waitress	Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.	2020-02-04	6.8	CVE-2020-5236 MISC CONFIRM
qualcomm -- multiple_snapdragon_products	Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130	2020-02-07	4.6	CVE-2019-14040 CONFIRM
qualcomm -- multiple_snapdragon_products	During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	4.6	CVE-2019-14041 CONFIRM
senior -- rubiweb	Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.	2020-01-31	5	CVE-2019-19550 CONFIRM
sos -- jobscheduler	A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.	2020-02-06	6.8	CVE-2020-6855 MISC
sos -- jobscheduler	An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.	2020-02-06	4	CVE-2020-6856 MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.	2020-02-04	5	CVE-2020-8517 MISC MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.	2020-02-04	5	CVE-2020-8449 MISC MISC MISC MISC MISC MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.	2020-02-04	5	CVE-2019-12528 CONFIRM
strapi -- strapi	A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.	2020-02-04	4	CVE-2020-8123 MISC
suse -- openSUSE_wicked	An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.	2020-02-05	5	CVE-2020-7216 CONFIRM MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih	SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.	2020-02-04	5	CVE-2020-3937 MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih	SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.	2020-02-04	5	CVE-2020-3938 MISC
sysjust_syuan-gu-da-shih -- sysjust_syuan-gu-da-shih	SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.	2020-02-04	4.3	CVE-2020-3939 MISC
telaen -- telaen	Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.	2020-02-03	5.8	CVE-2013-2621 BID XF MISC
telaen -- telaen	Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.	2020-02-03	5	CVE-2013-2624 XF MISC
telaen -- telaen	Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.	2020-02-03	4.3	CVE-2013-2623 BID XF MISC
the_citytv_video_application -- the_citytv_video_application	The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.	2020-02-05	5	CVE-2020-8507 MISC MISC
the_global_tv_application -- the_global_tv_application	The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.	2020-02-05	4	CVE-2020-8506 MISC MISC
tinywebgallery -- tinywebgallery	TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.	2020-02-03	5	CVE-2013-2631 MISC MISC
torproject -- tor	The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information.	2020-02-02	5	CVE-2020-8516 MISC
tp-link -- tl-wr1043nd_v1_120405_devices	TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.	2020-02-03	5	CVE-2013-2646 BID
troglobit -- minisnmpd	An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.	2020-02-04	6.4	CVE-2020-6059 MISC
troglobit -- minisnmpd	An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.	2020-02-04	6.4	CVE-2020-6058 MISC
typo3 -- typo3	The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.	2020-02-03	5	CVE-2014-8328 MISC MISC MISC
uebimiau -- uebimiau	Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.	2020-02-03	4.3	CVE-2013-2622 XF MISC
unisys -- unisys_stealth	In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled.	2020-02-03	4.3	CVE-2019-18193 CONFIRM MISC
vanilla_forums -- vanilla_forums	Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.	2020-02-05	4.3	CVE-2011-1009 MISC
videolan -- vlc_media_player	Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.	2020-01-31	4.3	CVE-2013-3565 MISC MISC MISC MISC
web2project -- web2project	Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.	2020-01-31	6.5	CVE-2014-3119 MISC MISC MISC
wordpress -- wordpress	The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.	2020-02-06	6.8	CVE-2020-8658 MISC MISC MISC
wordpress -- wordpress	Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.	2020-02-03	4.3	CVE-2020-8549 MISC MISC MISC MISC
wordpress -- wordpress	The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.	2020-02-05	4.3	CVE-2019-20173 CONFIRM CONFIRM MISC
zeuscart -- zeuscart	Multiple SQL injection vulnerabilities in ZeusCart 4.x.	2020-01-31	6.5	CVE-2014-3868 MISC MISC MISC MISC
zoho_manageengine -- remote_access_plus	An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).	2020-01-31	4	CVE-2020-8422 MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
1up -- oneupuploaderbundle	oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5.	2020-02-05	6.5	CVE-2020-5237 MISC CONFIRM
abrt -- abrt	ABRT might allow attackers to obtain sensitive information from crash reports.	2020-01-31	5	CVE-2011-4088 MISC MISC
aircrack-ng -- aircrack-ng	Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.	2020-01-31	4.6	CVE-2014-8321 CONFIRM MISC MISC CONFIRM MISC
alcatel-lucent -- 1830_photonic_service_switch	Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.	2020-01-31	4.3	CVE-2014-3809 MISC
apache -- ofbiz	an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06	2020-02-06	5	CVE-2019-12426 MLIST CONFIRM
apple -- bonjour	Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.	2020-02-05	4.9	CVE-2011-0220 MISC
apple -- safari	A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.	2020-02-03	5	CVE-2016-4676 MISC MISC MISC CONFIRM MISC
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.	2020-01-31	4.3	CVE-2020-8505 MISC
aroxsolution -- school_management_software_php/mysql	School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.	2020-01-31	4.3	CVE-2020-8504 MISC
aruba -- airwave_management_platform	A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672	2020-01-31	5	CVE-2016-2032 MISC MISC MISC MISC
atlassian -- crowd	The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.	2020-02-06	5	CVE-2019-20104 N/A
atlassian -- jira	The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.	2020-02-06	4.4	CVE-2019-20400 N/A
atlassian -- jira	The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.	2020-02-06	5	CVE-2019-20403 N/A
atlassian -- jira	Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.	2020-02-06	4	CVE-2019-20402 N/A
atlassian -- jira	The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.	2020-02-06	4.3	CVE-2019-20405 N/A
atlassian -- jira	The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.	2020-02-06	4	CVE-2019-20404 N/A
atlassian -- jira	Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.	2020-02-06	4	CVE-2019-20106 N/A
atlassian -- jira	Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.	2020-02-06	4.3	CVE-2019-20401 N/A
auth0 -- auth0_lock	Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.	2020-02-03	4.3	CVE-2019-20174 CONFIRM MISC
batavi -- batavi	Batavi before 1.0 has CSRF.	2020-02-05	6.8	CVE-2011-0525 MISC MISC
brocade -- fabric_os	Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.	2020-02-05	5	CVE-2019-16204 CONFIRM
brocade -- fabric_os	Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.	2020-02-05	5	CVE-2019-16203 CONFIRM
brother -- mfc-9970cdw_devices	Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.	2020-02-03	5	CVE-2013-2672 MISC XF
brother -- mfc-9970cdw_devices	Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.	2020-02-03	5	CVE-2013-2674 MISC XF BID
brother -- mfc-9970cdw	Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.	2020-02-03	4.6	CVE-2013-2673 MISC BID
c-lightning -- c-lightning	c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."	2020-01-31	5	CVE-2019-12998 MISC CONFIRM
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.	2020-02-05	5	CVE-2013-2680 MISC BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.	2020-02-06	5	CVE-2013-2683 MISC BID XF
cisco -- linksys_e4200	Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.	2020-02-04	6.8	CVE-2013-2678 MISC EXPLOIT-DB BID XF
cisco -- linksys_e4200_devices	Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.	2020-02-05	4.3	CVE-2013-2681 MISC BID XF
cisco -- linksys_e4200_devices	Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-02-06	4.3	CVE-2013-2684 MISC BID XF
cisco -- linksys_e4200_devices	Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.	2020-02-05	4.3	CVE-2013-2682 MISC BID XF
computer_incident_response_center_luxembourg -- ail-framework	Global.py in AIL framework 2.8 allows path traversal.	2020-02-03	5	CVE-2020-8545 MISC
cysharp -- messagepack_for_c#_and_unity	MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.	2020-01-31	6.8	CVE-2020-5234 MISC CONFIRM
d-link -- dir-100_devices	D-Link DIR-100 4.03B07 has PPTP and poe information disclosure	2020-02-04	5	CVE-2013-7055 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script	2020-02-04	5	CVE-2013-7052 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters	2020-02-04	6.8	CVE-2013-7051 MISC MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi CSRF	2020-02-04	6.8	CVE-2013-7053 MISC MISC MISC
d-link -- dir-100_devices	D-Link DIR-100 4.03B07: cli.cgi XSS	2020-02-04	4.3	CVE-2013-7054 MISC MISC MISC
drupal -- drupal	Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.	2020-01-31	4.3	CVE-2014-8338 MISC MISC
eclair -- eclair	Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."	2020-01-31	5	CVE-2019-13000 MISC MISC CONFIRM
ens_domains -- ens	A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.	2020-01-31	4.9	CVE-2020-5232 MISC CONFIRM
eucalyptus_eucalyptus_management_console	Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	6.8	CVE-2014-5039 CONFIRM
evernote_corporation -- evernote	Evernote prior to 5.5.1 has insecure password change	2020-01-31	6.6	CVE-2013-5116 MISC MISC MISC
f5 -- big-ip	On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.	2020-02-06	5	CVE-2020-5856 CONFIRM
f5 -- big-ip_edge_client_for_windows	When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.	2020-02-06	4.6	CVE-2020-5855 CONFIRM
gitlab -- gitlab_enterprise_edition	An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.	2020-02-05	5	CVE-2020-6833 MISC CONFIRM
gitlab -- gitlab	GitLab through 12.7.2 allows XSS.	2020-02-05	4.3	CVE-2020-7973 MISC CONFIRM MISC
gitlab -- gitlab_enterprise_edition	GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.	2020-02-05	5	CVE-2020-7978 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.	2020-02-05	5	CVE-2020-7966 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.	2020-02-05	5	CVE-2020-7968 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).	2020-02-05	4	CVE-2020-7967 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 10.1 through 12.7.2 allows Information Disclosure.	2020-02-05	5	CVE-2020-7974 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.	2020-02-05	5	CVE-2020-7976 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).	2020-02-05	5	CVE-2020-7972 MISC CONFIRM
gitlab -- gitlab_enterprise_edition	GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.	2020-02-05	5	CVE-2020-7969 MISC CONFIRM
gitlab -- gitlab_enterprise_enterprise	GitLab EE 11.0 and later through 12.7.2 allows XSS.	2020-02-05	4.3	CVE-2020-7971 MISC CONFIRM
gitlab -- gitlab_enterprise_enterprise	GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.	2020-02-05	4.3	CVE-2020-7977 MISC CONFIRM
gitlab -- gitlab_enterprise_enterprise	GitLab EE 8.9 and later through 12.7.2 has Insecure Permission	2020-02-05	4.3	CVE-2020-7979 MISC CONFIRM
google -- android	An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition.	2020-02-05	6.8	CVE-2019-11516 CONFIRM MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.	2020-01-31	5	CVE-2020-7955 MISC MISC
hashicorp -- consul_and_consul_enterprise	HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.	2020-01-31	5	CVE-2020-7219 MISC MISC
hashicorp -- nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.	2020-01-31	5	CVE-2020-7218 MISC MISC
htcondor -- mrg_grid	The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.	2020-01-31	6.5	CVE-2014-8126 MISC MISC MISC MISC
ibm -- infosphere_information_server	IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability	2020-02-05	5.8	CVE-2013-0507 MISC
ibm -- planning_analytics	IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.	2020-02-05	6.8	CVE-2019-4613 XF CONFIRM
ibm -- sdk_java_technology	IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.	2020-02-03	6.9	CVE-2019-4732 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.	2020-02-04	6.5	CVE-2019-4541 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.	2020-02-04	6	CVE-2020-4163 XF CONFIRM
ibm -- workflow_for_bluemix	IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.	2020-02-05	5.8	CVE-2015-0102 MISC CONFIRM CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.	2020-02-04	5	CVE-2019-4562 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.	2020-02-04	5	CVE-2019-4551 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.	2020-02-04	4.3	CVE-2019-4548 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.	2020-02-04	5	CVE-2019-4550 XF CONFIRM
ibm -- security_directory_server	IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.	2020-02-04	5	CVE-2019-4540 XF CONFIRM
ibm -- security_identity_manager	IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.	2020-02-04	4	CVE-2019-4674 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.	2020-01-31	5	CVE-2019-4720 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.	2020-02-05	4	CVE-2019-4670 XF CONFIRM
icewarp -- webmail_server	In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.	2020-02-01	4.3	CVE-2020-8512 MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8140 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8139 MISC MISC MISC MISC
info-zip -- unzip	Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.	2020-01-31	6.8	CVE-2014-8141 MISC MISC MISC MISC
infoware -- mapsuite_mapapi	Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2020-01-31	4.3	CVE-2014-2843 MISC MISC MISC
ipmitool -- ipmitool	It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.	2020-02-05	6.5	CVE-2020-5208 MISC CONFIRM MLIST
jetbrains -- intellij_idea	In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.	2020-01-31	5	CVE-2020-7914 MISC CONFIRM
joomla! -- joomla!	Joomla! 1.7.1 has core information disclosure due to inadequate error checking.	2020-02-04	5	CVE-2011-4937 MISC MISC MISC MISC
joomla! -- joomla!	Joomla! core 1.7.1 allows information disclosure due to weak encryption	2020-02-04	5	CVE-2011-3629 MISC MISC MISC MISC
joomla! -- joomla!	Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.	2020-02-05	6.4	CVE-2011-1151 MISC MISC
joomla! -- joomla!	Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.	2020-02-04	5	CVE-2011-4912 MISC MISC
joomla! -- joomla!	The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).	2020-02-03	4.3	CVE-2020-5182 CONFIRM
kubernetes -- kubernetes	The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.	2020-02-03	4.3	CVE-2019-11251 CONFIRM MLIST
libvncserver -- libvncserver	A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.	2020-02-05	5	CVE-2010-5304 MISC MISC MISC MISC MISC MISC
lightning_labs -- lightning_network_daemon	Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.	2020-01-31	5	CVE-2019-12999 MISC MISC CONFIRM
logmein -- lastpass	LastPass prior to 2.5.1 allows secure wipe bypass.	2020-01-31	6.6	CVE-2013-5114 MISC MISC MISC
lotus_core -- lotus_core_cms	Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.	2020-02-05	6.5	CVE-2020-8641 MISC
masscode -- masscode	massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).	2020-02-03	4.3	CVE-2020-8548 MISC MISC
maxum_development_corporation -- rumpus	An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.	2020-02-02	4.3	CVE-2020-8514 MISC MISC
microsoft -- windows_operating_system	The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.	2020-02-06	4.4	CVE-2019-20406 N/A
movable_type -- multiple_products	Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.	2020-02-06	4.3	CVE-2020-5528 MISC MISC
nextcloud -- nextcloud_server	A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.	2020-02-04	4.3	CVE-2020-8120 MISC MISC
nextcloud -- nextcloud_server	Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.	2020-02-04	4	CVE-2020-8117 MISC MISC
nextcloud -- nextcloud_server	Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.	2020-02-04	4	CVE-2020-8119 MISC MISC
nextcloud -- nextcloud_server	Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.	2020-02-04	5	CVE-2019-15623 MISC MISC
nextcloud -- talk	Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.	2020-02-04	4	CVE-2019-15620 MISC MISC
open-xchange -- ox_app_suite	Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.	2020-01-31	5	CVE-2014-5236 MISC MISC MISC
openwall -- openwall	bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.	2020-02-05	4.3	CVE-2011-1150 MISC
perl -- perl	_is_safe in the File::Temp module for Perl does not properly handle symlinks.	2020-01-31	5	CVE-2011-4116 MISC MISC MISC MISC MISC
perl -- perl	The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.	2020-01-31	5	CVE-2011-4117 MISC MISC MISC
perl -- perl	Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.	2020-01-31	6.4	CVE-2011-4115 MISC MISC CONFIRM
phpshop -- phpshop	PHPShop through 0.8.1 has XSS.	2020-02-05	4.3	CVE-2011-1069 MISC
pmwiki -- pmwiki	PmWiki before 2.2.21 has XSS.	2020-02-05	4.3	CVE-2010-4662 MISC MISC
prototype -- prototype	Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.	2020-02-03	4	CVE-2020-7993 MISC MISC
pylons_project -- waitress	Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.	2020-02-04	6.8	CVE-2020-5236 MISC CONFIRM
qualcomm -- multiple_snapdragon_products	Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130	2020-02-07	4.6	CVE-2019-14040 CONFIRM
qualcomm -- multiple_snapdragon_products	During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-02-07	4.6	CVE-2019-14041 CONFIRM
senior -- rubiweb	Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.	2020-01-31	5	CVE-2019-19550 CONFIRM
sos -- jobscheduler	A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.	2020-02-06	6.8	CVE-2020-6855 MISC
sos -- jobscheduler	An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.	2020-02-06	4	CVE-2020-6856 MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.	2020-02-04	5	CVE-2020-8517 MISC MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.	2020-02-04	5	CVE-2020-8449 MISC MISC MISC MISC MISC MISC
squid-cache -- squid	An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.	2020-02-04	5	CVE-2019-12528 CONFIRM
strapi -- strapi	A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.	2020-02-04	4	CVE-2020-8123 MISC
suse -- opensuse_wicked	An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.	2020-02-05	5	CVE-2020-7216 CONFIRM MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih	SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.	2020-02-04	5	CVE-2020-3937 MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih	SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.	2020-02-04	5	CVE-2020-3938 MISC
sysjust_syuan-gu-da-shih -- sysjust_syuan-gu-da-shih	SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.	2020-02-04	4.3	CVE-2020-3939 MISC
telaen -- telaen	Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.	2020-02-03	5	CVE-2013-2624 XF MISC
telaen -- telaen	Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.	2020-02-03	5.8	CVE-2013-2621 BID XF MISC
telaen -- telaen	Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.	2020-02-03	4.3	CVE-2013-2623 BID XF MISC
the_citytv_video_application -- the_citytv_video_application	The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.	2020-02-05	5	CVE-2020-8507 MISC MISC
the_global_tv_application -- the_global_tv_application	The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.	2020-02-05	4	CVE-2020-8506 MISC MISC
tinywebgallery -- tinywebgallery	TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.	2020-02-03	5	CVE-2013-2631 MISC MISC
torproject -- tor	The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information.	2020-02-02	5	CVE-2020-8516 MISC
tp-link -- tl-wr1043nd_v1_120405_devices	TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.	2020-02-03	5	CVE-2013-2646 BID
troglobit -- minisnmpd	An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.	2020-02-04	6.4	CVE-2020-6058 MISC
troglobit -- minisnmpd	An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.	2020-02-04	6.4	CVE-2020-6059 MISC
typo3 -- typo3	The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.	2020-02-03	5	CVE-2014-8328 MISC MISC MISC
uebimiau -- uebimiau	Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.	2020-02-03	4.3	CVE-2013-2622 XF MISC
unisys -- unisys_stealth	In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled.	2020-02-03	4.3	CVE-2019-18193 CONFIRM MISC
vanilla_forums -- vanilla_forums	Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.	2020-02-05	4.3	CVE-2011-1009 MISC
videolan -- vlc_media_player	Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.	2020-01-31	4.3	CVE-2013-3565 MISC MISC MISC MISC
web2project -- web2project	Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.	2020-01-31	6.5	CVE-2014-3119 MISC MISC MISC
wordpress -- wordpress	The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.	2020-02-06	6.8	CVE-2020-8658 MISC MISC MISC
wordpress -- wordpress	Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.	2020-02-03	4.3	CVE-2020-8549 MISC MISC MISC MISC
wordpress -- wordpress	The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.	2020-02-05	4.3	CVE-2019-20173 CONFIRM CONFIRM MISC
zeuscart -- zeuscart	Multiple SQL injection vulnerabilities in ZeusCart 4.x.	2020-01-31	6.5	CVE-2014-3868 MISC MISC MISC MISC
zoho_manageengine -- remote_access_plus	An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).	2020-01-31	4	CVE-2020-8422 MISC MISC

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
arctic_torrent -- arctic_torrent	A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.	2020-02-06	not yet calculated	CVE-2012-6309 MISC
atmail -- atmail_webmail_server	Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.	2020-02-06	not yet calculated	CVE-2012-2593 MISC MISC
belkin -- n300_router	An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."	2020-02-07	not yet calculated	CVE-2013-3091 MISC MISC MISC
biscom -- biscom_secure_file_transfer	Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.	2020-02-07	not yet calculated	CVE-2020-8796 MISC
bludit -- bludit	ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.	2020-02-07	not yet calculated	CVE-2020-8811 MISC
boonex -- dolphin	SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.	2020-02-06	not yet calculated	CVE-2013-3638 BID XF
bosch -- bvms_mobile_video_service	Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.	2020-02-07	not yet calculated	CVE-2020-6770 CONFIRM
bosch -- video_management_system	A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.	2020-02-07	not yet calculated	CVE-2020-6768 CONFIRM
bosch -- video_management_system	A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.	2020-02-06	not yet calculated	CVE-2020-6767 CONFIRM
bosch -- video_streaming_gateway	Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.	2020-02-07	not yet calculated	CVE-2020-6769 CONFIRM
broadcom -- multiple_devices	An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.	2020-02-05	not yet calculated	CVE-2019-15126 CONFIRM
broadcom -- wi_wifi_driver	The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.	2020-02-03	not yet calculated	CVE-2019-9501 MISC CERT-VN
broadcom -- wi_wifi_driver	The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.	2020-02-03	not yet calculated	CVE-2019-9502 MISC CERT-VN
brother -- mfc-9970cdw_device	Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.	2020-02-04	not yet calculated	CVE-2013-2676 MISC XF BID
brother -- mfc-9970cdw_device	Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.	2020-02-05	not yet calculated	CVE-2013-2675 MISC XF BID
c-more -- touch_panels_ea9_series	It is possible to unmask credentials and other sensitive information on ?unprotected? project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.	2020-02-05	not yet calculated	CVE-2020-6969 MISC
canonical -- ubuntu	Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling.	2020-02-08	not yet calculated	CVE-2019-11485 MISC MISC
canonical -- ubuntu	Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.	2020-02-08	not yet calculated	CVE-2019-11483 MISC MISC
canonical -- ubuntu	Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.	2020-02-08	not yet calculated	CVE-2019-11481 MISC MISC
canonical -- ubuntu	Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.	2020-02-08	not yet calculated	CVE-2019-11482 MISC MISC
canonical -- ubuntu	Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.	2020-02-08	not yet calculated	CVE-2019-11484 MISC MISC
ceph -- rgw_beast	A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.	2020-02-07	not yet calculated	CVE-2020-1700 SUSE CONFIRM
cgilua -- cgilua	The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID.	2020-02-06	not yet calculated	CVE-2014-2875 MISC MISC MISC
cgilua -- cgilua	The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.	2020-02-06	not yet calculated	CVE-2014-10400 MISC MISC MISC
cgilua -- cgilua	The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.	2020-02-06	not yet calculated	CVE-2014-10399 MISC MISC MISC
chamilo -- chamilo_lms	Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.	2020-02-08	not yet calculated	CVE-2012-4029 MISC MISC MISC
changing_information_technology -- servisign	A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.	2020-02-03	not yet calculated	CVE-2020-3925 CONFIRM
cisco -- application_control_engine	Cisco ACE A2(3.6) allows log retention DoS.	2020-02-07	not yet calculated	CVE-2013-1202 MISC
cisco -- cisco_discovery_protocol	A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).	2020-02-05	not yet calculated	CVE-2020-3120 MISC CISCO
cisco -- cisco_discovery_protocol	A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).	2020-02-05	not yet calculated	CVE-2020-3118 MISC CISCO
cisco -- cisco_discovery_protocol	A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).	2020-02-05	not yet calculated	CVE-2020-3119 MISC CISCO
cisco -- linksys_wrt110	Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.	2020-02-06	not yet calculated	CVE-2013-3568 EXPLOIT-DB BID XF
clamav -- clam_antivirus	A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.	2020-02-05	not yet calculated	CVE-2020-3123 CISCO
corsair -- corsair_icue	The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.	2020-02-07	not yet calculated	CVE-2020-8808 MISC MISC
d-link -- dir865l_devices	D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.	2020-02-07	not yet calculated	CVE-2013-3096 MISC MISC MISC
dd-wrt -- dd-wrt	Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.	2020-02-06	not yet calculated	CVE-2012-6297 BUGTRAQ MISC FULLDISC MISC
dedicated_micros -- multiple_dvr_products	Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."	2020-02-06	not yet calculated	CVE-2015-2909 MISC MISC
dell -- dmc_isilon_onefs	Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.	2020-02-06	not yet calculated	CVE-2020-5318 MISC
dell -- emc_ecs	Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.	2020-02-06	not yet calculated	CVE-2020-5317 MISC
dell -- multiple_products	Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.	2020-02-06	not yet calculated	CVE-2020-5319 MISC
den_norske_turistforening -- im-metadata	im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.	2020-02-04	not yet calculated	CVE-2019-10788 CONFIRM MISC
den_norske_turistforening -- im-resize	im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.	2020-02-04	not yet calculated	CVE-2019-10787 CONFIRM MISC
docker -- docker	A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.	2020-02-07	not yet calculated	CVE-2014-5278 MISC MISC MISC
drupal -- drupal	The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.	2020-02-08	not yet calculated	CVE-2012-5570 MISC MISC MISC CONFIRM
eyesofnetwork -- eyesofnetwork	An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.	2020-02-06	not yet calculated	CVE-2020-8657 MISC
eyesofnetwork -- eyesofnetwork	An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.	2020-02-07	not yet calculated	CVE-2020-8656 MISC
eyesofnetwork -- eyesofnetwork	An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.	2020-02-07	not yet calculated	CVE-2020-8654 MISC
eyesofnetwork -- eyesofnetwork	An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.	2020-02-07	not yet calculated	CVE-2020-8655 MISC
f5 -- big-ip	On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.	2020-02-06	not yet calculated	CVE-2020-5854 CONFIRM
flowplayer -- flowplayer_flash	Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.	2020-02-08	not yet calculated	CVE-2011-3642 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
fork_cms -- fork_cms	Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.	2020-02-08	not yet calculated	CVE-2014-9470 MISC MISC MISC MISC MISC MISC
fortinet -- forticlient_for_linux	A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.	2020-02-06	not yet calculated	CVE-2019-16152 MISC CONFIRM
fortinet -- forticlient_for_linux	A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.	2020-02-06	not yet calculated	CVE-2019-17652 MISC CONFIRM
fortinet -- forticlient_for_linux	A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.	2020-02-06	not yet calculated	CVE-2019-15711 MISC CONFIRM
fortinet -- forticlient_for_linux	A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.	2020-02-07	not yet calculated	CVE-2019-16155 MISC CONFIRM
foxit -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773.	2020-02-08	not yet calculated	CVE-2019-13333 MISC
foxit -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776.	2020-02-08	not yet calculated	CVE-2019-17136 MISC
foxit -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774.	2020-02-08	not yet calculated	CVE-2019-13334 MISC
foxit -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775.	2020-02-08	not yet calculated	CVE-2019-17135 MISC
fujitsu -- multiple_products	The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.	2020-02-07	not yet calculated	CVE-2019-13163 CONFIRM
gnome -- librsvg	In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.	2020-02-02	not yet calculated	CVE-2019-20446 MISC
gnome -- evolution_and_evolution_data_server	The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.	2020-02-06	not yet calculated	CVE-2013-4166 CONFIRM MISC MISC CONFIRM CONFIRM
golang -- go	The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.	2020-02-08	not yet calculated	CVE-2015-5741 MISC MISC MISC MISC MISC MISC MISC
google -- android	A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.	2020-02-07	not yet calculated	CVE-2014-7224 MISC MISC MISC MISC
google -- chrome	Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.	2020-02-06	not yet calculated	CVE-2010-3917 MISC MISC
hardcoreview -- hardcoreview	A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.	2020-02-06	not yet calculated	CVE-2012-6306 MISC MISC
hp -- sitescope	An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.	2020-02-04	not yet calculated	CVE-2015-2802 CONFIRM CONFIRM MISC MISC MISC
ibm -- cloud_automation_manager	IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.	2020-02-05	not yet calculated	CVE-2019-4616 XF CONFIRM
ibm -- security_identity_manager	IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.	2020-02-04	not yet calculated	CVE-2019-4675 XF CONFIRM
imagemagick -- imagemagick	coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.	2020-02-06	not yet calculated	CVE-2016-7523 MISC MISC MISC MISC
imagemagick -- imagemagick	coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.	2020-02-06	not yet calculated	CVE-2016-7524 MISC MISC MISC CONFIRM CONFIRM CONFIRM
imagemagick -- imagemagick	Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.	2020-02-06	not yet calculated	CVE-2014-2030 CONFIRM CONFIRM CONFIRM MISC MISC MISC MISC CONFIRM
imagemagick -- imagemagick	Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.	2020-02-06	not yet calculated	CVE-2014-1958 CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC MISC
ispconfig -- ispconfig	ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution	2020-02-07	not yet calculated	CVE-2013-3629 MISC MISC MISC MISC
jpegsnoop -- jpegsnoop	A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code	2020-02-06	not yet calculated	CVE-2012-6307 MISC MISC
kemp -- load_master	A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.	2020-02-07	not yet calculated	CVE-2014-5288 MISC MISC
konqueror -- konqueror	The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."	2020-02-08	not yet calculated	CVE-2012-4512 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
linksys -- wrt310n_wireless_router	Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.	2020-02-07	not yet calculated	CVE-2013-3067 MISC MISC MISC
linuxmint -- linuxmint	LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate.	2020-02-07	not yet calculated	CVE-2012-1567 MISC MISC
linuxmint -- linuxmint	LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny.	2020-02-07	not yet calculated	CVE-2012-1566 MISC
mariadb -- mariadb	mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.	2020-02-04	not yet calculated	CVE-2020-7221 MISC CONFIRM MISC
mcabber -- mcabber	MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.	2020-02-06	not yet calculated	CVE-2016-9928 CONFIRM MISC MISC MISC CONFIRM CONFIRM CONFIRM MISC
mediawiki -- mediawiki	MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.	2020-02-08	not yet calculated	CVE-2012-4381 MISC MISC MISC MISC MISC MISC MISC
mediawiki -- mediawiki	The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.	2020-02-06	not yet calculated	CVE-2013-4572 MISC MISC CONFIRM MISC
mikrotik -- winbox	MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack.	2020-02-06	not yet calculated	CVE-2020-5720 MISC
multiple_vendors -- multiple_products	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.	2020-02-05	not yet calculated	CVE-2015-5628 CONFIRM MISC
multiple_vendors -- multiple_products	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.	2020-02-05	not yet calculated	CVE-2015-5627 CONFIRM MISC
multiple_vendors -- multiple_products	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.	2020-02-05	not yet calculated	CVE-2015-5626 CONFIRM MISC
netcracker -- resource_management_system	Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.	2020-02-08	not yet calculated	CVE-2015-3423 MISC MISC
netcracker -- resource_management_system	Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter.	2020-02-08	not yet calculated	CVE-2015-2207 MISC MISC
netgear -- wgr614_wireless_router	An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.	2020-02-06	not yet calculated	CVE-2012-6340 MISC MISC MISC
netgear -- wgr614_wireless_router	An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.	2020-02-06	not yet calculated	CVE-2012-6341 MISC MISC
netis -- wf2419_router	Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.	2020-02-07	not yet calculated	CVE-2019-19356 MISC
network-manager -- network-manager	network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.	2020-02-04	not yet calculated	CVE-2019-10786 MISC
nextcloud -- circles	Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.	2020-02-04	not yet calculated	CVE-2019-15610 MISC MISC
nextcloud -- nextcloud_android	A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.	2020-02-04	not yet calculated	CVE-2019-15615 MISC MISC
nextcloud -- nextcloud_android	Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.	2020-02-04	not yet calculated	CVE-2019-15622 MISC MISC
nextcloud -- nextcloud_ios	Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.	2020-02-04	not yet calculated	CVE-2019-15611 MISC MISC
nextcloud -- nextcloud_ios	Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.	2020-02-04	not yet calculated	CVE-2019-15614 MISC MISC
nextcloud -- nextcloud_server	Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.	2020-02-04	not yet calculated	CVE-2019-15621 MISC MISC
nextcloud -- nextcloud_server	Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.	2020-02-04	not yet calculated	CVE-2019-15616 MISC MISC
nextcloud -- nextcloud_server	A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.	2020-02-04	not yet calculated	CVE-2019-15612 MISC MISC
nextcloud -- nextcloud_server	A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.	2020-02-04	not yet calculated	CVE-2019-15613 MISC MISC
nextcloud -- nextcloud_server	A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.	2020-02-04	not yet calculated	CVE-2019-15617 MISC MISC
nextcloud -- nextcloud_server	Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.	2020-02-04	not yet calculated	CVE-2019-15624 MISC MISC
nextcloud -- nextcloud_server_and_talk_and_deck	Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.	2020-02-04	not yet calculated	CVE-2019-15619 MISC MISC MISC MISC
nextcloud -- nextcloud_server	A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.	2020-02-04	not yet calculated	CVE-2020-8121 MISC MISC
nextcloud -- nextcloud_server	An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.	2020-02-04	not yet calculated	CVE-2020-8118 MISC MISC
nextcloud -- nextcloud_server	A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.	2020-02-04	not yet calculated	CVE-2020-8122 MISC MISC
nghttp2 -- nghttp2	nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).	2020-02-06	not yet calculated	CVE-2016-1544 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
node.js -- node.js	Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate	2020-02-07	not yet calculated	CVE-2019-15604 MISC CONFIRM
node.js -- node.js	Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons	2020-02-07	not yet calculated	CVE-2019-15606 MISC CONFIRM
node.js -- node.js	HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed	2020-02-07	not yet calculated	CVE-2019-15605 MISC FEDORA CONFIRM
nuxeo -- nuxeo_platform	RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.	2020-02-06	not yet calculated	CVE-2013-4521 CONFIRM MISC CONFIRM
nw.js -- nw.js	A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.	2020-02-07	not yet calculated	CVE-2014-9530 CONFIRM
omniauth-weibo-oauth2_gen_for_ruby_on_rails -- omniauth-weibo-oauth2_gen_for_ruby_on_ra	The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.	2020-02-07	not yet calculated	CVE-2019-17268 MISC CONFIRM
open-school -- open-school_community_edition	Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.	2020-02-08	not yet calculated	CVE-2014-9126 MISC
open-school -- open-school_community_edition	Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.	2020-02-08	not yet calculated	CVE-2014-9127 MISC
openfiler -- openfiler	Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.	2020-02-07	not yet calculated	CVE-2011-1086 MISC MISC MISC
openshift-enterprise -- openshift-enterprise	It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.	2020-02-07	not yet calculated	CVE-2020-1708 CONFIRM
openvas -- openvas_manager	OpenVAS Manager v2.0.3 allows plugin remote code execution.	2020-02-06	not yet calculated	CVE-2011-1597 MISC
opopensocialplugin -- opopensocialplugin	opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities	2020-02-07	not yet calculated	CVE-2013-4335 MISC MISC MISC
opservices -- opmon	An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.	2020-02-06	not yet calculated	CVE-2020-7954 MISC MISC
opservices -- opmon	An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.	2020-02-06	not yet calculated	CVE-2020-7953 MISC MISC
opservices -- opservices_opmon	An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .	2020-02-06	not yet calculated	CVE-2020-8636 MISC
opwebapiplugin -- opwebapiplugin	opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities	2020-02-07	not yet calculated	CVE-2013-4334 MISC MISC
otrs -- otrs	The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.	2020-02-07	not yet calculated	CVE-2020-1768 CONFIRM
percona -- percona_monitoring_and_management	pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.	2020-02-06	not yet calculated	CVE-2020-7920 MISC MISC MISC MISC
phppgadmin -- phppgadmin	phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.	2020-02-04	not yet calculated	CVE-2019-10784 MISC
projectpier -- projectpier	ProjectPier 0.8.8 has stored XSS	2020-02-07	not yet calculated	CVE-2013-3635 MISC
projectpier -- projectpier	ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag	2020-02-07	not yet calculated	CVE-2013-3636 MISC MISC MISC
projectpier -- projectpier	ProjectPier 0.8.8 does not use the Secure flag for cookies	2020-02-07	not yet calculated	CVE-2013-3637 MISC
qemu -- qemu	In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.	2020-02-06	not yet calculated	CVE-2020-8608 MISC MISC MISC
qualcomm -- multiple_snapdragon_products	Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130	2020-02-07	not yet calculated	CVE-2019-14088 CONFIRM MISC
railo -- railo	A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.	2020-02-07	not yet calculated	CVE-2014-5468 MISC MISC MISC MISC MISC
revive -- adserver	A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.	2020-02-04	not yet calculated	CVE-2020-8115 MISC MISC
samsung -- multiple_mobile_devices	On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.	2020-02-04	not yet calculated	CVE-2019-19273 CONFIRM
schmid -- zi_620_v400_090_routers	Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.	2020-02-06	not yet calculated	CVE-2020-6760 MISC
simple_machines -- simple_machines_forum	File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.	2020-02-07	not yet calculated	CVE-2013-0192 MISC MISC MISC
simplejobscript.com -- simplejobscript.com	An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.	2020-02-07	not yet calculated	CVE-2020-8645 MISC
smoothwall -- smoothwall_express	A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.	2020-02-07	not yet calculated	CVE-2011-1084 MISC
smoothwall -- smoothwall_express	CSRF vulnerability in Smoothwall Express 3.	2020-02-07	not yet calculated	CVE-2011-1085 MISC
sphider -- sphider_search_engine	A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.	2020-02-07	not yet calculated	CVE-2014-5087 MISC MISC
status2k -- status2k	A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.	2020-02-07	not yet calculated	CVE-2014-5091 MISC MISC MISC MISC
statusnet -- statusnet	statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.	2020-02-07	not yet calculated	CVE-2010-4658 MISC MISC
synaptive -- medical_clearcanvas_imageserver	Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report.	2020-02-07	not yet calculated	CVE-2020-8788 MISC
teamviewer -- teamviewer	TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.	2020-02-07	not yet calculated	CVE-2019-18988 MISC MISC MISC MISC
tianocore -- edk2	Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.	2020-02-06	not yet calculated	CVE-2014-8271 MISC MISC
troglobit -- minisnmpd	A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.	2020-02-04	not yet calculated	CVE-2020-6060 MISC
ubiquiti_networks -- unifi_controller	Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.	2020-02-08	not yet calculated	CVE-2014-2225 MISC MISC
ui -- edgeswitch	A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).	2020-02-07	not yet calculated	CVE-2020-8126 MISC
unshift -- url-parse	Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.	2020-02-04	not yet calculated	CVE-2020-8124 MISC
ushahidi -- ushahidi	Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.	2020-02-04	not yet calculated	CVE-2012-5618 MISC MISC
videolan -- vlc_media_player	The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.	2020-02-06	not yet calculated	CVE-2013-3564 MISC
vtiger -- vtiger_crm	Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.	2020-02-06	not yet calculated	CVE-2015-6000 MISC MISC MISC
vtiger -- vtiger_crm	vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability	2020-02-07	not yet calculated	CVE-2013-3591 MISC MISC MISC MISC
watchguard -- firewire_xtm	A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.	2020-02-07	not yet calculated	CVE-2014-6413 MISC MISC MISC MISC
webcalendar -- webcalendar	webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").	2020-02-04	not yet calculated	CVE-2013-1422 MISC MISC MISC
wordpress -- wordpress	WordPress Super Cache Plugin 1.3 has XSS.	2020-02-07	not yet calculated	CVE-2013-2008 MISC MISC MISC
wordpress -- wordpress	The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.	2020-02-06	not yet calculated	CVE-2020-8771 MISC MISC
wordpress -- wordpress	Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.	2020-02-08	not yet calculated	CVE-2014-8739 MISC MISC MISC MISC MISC MISC MISC MISC
wordpress -- wordpress	WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution	2020-02-07	not yet calculated	CVE-2013-2009 MISC MISC MISC MISC MISC
wordpress -- wordpress	The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.	2020-02-06	not yet calculated	CVE-2020-8772 MISC MISC
wordpress -- wordpress	Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.	2020-02-08	not yet calculated	CVE-2015-2062 MISC MISC MISC MISC
wordpress -- wordpress	Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.	2020-02-08	not yet calculated	CVE-2015-1394 MISC MISC MISC MISC MISC
zabbix -- zabbix	Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability	2020-02-07	not yet calculated	CVE-2013-3628 MISC MISC MISC MISC
zoho_manageengine -- applications_manager	Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.	2020-02-06	not yet calculated	CVE-2019-19800 MISC MISC MISC
zoho_manageengine -- applications_manager_and_ops_manager	The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.	2020-02-08	not yet calculated	CVE-2014-7863 MISC MISC MISC MISC MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Mozilla Releases Security Updates for Multiple Products

February 11, 2020, 8:10 am

≫ Next: Adobe Releases Security Updates for Multiple Products

≪ Previous: Vulnerability Summary for the Week of February 3, 2020

Original release date: February 11, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Adobe Releases Security Updates for Multiple Products

February 11, 2020, 8:16 am

≫ Next: Intel Releases Security Updates

≪ Previous: Mozilla Releases Security Updates for Multiple Products

Original release date: February 11, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Framemaker APSB20-04
Acrobat and Reader APSB20-05
Flash Player APSB20-06
Digital Editions APSB20-07
Experience Manager APSB20-08

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Intel Releases Security Updates

February 11, 2020, 11:14 am

≫ Next: Microsoft Releases February 2020 Security Updates

≪ Previous: Adobe Releases Security Updates for Multiple Products

Original release date: February 11, 2020

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

RWC3 Advisory INTEL-SA-00341
MPSS Advisory INTEL-SA-00340
RWC2 Advisory INTEL-SA-00339
SGX SDK Advisory INTEL-SA-00336
CSME Advisory INTEL-SA-00307
Renesas Electronics USB 3.0 Driver Advisory INTEL-SA-00273

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Microsoft Releases February 2020 Security Updates

February 11, 2020, 12:12 pm

≫ Next: FBI Releases IC3 2019 Internet Crime Report

≪ Previous: Intel Releases Security Updates

Original release date: February 11, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s February 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

FBI Releases IC3 2019 Internet Crime Report

February 12, 2020, 7:58 am

≫ Next: New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

≪ Previous: Microsoft Releases February 2020 Security Updates

Original release date: February 12, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3 website. The top three crimes types reported by victims in 2019 were phishing/vishing/smishing/pharming, non-payment/non-delivery, and extortion. FBI urges users to continue reporting complaints at www.ic3.gov to help law enforcement better combat cybercrime.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI press release and CISA’s Tip onAvoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

February 12, 2020, 7:59 am

≫ Next: North Korean Malicious Cyber Activity

≪ Previous: FBI Releases IC3 2019 Internet Crime Report

Original release date: February 12, 2020

The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12 Schools and School Districts. The factsheet provides guidance to educators, administrators, parents, and law enforcement officials on various online threats to students, including cyberbullying, ransomware, and online predation.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to read Cyber Safety Considerations for K-12 Schools and School Districts and to visit SchoolSafety.gov to learn more about all the resources available. Refer to CISA’s Tips on Keeping Children Safe Online and Dealing with Cyberbullies for additional best practices.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

North Korean Malicious Cyber Activity

February 14, 2020, 4:40 am

≫ Next: MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH

≪ Previous: New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

Original release date: February 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH

February 14, 2020, 5:00 am

≫ Next: MAR-10265965-2.v1 – North Korean Trojan: SLICKSHOES

≪ Previous: North Korean Malicious Cyber Activity

Original release date: February 14, 2020

Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.

Summary

Description

This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used by the North Korean government. This malware variant has been identified as BISTROMATH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.

DHS, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This report looks at multiple versions of a full-featured RAT implant executable and multiple versions of the CAgent11 GUI implant controller/builder. These samples performs simple XOR network encoding and are capable of many features including conducting system surveys, file upload/download, process and command execution, and monitoring the microphone, clipboard, and the screen. The GUI controllers allow interaction with the implant as well as the option to dynamically build new implants with customized options. The implants are loaded with a trojanized executable containing a fake bitmap which decodes into shellcode which loads the embedded implant.

For a downloadable copy of IOCs, see MAR-101265965-1.v1.stix.

Submitted Files (5)

04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30 (96071956D4890AEBEA14ECD8015617...)

1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39 (688890DDBF532A4DE7C83A58E6AA59...)

618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6 (0AE8A7B6B4D70C0884095629FC02C1...)

738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790 (C51416635E529183CA5337FADE8275...)

b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32 (26520499A3FC627D335E34586E99DE...)

Additional Files (2)

133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f (a21171923ec09b9569f2baad496c9e...)

43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c (83833f8dbdd6ecf3a1212f5d1fc3d9...)

IPs (1)

159.100.250.231

Findings

1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39

Tags

backdooremotettrojan

Details

Name	688890DDBF532A4DE7C83A58E6AA594F
Name	ss.exe
Size	1102926 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	688890ddbf532a4de7c83a58e6aa594f
SHA1	d8f6a7f32c929ce9458691447ff1cf6d180588c8
SHA256	1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
SHA512	8484bea6adf27c2323632c3e94f91eb313e341622b5696b0d24105be1f24fa356f5fceb8fcf691e2d309fd24f7d8bb41fd7b682c29193128a0ed55e9ef3df3b1
ssdeep	24576:kgWxnOH3vvS+7nD03glQ1J6cS2lvyip5HkRpB7T4IRMh3y:kgWZMvSKnY3DJLSoORT7ThAC
Entropy	7.951069

Antivirus

Ahnlab	Trojan/Win32.Bmdoor
Antiy	Trojan[Backdoor]/Win32.Androm
Avira	TR/Injector.ukfuc
BitDefender	Trojan.GenericKD.41987827
ClamAV	Win.Trojan.Agent-7376538-0
Cyren	W32/Trojan.IZTF-2035
ESET	a variant of Win32/Injector.DQTY trojan
Emsisoft	Trojan.GenericKD.41987827 (B)
Ikarus	Trojan.Win32.Injector
K7	Riskware ( 0040eff71 )
McAfee	Trojan-Injector.c
Microsoft Security Essentials	Trojan:Win32/Agentesla!MTB
NANOAV	Trojan.Win32.Androm.ghyuau
Sophos	Troj/Inject-ETF
Symantec	Backdoor.Tidserv
Systweak	trojan.injector
TACHYON	Backdoor/W32.Androm.1102926
TrendMicro	TROJ_FR.7170E263
TrendMicro House Call	TROJ_FR.7170E263
VirusBlokAda	Backdoor.Androm
Zillya!	Backdoor.Androm.Win32.44606

YARA Rules

rule CryptographyFunction
{
   meta:
       author = "CISA trusted 3rd party"
       incident = "10271944.r1.v1"
       date =    "2019-12-25"
       category = "Hidden_Cobra"
       family = "HOTCROISSANT"
   strings:
       $ALGO_crypto_1 = { 8A [1-5] 32 [1-4] 32 [1-4] 32 [1-4] 88 [1-5] 8A [1-4] 32 [1-4] 22 [1-4] 8B [1-5] 8D [3-7] 33 [1-4] 81 [3-7] C1 [1-5] C1 [1-5] 0B [1-4] 8D [1-5] 33 [1-4] 22 [1-4] C1 [1-5] 33 [1-4] 32 [1-4] 8B [1-4] 83 [1-5] C1 [1-5] 33 [1-4] C1 [1-5] C1 }
   condition:
       uint16(0) == 0x5A4D and any of them
}

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2008-01-17 10:34:19-05:00
Import Hash	68d3c5fd0c41042f190fa12a4eebfe1b

PE Sections

MD5	Name	Raw Size	Entropy
0b8ab9af886c4161371944bd46af685d	header	1024	2.484025
0cc984b88cda683bad52d886fbadf22d	.text	77824	6.585222
d7200a9095f81e46d89eb2175a7d16ba	.rdata	21504	4.940483
56eae295cdc645a889cc51643c19ca1c	.data	5632	3.200450
31d4e62663767a64bd72b957df2bed2e	.rsrc	1536	4.029623
c7a9818fe1b1f64be18f67db25dbed6d	.reloc	7680	4.982554

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Relationships

1ea6b3e99b...	Connected_To	159.100.250.231
1ea6b3e99b...	Contains	43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

Description

The samples use a PlanetCPP.com ‘RichEdit example’ executable to obfuscate calling a decryption function which decrypts an embedded ‘fake’ bitmap image into the configuration and shellcode. When the malicious function is called, it deobfuscates API pointers, loads the full file into memory, calculates an offset into the memory to a ‘fake’ bitmap image, decodes the image; which becomes configuration options and shellcode and then executes the shellcode.

The embedded shellcode has many selectable options.

----------Begin Shellcode Options----------
- option00: Embedded vs Downloaded payload
   0 -> payload embedded within own file at offset (option27 + option28 + option22)
   1 -> Download payload from url <option30> to %temp$\<option31>\RGID3D88.tmp

- option01: True -> check for vm artifacts:
   registry checks:
       VMWARE Scsi device
       VBOX Scsi device
       QEMU Scsi device
       SOFTWARE\Vmware,Inc.\Vmware_Tools
       HARDWARE\Description\System\SystemBiosVersion == "VBOX"
       HARDWARE\Description\System\SystemBiosVersion == "QEMU"
       HARDWARE\Description\System\SystemBiosVersion == "BOCHS"
       HARDWARE\Description\System\VideoBiosVersion == "VIRTUALBOX"
       HARDWARE\Description\System\SystemBiosDate == 06/23/99
       SOFTWARE\Oracle\VirtualBox_Guest_Additions
       HARDWARE\ACPI\DSDT\VBOX_
       HARDWARE\ACPI\FADT\VBOX__
       HARDWARE\ACPI\RSDT\VBOX__
       SYSTEM\ControlSet001\Services\VBoxGuest
       SYSTEM\ControlSet001\Services\VBoxMouse
       SYSTEM\ControlSet001\Services\VBoxService
       SYSTEM\ControlSet001\Services\VBoxSF
       SYSTEM\ControlSet001\Services\VBoxVideo
   file checks:
       C:\WINDOWS\system32\drivers\vmmouse.sys
       C:\WINDOWS\system32\drivers\vmhgfs.sys
       \\.\HGFS
       \\.\vmci
       C:\WINDOWS\system32\drivers\VBoxMouse.sys
       C:\WINDOWS\system32\drivers\VBoxGuest.sys
       C:\WINDOWS\system32\drivers\VBoxSF.sys
       C:\WINDOWS\system32\drivers\VBoxVideo.sys
       C:\WINDOWS\system32\vboxdisp.dll
       C:\WINDOWS\system32\vboxhook.dll
       C:\WINDOWS\system32\vboxmrxnp.dll
       C:\WINDOWS\system32\vboxogl.dll
       C:\WINDOWS\system32\vboxoglarrayspu.dll
       C:\WINDOWS\system32\vboxoglcrutil.dll
       C:\WINDOWS\system32\vboxoglerrorspu.dll
       C:\WINDOWS\system32\vboxoglfeedbackspu.dll
       C:\WINDOWS\system32\vboxoglpackspu.dll
       C:\WINDOWS\system32\vboxoglpassthroughspu.dll
       C:\WINDOWS\system32\vboxservice.exe
       C:\WINDOWS\system32\vboxtray.exe
       C:\WINDOWS\system32\VBoxControl.exe
       C:\program_files\oracle\virtualbox_guest_additions
       \\.\VBoxMiniRdrDN
       \\.\pipe\VBoxMiniRdDN
       \\.\VBoxTrayIPC
       \\.\pipe\VBoxTrayIPC
   Network Adapter checks:
       Check for Vmware MAC addresses
       Check for VirtualBox MAC addresses
       Check for VMware network adapter
   Window Checks:
       VBoxTrayToolWndClass
       VBoxTrayToolWnd
   Process Checks:
       vboxservice.exe
       vboxtray.exe
   Loaded DLLs:
       vmcheck.dll

- option02: True -> check for sandbox artifacts:
   Verify spin loops aren't skipped
   Verify kernel32 doesn't contain export "wine_get_unix_file_name"
   Verify Numa api calls are not bypassed
   Loaded DLLs:
       SbieDll.dll
       api_log.dll
       dir_watch.dll
       dbghelp.dll
       wpespy.dll
   registry checks:
       SOFTWARE\Wine
   file checks:
       C:\sandbox\sandbox.exe
       C:\sandbox\sbfwe.dll
   username checks:
       SANDBOX
       VIRUS
       MALWARE
       SCHMIDTI
       CURRENTUSER
       ANDY
   current directory checks:
       VIRUS
       SANDBOX
       SAMPLE

- option03: True -> check for debugging artifacts:
   API calls:
       IsDebuggerPresent
       CheckRemoteDebuggerPresent
       NtQueryInformationProcess
       GetThreadContext
       OutputDebugString

- option04: Check if certain processes are running:
   0 -> ignored
   1 -> exit if specific processes are running
   2 -> exit if specific processes are not running
   parses option31_array_+0x200 for a list of ;,: separated process names

- option05: Queries Software\Microsoft\Windows\CurrentVersion\Uninstall keys
   exits if return value is != 0

- option06: Check for specific languages
   0 -> ignored
   1 -> exit if current language is found in list
   2 -> exit if current language is not found in list
   parses option31_array_+0x4b0 for a list of ;,: separated languages

- option07: Check for specific usernames
   0 -> ignored
   1 -> exit if current username is found in list
   2 -> exit if current username is not found in list
   parses option31_array_+0x6b8 for a list of ;,: separated usernames

- option08: Check for specific computernames
   0 -> ignored
   1 -> exit if current computernames is found in list
   2 -> exit if current computernames is not found in list
   parses option31_array_+0x8ac for a list of ;,: separated computernames

- option09: Something with querying Software\Microsoft\Windows\CurrentVersion\Uninstall keys
   exits if return value is < option09_value

- option10: integer value -> exits if there are fewer than this many processes running

- option11-14: Check for system/drive info
   11==0x001 -> exit if number of processors <= option12
   11==0x010 -> exit if total physical memory <= option13
   11==0x100 -> exit if total harddisk space <= option14

- option12/27/28: if True -> exploit dll hijack in cliconfg.exe (SQL Server Client Network Utility)
   dumps a number (option28) of bytes from an offset (option27) of this file into %temp%\ntwdblib.dll
   creates a Software\Claiomh registry key
   executes cliconfg.exe (which loads ntwdblib.dll)

- option16: Set EnableLUA registry key
   SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to <option16>

- option17: Create Persistence
   0 -> ignored
   1 -> Add registry key to Software\Microsoft\Windows\CurrentVersion\Run using a name from option31_array_+0x960
   2 -> Copy self into Startup folder
   3 -> Create an hourly Scheduled Task called "System Backup"

- option18/23: Process Hollowing vs Drop/Execute
   == 0 -> Do Process Hollowing
   != 0 -> Dump payload to file and execute directly:
       write to %temp%\RT5380.exe using own file offset (option27 + option28 + option22) and execute
       write to %temp%\<option30> using own file offset (option27 + option28 + option22) and execute
       check option23:
- ==0 -> ignored
- !=0 -> delete self and replace self with the dropped file

- option19: Process to create/hollow/inject/execute
   0 -> self
   1 -> svchost.exe
   2 -> conhost.exe
   3 -> explorer.exe
   4 -> value of "http\shell\open\command" registry key
   5 -> <option33>

- option20: Sleep timer
   Milliseconds to sleep before doing process hollowing

- option21/26: Kill timer
   0 -> ignored
   1 -> if timestamp of module + <option26> >= currentTime -> remove persistance, delete self, exit process

- option29/34/35: move file to desired location, delete old file, and execute from new location
   additional path is in option34
   new filename is in option35
   0 -> C:\
   1 -> %windir%
   2 -> %system%
   3 -> %programfiles%
   4 -> %programfiles%\Common Files\
   5 -> C:\ProgramData\
   6 -> %userprofile%
   7 -> %userprofile%\Documents\
   8 -> %temp%
   9 -> %userprofile%\Favorites\
   10 -> %appdata%n
   11 -> %localappdata%

- option36: char[40] - Unknown - Possibly adds a mutex to the hollowed process to enforce a single execution
   Uses argument to create a named mutex
   Injects additional code into the hollowed process (from offset 0x28c0)
   Injects <option36> into the hollowed process
   Creates another remote thread in the hollowed process pointing at offset 0x465a of the newly injected memory
----------End Shellcode Options----------

Screenshots

Figure 1: Implant Functionality -

618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6

Tags

dropperemotetkeyloggerspywaretrojan

Details

Name	0AE8A7B6B4D70C0884095629FC02C19C
Name	CAgent11.exe
Size	13498368 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	0ae8a7b6b4d70c0884095629fc02c19c
SHA1	9efa2d68932ff24cb18eb7e35aa5f91ce99596e8
SHA256	618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
SHA512	08f724812cbeff4020ac3fb07cafec5cde17f53f4644d554351cf4056907a6363d5b21ed3720976820307b43a543e81c6cc27c241f4449fd92aae6ad58b75995
ssdeep	196608:Klq/1ui17DaLU1l4O5dm/+f99FLOyomFHKnPG:GcvlmLMg/299F
Entropy	5.658332

Antivirus

Ahnlab	Dropper/Win32.Keylogger
Antiy	Trojan[Spy]/Win32.Agent
Avira	HEUR/AGEN.1038092
Cyren	W32/Agent.RBBJ-4429
ESET	a variant of Win32/Spy.Agent.PUH trojan
Ikarus	Trojan-Spy.Agent
K7	Spyware ( 00555d821 )
McAfee	Trojan-Injector.d
Microsoft Security Essentials	Trojan:Win32/Emotet
NANOAV	Trojan.Win32.Graftor.ggzicq
NetGate	Trojan.Win32.Malware
Sophos	Troj/Agent-BCXS
Symantec	Trojan Horse
Systweak	malware.keylogger
TACHYON	Trojan/W32.Keylogger.13498368
VirusBlokAda	TrojanSpy.Agent
Zillya!	Trojan.Agent.Win32.1169060

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-03-21 21:12:17-04:00
Import Hash	c4406c66f7ca84ffb881d843c49acbd6

PE Sections

MD5	Name	Raw Size	Entropy
e7e02cd4a189cea5efaa8fb36509aa45	header	1024	3.530105
d41d8cd98f00b204e9800998ecf8427e	.textbss	0	0.000000
5db50cefbb12a73d10aad429548befe7	.text	7047680	5.565086
e9a63040b7f3e75b5746d8202d8594f5	.rdata	904704	4.415613
1e815bbe0c5cadf4953bbaac6259dcaa	.data	40448	4.299279
16342b710a408579ee34f3ccf9927331	.idata	28672	5.161732
c573bd7cea296a9c5d230ca6b5aee1a6	.tls	1024	0.011174
011d6c8672f924dc710a68acb6bc74f9	.00cfg	512	0.061163
867de3faa85f377519582ed29a83384c	.rsrc	5123072	4.951562
e74f13482e13eb316d544b69a046ff15	.reloc	351232	6.011950

Packers/Compilers/Cryptors

Microsoft Visual C++ 8.0

Description

See analysis for "04D70BB249206A006F83DB39BBE49FF6E520EA329E5FBB9C758D426B1C8DEC30".

Implants built with sample "04D70BB249206A006F83DB39BBE49FF6E520EA329E5FBB9C758D426B1C8DEC30" are not compatible with this controller, and vice versa.

b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32

Tags

backdooremotettrojan

Details

Name	26520499A3FC627D335E34586E99DE7A
Name	ADManager.exe
Size	1120318 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	26520499a3fc627d335e34586e99de7a
SHA1	df10c097e42dbe7ea4478a984c5e2ab586147519
SHA256	b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
SHA512	898ab1a1cd5a731e94a7b4c0a274e81092fe6de2ea888b3db2d22cf4d0bacbbb36f486152ff10f61f054091aee421f00d89a8741fce0f370cc14d80a62f77bc3
ssdeep	24576:3gWPfTO4H59Z6PTvnh2gf2JfvoioZ74XKBpNCY+SOToKMcxGa52w:3gW3S4Z9ATcggox4wpwYq9Mcx3B
Entropy	7.953591

Antivirus

Ahnlab	Backdoor/Win32.Androm
Antiy	Trojan[Backdoor]/Win32.Androm
Avira	TR/Injector.cskrn
BitDefender	Trojan.GenericKD.41987802
ClamAV	Win.Trojan.Agent-7376533-0
Cyren	W32/Androm.DKHG-0510
ESET	a variant of Win32/Injector.DQTY trojan
Emsisoft	Trojan.GenericKD.41987802 (B)
Ikarus	Trojan.Win32.Injector
K7	Riskware ( 0040eff71 )
McAfee	Trojan-Injector.c
Microsoft Security Essentials	Trojan:Win32/Agentesla!MTB
NANOAV	Trojan.Win32.Androm.ggadbc
Sophos	Troj/Inject-ETF
Symantec	Trojan Horse
Systweak	trojan.injector
TACHYON	Backdoor/W32.Androm.1120318
TrendMicro	TROJ_FR.7170E263
TrendMicro House Call	TROJ_FR.7170E263
VirusBlokAda	Backdoor.Androm
Zillya!	Backdoor.Androm.Win32.44606

YARA Rules

rule CryptographyFunction
{
   meta:
       author = "CISA trusted 3rd party"
       incident = "10271944.r1.v1"
       date =    "2019-12-25"
       category = "Hidden_Cobra"
       family = "HOTCROISSANT"
   strings:
       $ALGO_crypto_1 = { 8A [1-5] 32 [1-4] 32 [1-4] 32 [1-4] 88 [1-5] 8A [1-4] 32 [1-4] 22 [1-4] 8B [1-5] 8D [3-7] 33 [1-4] 81 [3-7] C1 [1-5] C1 [1-5] 0B [1-4] 8D [1-5] 33 [1-4] 22 [1-4] C1 [1-5] 33 [1-4] 32 [1-4] 8B [1-4] 83 [1-5] C1 [1-5] 33 [1-4] C1 [1-5] C1 }
   condition:
       uint16(0) == 0x5A4D and any of them
}

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-03-26 09:21:10-04:00
Import Hash	68d3c5fd0c41042f190fa12a4eebfe1b

PE Sections

MD5	Name	Raw Size	Entropy
a507172c7e89d3f88c70c4fd6827a522	header	1024	2.476553
0cc984b88cda683bad52d886fbadf22d	.text	77824	6.585222
d7200a9095f81e46d89eb2175a7d16ba	.rdata	21504	4.940483
56eae295cdc645a889cc51643c19ca1c	.data	5632	3.200450
58dbdc33cb7f42b5e3a9f0fcc94d6b1f	.rsrc	1024	4.796047
c7a9818fe1b1f64be18f67db25dbed6d	.reloc	7680	4.982554

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Relationships

b6811b4202...	Connected_To	159.100.250.231
b6811b4202...	Contains	133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f

Description

See analysis for file "1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39" for additional details.

738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790

Tags

trojan

Details

Name	C51416635E529183CA5337FADE82758A
Name	server.exe
Size	947200 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	c51416635e529183ca5337fade82758a
SHA1	830368d88b661d09c084e484713effb8d230d328
SHA256	738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
SHA512	244b67e0b9e9ab2fa6ccceeb4ad71207f1d8371af9c69af93bcc15cc8b592aca54e9c241d439b94ed28923d4622050fccdc38b326a8d15b824301cf0aae46cb0
ssdeep	24576:9oV9SPwODditnxk93QKTrCEgqAGYOEgJZ+0Mn:9o2I2du23QxErv7ESZ+7n
Entropy	6.703705

Antivirus

Ahnlab	Malware/Win32.Generic
Antiy	Trojan/Win32.AGeneric
Avira	HEUR/AGEN.1038092
BitDefender	Trojan.GenericKD.32683846
ClamAV	Win.Trojan.Agent-7376468-0
Cyren	W32/Agent.KUBI-8127
ESET	a variant of Win32/Agent.SSC trojan
Emsisoft	Trojan.GenericKD.32683846 (B)
Ikarus	Trojan.Win32.Agent
K7	Trojan ( 0027657e1 )
McAfee	Generic Trojan.sh
NANOAV	Trojan.Win32.TrjGen.ghyubn
Sophos	Troj/Agent-BCXS
Symantec	Trojan Horse
Systweak	malware.passwordstealer
TrendMicro	TROJ_FR.7170E263
TrendMicro House Call	TROJ_FR.7170E263
VirusBlokAda	BScope.TrojanSpy.Agent
Zillya!	Trojan.Agent.Win32.1168332

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-04-13 23:44:03-04:00
Import Hash	d31e404296b957729148721e11f3bc88

PE Sections

MD5	Name	Raw Size	Entropy
1db5d7f5d8e2fa35f4077d3c28b60ae7	header	1024	3.229935
6f6469c660281de2c72fa3685d55a8ec	.text	710656	6.655052
0847400b5430782ad644a30cd8240c73	.rdata	167424	5.776485
77ab2f92d6177b9e39430447aa595073	.data	37376	5.315603
1f354d76203061bfdd5a53dae48d5435	.tls	512	0.020393
1704ffd93e9d463dc42784bc03bbfd5d	.gfids	512	2.779799
850aa99c8c1a85dc7545811d66bb0c17	.rsrc	512	4.717679
48da542e50cc8e12bdb9cab38a8ce0cb	.reloc	29184	6.576636

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Relationships

738ba44188...

Connected_To

159.100.250.231

Description

This sample is a full-featured RAT executable.

See analysis for file "1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39" for additional details. This sample varies slightly in the following ways.

Victim_info for this version contains Unicode strings. The RAT is controllable by an unknown variant of CAgent.exe.

04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30

Tags

dropperemotetkeyloggerspywaretrojan

Details

Name	96071956D4890AEBEA14ECD8015617CC
Name	CAgent11.exe
Size	7014400 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	96071956d4890aebea14ecd8015617cc
SHA1	49e16180795034a4888fff776968e29871f79340
SHA256	04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30
SHA512	29abd5fa0c24e42916631f830b6860027dcefdfd320978bee389e55f4f04278668ec4cfb67e5b1c8b7133338cc0fb09ffae28c5cf6d5226d1f9e44381db17c41
ssdeep	98304:SC6l4uHxECiYwS2BsszjfisjJiBg1pDClmMFLOAkGkzdnEVomFHKnP:P44uHi0mFi+1p+FLOyomFHKnP
Entropy	5.907837

Antivirus

Ahnlab	Dropper/Win32.Keylogger
Avira	HEUR/AGEN.1038092
BitDefender	Trojan.GenericKD.32683845
Cyren	W32/Trojan.KVTC-7019
ESET	a variant of Win32/Spy.Agent.PUH trojan
Emsisoft	Trojan.GenericKD.32683845 (B)
Ikarus	Trojan-Spy.Agent
K7	Spyware ( 00555d821 )
McAfee	Trojan-Injector.d
Microsoft Security Essentials	Trojan:Win32/Emotet
NANOAV	Trojan.Win32.TrjGen.ghyuap
Sophos	Troj/Agent-BCXS
Symantec	Trojan Horse
Systweak	malware.keylogger
TACHYON	Trojan/W32.Keylogger.7014400
TrendMicro	TROJ_FR.7170E263
TrendMicro House Call	TROJ_FR.7170E263
VirusBlokAda	TrojanSpy.Agent
Zillya!	Trojan.Agent.Win32.1168788

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-03-26 00:28:24-04:00
Import Hash	0937a296014c778f116e3990f06e314b

PE Sections

MD5	Name	Raw Size	Entropy
a9fb26d3d4f4a80f2c2f7aeb1201325a	header	1024	3.391911
c788578d4f02ac011ffabd20db4506f3	.text	1619456	6.522579
7a1b03c4f7501d6f82d34a01fe9cf6b7	.rdata	348160	5.245418
50c4f4eab880975227b9b4d454941979	.data	24064	4.732755
b9af73df5ec7fb7a68b1c00d83e6b404	.gfids	111104	4.230152
52f93ebec3bc0c9da8e85ddf5ad812f4	.giats	512	0.155178
1f354d76203061bfdd5a53dae48d5435	.tls	512	0.020393
e0376d74c0a0f746949b4647d35ef424	.rsrc	4774400	5.470347
9011be24e5ab8066360bd7d0af07cea6	.reloc	135168	6.491093

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Description

This sample is a GUI implant controller titled “Cyber Agent v11.0”. It is capable of dynamically building new bot payloads with the following options:

--------Begin Payload Options----------
Callback IP
Callback Port
Beacon Interval
Output Path
--------End Payload Options----------

victim_info (see analysis for "43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c") is displayed for each implant beacon received. The controller can establish Remote Desktop viewer, drive enumeration, file upload/download, list processes and services, reverse shell, microphone capture and recording, keylogger, browser activity, cached passwords, and DLL loading and unloading. The controller has the ability to provide implants with an Update URL as well as an option to uninstall all bots.

159.100.250.231

Ports

80 TCP
8080 TCP

Whois

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.arin.net

inetnum:     159.0.0.0 - 159.255.255.255
organisation: Administered by ARIN
status:     LEGACY

whois:        whois.arin.net

changed:     1993-05
source:     IANA

# whois.arin.net

NetRange:     159.100.0.0 - 159.101.255.255
CIDR:         159.100.0.0/15
NetName:        RIPE-ERX-159-100-0-0
NetHandle:     NET-159-100-0-0-1
Parent:         NET159 (NET-159-0-0-0-0)
NetType:        Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate:        2003-10-29
Updated:        2003-10-29
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region. Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
Ref:            https://rdap.arin.net/registry/ip/159.100.0.0

ResourceLink: https://apps.db.ripe.net/search/query.html
ResourceLink: whois.ripe.net

OrgName:        RIPE Network Coordination Centre
OrgId:         RIPE
Address:        P.O. Box 10096
City:         Amsterdam
StateProv:
PostalCode:     1001EB
Country:        NL
RegDate:
Updated:        2013-07-29
Ref:            https://rdap.arin.net/registry/entity/RIPE

ReferralServer: whois://whois.ripe.net
ResourceLink: https://apps.db.ripe.net/search/query.html

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef:    https://rdap.arin.net/registry/entity/RNO29-ARIN

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

# whois.ripe.net

inetnum:        159.100.245.0 - 159.100.255.255
netname:        Akenes
descr:         Exoscale Open Cloud DK2
descr:         Exoscale cloud hosting https://www.exoscale.ch
descr:         *******************************************************
descr:         * These IPs are customer assigned STATIC IPs.
descr:         * In case of abuse, please do NOT block entire
descr:         * network as IPs of this block are assigned as /32
descr:         * to individual customers.
descr:         *******************************************************
descr:         * For abuse-complaints please use
descr:         * only abuse@exoscale.ch.
descr:         *******************************************************
country:        CH
admin-c:        AC22866-RIPE
tech-c:         LLL1007-RIPE
status:         LEGACY
mnt-by:         Exoscale-MNT
created:        2017-11-20T10:37:49Z
last-modified: 2017-11-20T10:37:49Z
source:         RIPE

person:         Antoine COETSIER
address:        Boulevard de Grancy 19A
address:        1006 Lausanne
address:        SWITZERLAND
phone:         +41 58 255 00 66
nic-hdl:        AC22866-RIPE
mnt-by:         Exoscale-MNT
created:        2013-02-08T14:10:06Z
last-modified: 2019-04-11T05:30:08Z
source:         RIPE # Filtered

person:         Loic Lambiel
address:        Boulevard de Grancy 19A
address:        1006 Lausanne
address:        Switzerland
phone:         +41 58 255 00 66
nic-hdl:        LLL1007-RIPE
mnt-by:         Exoscale-MNT
created:        2013-02-15T10:16:52Z
last-modified: 2019-04-11T05:31:04Z
source:         RIPE # Filtered

% Information related to '159.100.248.0/21AS61098'

route:         159.100.248.0/21
origin:         AS61098
mnt-by:         Exoscale-MNT
created:        2016-12-14T10:12:52Z
last-modified: 2016-12-14T10:12:52Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.95.1 (WAGYU)

Relationships

159.100.250.231	Connected_From	1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
159.100.250.231	Connected_From	b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
159.100.250.231	Connected_From	738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
159.100.250.231	Connected_From	43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

Description

Hard-coded C2 address used by these RATs.

43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

Tags

keyloggerspywaretrojan

Details

Name	83833f8dbdd6ecf3a1212f5d1fc3d9dd
Size	905216 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	83833f8dbdd6ecf3a1212f5d1fc3d9dd
SHA1	77a2272633eb64e4c16f8ea4466dba59ecc92292
SHA256	43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c
SHA512	cda12a75b1d6524fe8856d6ef359ab58785e2c56ca4fec613b851a6730d24b8141dfdd00fba62f2865b8cc4606e85b258c02d71ccd45fcde769514eea88b23ff
ssdeep	24576:AECw5N98knVurfj9gbYX91XdKo1ldrtD9:AECwz9fqfj59NwuldrF
Entropy	6.710436

Antivirus

Ahnlab	Trojan/Win32.KeyLogger
Antiy	Trojan/Win32.AGeneric
Avira	HEUR/AGEN.1038092
BitDefender	Gen:Variant.Graftor.679285
ClamAV	Win.Trojan.Agent-7376468-0
ESET	a variant of Win32/Spy.Agent.PUH trojan
Emsisoft	Gen:Variant.Graftor.679285 (B)
Ikarus	Trojan-Spy.Agent
K7	Spyware ( 00555d821 )
NANOAV	Trojan.Win32.Graftor.ggzicq
Sophos	Troj/Agent-BCXS
Symantec	Heur.AdvML.B
VirusBlokAda	BScope.TrojanSpy.Agent
Zillya!	Trojan.Agent.Win32.1170395

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2008-01-17 10:34:19-05:00
Import Hash	3b7df90688bca84764a888c49f25e8b9

PE Sections

MD5	Name	Raw Size	Entropy
064a795c4019629fd03c3d47c823cd49	header	1024	3.330520
ec60b9f4b78b0f79ea9d15910baf3d8d	.text	672768	6.660080
3dd902a53e33d4f6b014f6a677620252	.rdata	164864	5.832569
0c88a9a99d1c3cb1b61009a6acb2539e	.data	37376	5.304517
1f354d76203061bfdd5a53dae48d5435	.tls	512	0.020393
d5ea2a2452a9733e2cc63487e98b387d	.gfids	512	2.821174
f42c4819230ff4b40b0e52850c134b08	.rsrc	512	4.708237
a1862d52a23162d56421552f09f1ca85	.reloc	27648	6.587842

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Relationships

43193c4efa...	Contained_Within	1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
43193c4efa...	Connected_To	159.100.250.231

Description

This sample is a full-featured RAT executable contained within "1EA6B3E99BBB67719C56AD07F5A12501855068A4A866F92DB8DCDEFAFFA48A39".

See Figure 1 for full list of commands a hardcoded C2 address of 159.100.250.231 on port 8080 is contained within the sample. The RAT is controllable by CAgent.exe variant "618A67048D0A9217317C1D1790AD5F6B044EAA58A433BD46EC2FB9F9FF563DC6".

The Imports are obfuscated by prepending "CARAT_" to the API names.

Packets are formatted in the following format:

----------Begin Packet Formatting---------
[OPCODE] [4 Bytes length of data] [data]
----------Begin Packet Formatting---------

Packets are encoded by performing an XOR on the data after the header with the XOR key 0x07. The implant initiates callback to C2, then immediately sends its victim_info.

----------Begin Victim_Info----------
•    Language
•    Country
•    Victim_ID
•    Computer_Name
•    User_Name
•    Implant_Version = "11.0"
•    Victim_IP
•    System_Architecture
•    Drive_Letters
•    OS_Version
----------End Victim_Info----------

133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f

Tags

trojan

Details

Name	a21171923ec09b9569f2baad496c9e16
Size	922624 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	a21171923ec09b9569f2baad496c9e16
SHA1	35ba8e39e6c8234ad55baf27130bb696179b7681
SHA256	133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f
SHA512	c1775b68b6b083323780150f6da654c6bcaf313b298fd243047402a0d0ec5631f8c90ed7ccc28ff4c1eaf2666e671b9c0f6bc068ca9e0655740834b31fa62bd9
ssdeep	12288:KsukuhRC+VmUmEViUUwsaXpx3U09S5j4J6dxLqm1JaSjyQiEyDlZk7SxTmgaA6i:pukuhRC+Vr24v3qhdDaSuQCBZk7SUAB
Entropy	6.678910

Antivirus

Ahnlab	Malware/Win32.Generic
Antiy	Trojan/Win32.AGeneric
Avira	HEUR/AGEN.1038092
ClamAV	Win.Trojan.Agent-7376468-0
ESET	a variant of Win32/Agent.SSC trojan
Symantec	Heur.AdvML.B

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-03-26 09:21:10-04:00
Import Hash	80e9b5b96cb30be08b9f46dcd40ca0b6

PE Sections

MD5	Name	Raw Size	Entropy
480ee7622ef011b56ad9be1f520b53bb	header	1024	3.124211
e0689d923085269b1433eb46c62b9aad	.text	698880	6.634137
e1d4d4f7c07cb01481a7f937c1a399c5	.rdata	154112	5.641674
5b25e16d6a60901096dd38e8d609656f	.data	38912	5.185811
1f354d76203061bfdd5a53dae48d5435	.tls	512	0.020393
4dd9e4bd9bce353817d7013e17254399	.rsrc	512	4.717679
6c01df76342b581365053b6550340347	.reloc	28672	6.610094

Packers/Compilers/Cryptors

Microsoft Visual C++ ?.?

Relationships

133820ebac...

Contained_Within

b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32

Description

This sample is a full-featured RAT executable contained within "B6811B42023524E691B517D19D0321F890F91F35EBBDF1C12CBB92CDA5B6DE32".

See analysis for file "1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39" for additional details. This sample varies slightly in the following ways.

----------Begin Packet Formatting---------
[OPCODE][4 Bytes data length][4 Bytes unused][AUTH CODE 72 50 BF 9E][Data]
----------End Packet Formatting---------

The implant initiates callback to C2, then waits for tasking (DOES NOT immediately send its victim_info) and the Victim_info for this version contains Unicode strings, it additionally adds UserGeoID to victim_info.

The sample attempts to connect to 159.100.250.231:8080 4 times, with 1 minute between attempts. If does not succeed, then attempts to connect to www.example.com 4 times, with 1 minute between attempts. This loop continues until a connection is made.

Relationship Summary

1ea6b3e99b...	Connected_To	159.100.250.231
1ea6b3e99b...	Contains	43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c
b6811b4202...	Connected_To	159.100.250.231
b6811b4202...	Contains	133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f
738ba44188...	Connected_To	159.100.250.231
159.100.250.231	Connected_From	1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
159.100.250.231	Connected_From	b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
159.100.250.231	Connected_From	738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
159.100.250.231	Connected_From	43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c
43193c4efa...	Contained_Within	1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
43193c4efa...	Connected_To	159.100.250.231
133820ebac...	Contained_Within	b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32

Mitigation

Displayed below is a Python3 script used to decrypt and extract the embedded files:

--Begin Decryption and Extraction Python3 Script--
import argparse
import struct

def truncate_nullterm_str(data):
   null_index = data.find(b'\x00')
   truncated_str = data[:null_index].decode('utf-8')
   return truncated_str

def decode(offset,buffer,length,key1,key2):
   dec = b''
   k3 = key1
   key1 = key1 >> 1
   while length > 0:
       k1 = key1
       k2 = key2
       dec += bytes([(buffer[offset] ^ k1 ^ k2 ^ k3) & 0xff])
       key1 = (key1 >> 8 | ((key1 * 8 ^ key1) & 0x7f8) << 0x14) & 0xffffffff
       k3 = (k3 & k2 ^ (k2 ^ k3) & k1)
       key2 = (key2 >> 8 | (((key2 * 2 ^ key2) << 4 ^ key2) & 0xffffff80 ^ key2 << 7) << 0x11) & 0xffffffff
       offset += 1
       length -= 1
   return dec

offset = 0
def parse_options(buffer):
   options = list(struct.unpack('I'*30, buffer[0:120]))
   options.append(buffer[120:320])
   options.append(buffer[320:2820])
   options.append(buffer[2820:3020])
   options.append(buffer[3020:3120])
   options.append(buffer[3120:3220])
   options.append(buffer[3220:3320])
   options.append(buffer[3320:3360])

   enabled_options = ''
   disabled_options = ''

   if options[0] == 0:
       global offset
       offset = options[27] + options[28] + options[22]
       enabled_options += "Embedded payload at offset: %d\n" % offset
       disabled_options += "Download payload\n"
   else:
       enabled_options += "Download payload from: %s\n" % truncate_nullterm_str(options[30])
       disabled_options += "Embedded payload\n"

   str = "VM Detect\n"
   if options[1] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Sandbox Detect\n"
   if options[2] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Debugger Detect\n"
   if options[3] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Active Processes Check\n"
   if options[4] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Installed programs Check\n"
   if options[5] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Language Check\n"
   if options[6] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Username Check\n"
   if options[7] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Computer name Check\n"
   if options[8] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Installed number of programs Check\n"
   if options[9] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Number running processes Check\n"
   if options[10] == 0:
       disabled_options += str
   else:
       enabled_options += "Number running processes Check: %d\n" % options[10]

   str = "System processors/memory/diskspace Check\n"
   if options[11] == 0:
       disabled_options += str
   else:
       if options[11] & 0x001:
           enabled_options += "Processor count check: %d\n" % options[12]
       if options[11] & 0x010:
           enabled_options += "Physical memory check: %d\n" % options[13]
       if options[11] & 0x000:
           enabled_options += "Disk space check: %d\n" % options[14]

   str = "DLL Hijack cliconfg.exe\n"
   if options[12] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "EnableLUA\n"
   if options[16] == 0:
       disabled_options += str
   else:
       enabled_options += str

   str = "Create Persistence\n"
   if options[17] == 0:
       disabled_options += str
   elif options[17] == 1:
       enabled_options += "Create Persistence using Run key: %s\n" % truncate_nullterm_str(options[31][0x960:])
   elif options[17] == 2:
       enabled_options += "Create Persistence in Startup folder\n"
   elif options[17] == 3:
       enabled_options += "Create Persistence using \"System Backup\" hourly Scheduled Task\n"

   if options[18] == 0:
       disabled_options += "Direct Execution\n"
   else:
       disabled_options += "Process Hollowing\n"

   if options[19] == 0:
       enabled_options += "Process Hollowing: self\n"
   elif options[19] == 1:
       enabled_options += "Process Hollowing: svchost.exe\n"
   elif options[19] == 2:
       enabled_options += "Process Hollowing: conhost.exe\n"
   elif options[19] == 3:
       enabled_options += "Process Hollowing: explorer.exe\n"
   elif options[19] == 4:
       enabled_options += "Process Hollowing: \"http\shell\open\command\" registry key value\n"
   elif options[19] == 5:
       enabled_options += "Process Hollowing: %s\n" % truncate_nullterm_str(options[33])

   str = "Sleep Timer\n"
   if options[20] == 0:
       disabled_options += str
   else:
       enabled_options += "Sleep Timer: %d\n" % options[20]

   str = "Kill Timer\n"
   if options[21] == 0:
       disabled_options += str
   else:
       enabled_options += "Kill Timer: %d\n" % options[26]

   if options[29] == 0:
       enabled_options += "Relocate to: C:\\"
   elif options[29] == 1:
       enabled_options += "Relocate to: %windir%\\"
   elif options[29] == 2:
       enabled_options += "Relocate to: %system%\\"
   elif options[29] == 3:
       enabled_options += "Relocate to: %programfiles%\\"
   elif options[29] == 4:
       enabled_options += "Relocate to: %programfiles%\\Common Files\\"
   elif options[29] == 5:
       enabled_options += "Relocate to: C:\\ProgramData\\"
   elif options[29] == 6:
       enabled_options += "Relocate to: %userprofile%\\"
   elif options[29] == 7:
       enabled_options += "Relocate to: %userprofile%\\Documents\\"
   elif options[29] == 8:
       enabled_options += "Relocate to: %temp%\\"
   elif options[29] == 9:
       enabled_options += "Relocate to: %userprofile%\\Favorites\\"
   elif options[29] == 10:
       enabled_options += "Relocate to: %appdata%\\"
   elif options[29] == 11:
       enabled_options += "Relocate to: %localappdata%\\"
   if len(truncate_nullterm_str(options[34])) > 0:
       enabled_options += "%s\\" % truncate_nullterm_str(options[34])
   enabled_options += "%s\n" % truncate_nullterm_str(options[35])

   str = "Mutex\n"
   if len(truncate_nullterm_str(options[36])) == 0:
       disabled_options += str
   else:
       enabled_options += "Mutex: %s\n" % truncate_nullterm_str(options[36])

   print("\nDisabled Options:")
   print(disabled_options)

   print("\nEnabled Options:")
   print(enabled_options)

def main():
   parser = argparse.ArgumentParser()
   parser.add_argument('filename')
   args = parser.parse_args()

   with open(args.filename, 'rb') as f:
       exe = f.read()
       PE_header_pos = struct.unpack('<i', exe[0x3c:0x3c+4])[0]
       PE_header_len = struct.unpack('<i', exe[PE_header_pos+0x54:PE_header_pos+0x54+4])[0]
       PE_header_length = struct.unpack('<h', exe[PE_header_pos+0x14:PE_header_pos+0x14+2])[0]
       section_headers_pos = PE_header_pos + PE_header_length + 0x18
       num_headers = struct.unpack('<h', exe[PE_header_pos+0x6:PE_header_pos+0x6+2])[0]
       curr_header_pos = section_headers_pos
       bitmap_pos = PE_header_len
       for i in range(num_headers):
           header_len = struct.unpack('<i', exe[curr_header_pos+0x10:curr_header_pos+0x10+4])[0]
           bitmap_pos += header_len
           curr_header_pos += 0x28
       key1 = struct.unpack('<I', exe[bitmap_pos+0x3a:bitmap_pos+0x3a+4])[0]
       bitmap_len = len(exe) - bitmap_pos
       bitmap_header_len = struct.unpack('<H', exe[bitmap_pos+0x3e:bitmap_pos+0x3e+2])[0]
       key2 = struct.unpack('<I', exe[bitmap_pos+0x36:bitmap_pos+0x36+4])[0]
       bitmap_len -= bitmap_header_len
       bitmap_len -= 0x036
       print("[ ] Decoding %d Bytes with:" % bitmap_len)
       print("    Key1: %s" % hex(key1))
       print("    Key2: %s" % hex(key2))
       dec = decode(0,exe[bitmap_pos+bitmap_header_len+0x36:],bitmap_len,key1,key2)
       print("[+] Decoding Complete!")
       parse_options(dec[0:0xd56-0x36])
       payload_pos = 0xd56-0x36+offset
       print("[ ] Found embedded payload, extracting..")
       with open(args.filename + "_payload.exe", 'wb') as out:
           out.write(dec[payload_pos:])
       print("[+] Wrote %d Bytes to %s" % (len(dec[payload_pos:]), args.filename + "_payload.exe"))

if __name__ == '__main__':
   main()
--End Decryption and Extraction Python3 Script--

Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
Monitor users' web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, "Guide to Malware Incident Prevention & Handling for Desktops and Laptops".

Contact Information

1-888-282-0870
NCCICCustomerService@us-cert.gov (UNCLASS)
us-cert@dhs.sgov.gov (SIPRNET)
us-cert@dhs.ic.gov (JWICS)

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

Web: https://malware.us-cert.gov
E-Mail: submit@malware.us-cert.gov
FTP: ftp.malware.us-cert.gov (anonymous)

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA's homepage at www.us-cert.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

MAR-10265965-2.v1 – North Korean Trojan: SLICKSHOES

February 14, 2020, 5:00 am

≫ Next: MAR-10265965-3.v1 – North Korean Trojan: CROWDEDFLOUNDER

≪ Previous: MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH

Original release date: February 14, 2020

Notification

Summary

Description

This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used by the North Korean government. This malware variant has been identified as SLICKSHOES. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.

DHS, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This sample is a Themida-packed dropper that decodes and drops a file "C:\Windows\Web\taskenc.exe" which is a Themida-packed beaconing implant. The beaconing implant does not execute the dropped file nor does it schedule any tasks to run the malware. The dropped beaconing implant uses an indigenous network encoding algorithm and is capable of many features including conducting system surveys, file upload/download, process and command execution, and screen captures.

For a downloadable copy of IOCs, see MAR-10265965-2.v1.stix.

Submitted Files (1)

fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac (CCA9FBB11C194FC53015185B741887...)

IPs (1)

188.165.37.168

Findings

fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac

Tags

emotettrojan

Details

Name	CCA9FBB11C194FC53015185B741887A8
Size	3133440 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	cca9fbb11c194fc53015185b741887a8
SHA1	9e7bf03a607558dafe146907db28d77fda81be22
SHA256	fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac
SHA512	a1d1747dbc96c14b45f345679c0f7ba38186458f4992eecf382dd0af6391b4224c1b487431d681f5ffd052839f2901bc6203ea81c3235efcd82061d60eb10618
ssdeep	49152:bbcROoCHuumCvGyQwNr6Ljvhg1J/4fxcBhmdSP8sWNRy8kLn3o1Dn:jVHaaGyQG6npcJ4xcD5d2Ry8kDo
Entropy	7.968879

Antivirus

Ahnlab	Trojan/Win32.Agent
Antiy	Trojan/Win32.Casdet
Avira	TR/Crypt.TPM.Gen
BitDefender	Gen:Variant.Barys.1619
ClamAV	Win.Trojan.Agent-7376504-0
Cyren	W32/Trojan.QBAU-3559
ESET	a variant of Win32/Packed.Themida.AOO trojan
Emsisoft	Gen:Variant.Barys.1619 (B)
Ikarus	Trojan.Win32.Themida
K7	Trojan ( 0040f4ef1 )
McAfee	Trojan-Themida
Microsoft Security Essentials	Trojan:Win32/Emotet
NANOAV	Trojan.Win32.TPM.ggaakh
Sophos	Troj/Agent-BCXR
Symantec	Trojan Horse
VirusBlokAda	Trojan.Wacatac
Zillya!	Trojan.Themida.Win32.3185

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2018-02-26 20:08:54-05:00
Import Hash	baa93d47220682c04d92f7797d9224ce

PE Sections

MD5	Name	Raw Size	Entropy
0de0ceb73fba415dc20a730f628429a6	header	4096	0.816628
74520bd2f6bb3211bd82b6f9547ff207		1572864	7.979303
32762b0a8ae1347aebaba811505cadcf	.rsrc	49152	4.290489
79cf217f58f3178dafbfe532c01ef5c4	.idata	512	1.308723
f0347e7e1ac9efb817c55b3ba9e5bf2d		512	0.264678
4fb94c6713c62a51c1b230a2bc033fac	suylcrzz	1505792	7.954736
81610ae95a418f6ef9ef042b37a26c4a	ajqluhke	512	3.110274

Relationships

fdb87add07...

Connected_To

188.165.37.168

Description

This sample is a Themida-packed dropper that decodes and drops an embedded file (MD5: B57DB76CC1C0175C4F18EA059D9E2AB2 / SHA256: 7250ccf4fad4d83d087a03d0dd67d1c00bf6cb8e7fa718140507a9d5ffa50b54) to C:\Windows\Web\taskenc.exe. This dropper does not execute the dropped file or create any auto-run keys or scheduled tasks to execute it.

The dropped file (taskenc.exe) is a Themida-packed beaconing implant with RAT functionality. The implant beacons to a hardcoded IP (188.165.37.168) over the hardcoded TCP port 80 every 60 seconds. The initial beacon contains the string “ApolloZeus” as well as victim information, including OS version, user name, and IP address. All traffic, including the beacon, is encoded with an indigenous encoding algorithm. Due to the way the implant decodes the hardcoded string “ApolloZeus” in-place in memory, the first beacon contains the string in plaintext, the second beacon will contain the string encoded, and so on. This is probably unintended and an oversight by the developers.

--Begin Packet Format--
[8 Bytes data length][2Byte Opcode][data]
--End Packet Format--

--Begin Victim Information--
OS Version
User name
IP address
--End Victim Information--

A Python3 script for decoding the traffic is displayed below:

--Begin Python3 Script--
def decode(enc):
dec = b’’
key1 = 0x49;
key2 = 0x1310a024;
key3 = 0xa323da32;

for e in enc:
   dec += chr((ord(e) ^ key3 ^ key1) & 0xff)
   tmp1 = key3 >> 8
   key1 = (key2>>0x10) & (key2>>8) & key2 ^ (key3>>0x10) & tmp1 ^ key3 & key1 ^ (key3>>0x18);
   tmp2 = key3 * 2 ^ key3;
   key3 = key2 << 0x18 | key3 >> 8;
   key2 = (tmp2 & 0x1fe) << 0x16 | key2 >> 8;
return dec
--End Python3 Script--

Screenshots

Figure 1 - Implant Functionality.

188.165.37.168

Ports

80 TCP

Relationships

188.165.37.168

Connected_From

fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac

Description

Hardcoded C2 address used in implant.

Relationship Summary

fdb87add07...	Connected_To	188.165.37.168
188.165.37.168	Connected_From	fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac

Recommendations

Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
Monitor users' web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Contact Information

1-888-282-0870
NCCICCustomerService@us-cert.gov (UNCLASS)
us-cert@dhs.sgov.gov (SIPRNET)
us-cert@dhs.ic.gov (JWICS)

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

Can I submit malware to CISA? Malware samples can be submitted via three methods:

Web: https://malware.us-cert.gov
E-Mail: submit@malware.us-cert.gov
FTP: ftp.malware.us-cert.gov (anonymous)

This product is provided subject to this Notification and this Privacy & Use policy.

↧

MAR-10265965-3.v1 – North Korean Trojan: CROWDEDFLOUNDER

February 14, 2020, 5:00 am

≫ Next: MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT

≪ Previous: MAR-10265965-2.v1 – North Korean Trojan: SLICKSHOES

Original release date: February 14, 2020

Notification

Summary

Description

This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used by the North Korean government. This malware variant has been identified as CROWDEDFLOUNDER. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.

DHS, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This report analyzes a Themida packed 32-bit Windows executable, which is designed to unpack and execute a Remote Access Trojan (RAT) binary in memory. This application is designed to accept arguments during execution or can be installed as a service with command line arguments. It is designed to listen as a proxy for incoming connections containing commands or can connect to a remote server to receive commands.

For a downloadable copy of IOCs, see MAR-10265965-3.v1.stix.

Submitted Files (1)

a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442 (F2B9D1CB2C4B1CD11A8682755BCC52...)

Findings

a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442

Tags

trojan

Details

Name	F2B9D1CB2C4B1CD11A8682755BCC52FA
Size	1658880 bytes
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	f2b9d1cb2c4b1cd11a8682755bcc52fa
SHA1	579884fad55207b54e4c2fe2644290211baec8b5
SHA256	a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442
SHA512	b047a4275f0fa7c0025945800acbffb5be1d327160a135c6ba8ff54352be603cbb47fff71f180ab1a915229778b7a883ed19e1d6a954ab82435913ed95c40752
ssdeep	24576:darngxIJfX2+8mGrvs5pdUIPv3eAUW/Y8w9ejjERAjYrNFtI937sTR7R5NwrzD:da7gx2B81gdVXvfAnHRFtIl7k7RPwr
Entropy	7.958686

Antivirus

Ahnlab	Trojan/Win32.Xpacked
Antiy	Trojan/Win32.BlueNoroff
Avira	TR/Crypt.TPM.Gen
BitDefender	Trojan.GenericKD.41987817
ClamAV	Win.Trojan.Agent-7376505-0
Cyren	W32/Trojan.SXNN-1599
ESET	Win32/NukeSped.CL trojan
Emsisoft	Trojan.GenericKD.41987817 (B)
Ikarus	Trojan.Win32.NukeSped
K7	Trojan ( 0040f4ef1 )
McAfee	Trojan-NukeSped.a
Microsoft Security Essentials	Trojan:Win32/Thcsim
NANOAV	Trojan.Win32.BlueNoroff.ggbrdv
NetGate	Trojan.Win32.Malware
Sophos	Troj/Agent-BCXR
Symantec	Trojan Horse
TrendMicro	TROJ_THCSIM.A
TrendMicro House Call	TROJ_THCSIM.A
VirusBlokAda	BScope.TrojanPSW.Predator
Zillya!	Trojan.NukeSped.Win32.184

YARA Rules

No matches found.

ssdeep Matches

No matches found.

PE Metadata

Compile Date	2017-02-20 05:45:37-05:00
Import Hash	baa93d47220682c04d92f7797d9224ce

PE Sections

MD5	Name	Raw Size	Entropy
a7295799f336e3a6e8b61fe4f93e2251	header	4096	0.812374
2db23f163210140d797f67ed1ec1f08e		156160	7.983767
d41d8cd98f00b204e9800998ecf8427e	.rsrc	0	0.000000
efcb51d4d8a55d441d194e80899bb2b0	.idata	512	1.308723
d5443c2d2f51ba6c31a5fc9c35af7a2f		512	0.240445
8eea01ecbee2f6234d68b27d4e05585a	htusmqub	1497088	7.954958
6b71d93792bb677f0a09dbe70e6df1a2	ijybpcqb	512	3.636986

Description

This application is a Themida packed 32-bit Windows executable, which is designed to unpack and execute a RAT binary in memory. This application is designed to accept arguments during execution or can be installed as a service with command line arguments. When executed, the application is designed to open the Windows Firewall on the victim’s machine to allow for incoming and outgoing connections from the victim system. The firewall is modified using a "netsh firewall add portopening" command (Figure 2). Static analysis indicates this malware may be utilized to listen as a proxy for incoming connections containing commands or can connect to a remote server to receive commands. The following command line arguments are utilized to control the RAT functionality:

--Begin RAT command line arguments--

-p: You can use the -p command line argument to force the malware to listen on a specific port. Example: malware.exe -p 8888

-h: You can use the -h CLI to force the malware to connect to a remote host and port. Example: malware.exe -h <url_string>:8888

Note: <url_string> can be either a fully qualified domain name or an Internet Protocol (IP) address.

--End RAT command line arguments--

The RAT uses a rotating exclusive or (XOR) cryptographic algorithm to secure its data transfers and command-and-control (C2) sessions (Figure 1). The malware is designed to accept instructions from the remote server to perform the following functions:

--Begin functions performed by the malware--
Download and upload files
Execute secondary payloads
Execute shell commands
Terminate running processes
Delete files
Search files
Set file attributes
Collect device information from installed storage devices (disk free space and their type)
List running processes information
Collect and send information about the victim's system
Securely download malicious DLLs and inject them into remote processes
--End functions performed by the malware--

The -h argument is utilized to force the RAT to connect to a C2 server and the CURL library (Version 7.49.1) will be used for data transfers. Note: A rotating XOR cipher will be used to secure all C2 traffic sent and received from the external C2 server. Although the malware appears to expect a numeric IP address with the -h argument, it will also accept a string Uniform Resource Locator (URL) value. If a URL string is provided (i.e. domain.com) the malware will then query this address using the Win32 API getaddrinfo(). If this call succeeds, an IP address will be returned and the malware will attempt to connect to that IP address. If the call to getaddrinfo() fails the malware will hash this domain using the MD5 hashing algorithm, resulting in a 16 byte hash value. The malware will then take bytes 4 through 8 of this hash value and XOR them with a four byte value. The resultant four byte value will then be treated as a numeric IP address. The malware will then attempt to connect to this newly generated IP address. Note: all of the command line executables referenced within this product generate and connect to an IP address generated from the provided URL string if the call to getaddrinfo() against the provided URL fails.

Screenshots

Figure 1 - XOR based cipher utilized by RAT to secure traffic between itself and the operator/C2 server.

Figure 2 - Malware loading the command to open the firewall.

Figure 3 - This structure is utilized to parse the proxy port or remote C2 server from the command line arguments.

Recommendations

Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
Monitor users' web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Contact Information

1-888-282-0870
NCCICCustomerService@us-cert.gov (UNCLASS)
us-cert@dhs.sgov.gov (SIPRNET)
us-cert@dhs.ic.gov (JWICS)

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

Can I submit malware to CISA? Malware samples can be submitted via three methods:

Web: https://malware.us-cert.gov
E-Mail: submit@malware.us-cert.gov
FTP: ftp.malware.us-cert.gov (anonymous)

This product is provided subject to this Notification and this Privacy & Use policy.

↧