Quantcast
Channel: CISA All NCAS Products
Viewing all 3440 articles
Browse latest View live

Secure New Internet-Connected Devices

December 31, 2019, 10:44 am
$
0
0
Original release date: December 31, 2019

During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in databases, which may be vulnerable to cyberattacks or unintentionally exposed to the internet. Information breaches or leaks can enable malicious cyber actors to engage in identify theft and phishing scams.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users review CISA Tips on Securing the Internet of Things, Preventing and Responding to Identity Theft, and Avoiding Social Engineering and Phishing Attacks, as well as the following steps to make IoT devices more secure:

  • Use multi-factor authentication when available. Many manufacturers offer users the option to protect accounts with multi-factor authentication (MFA). MFA adds another layer of security and can significantly reduce the impact of a password compromise because the malicious cyber actor needs the other factor—often the user’s mobile phone—for authentication. See Supplementing Passwords for more information.
  • Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.
  • Evaluate your security settings. Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is important to examine the settings—particularly security settings—and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.
  • Ensure you have up-to-date software. When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.
  • Connect carefully. Once your device is connected to the internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the internet is necessary. If it isn’t, disconnect. See Home Network Security for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Search

DHS Releases NTAS Bulletin

January 4, 2020, 2:51 pm
$
0
0
Original release date: January 4, 2020

Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible threat against the homeland.” You can read the new, entire bulletin at National Terrorism Advisory System Bulletin - January 4, 2020.
 
As the nation’s risk advisor, CISA is sharing this directly with you, our partners, to ensure you have the latest information from the Department of Homeland Security.  As appropriate, we will provide protective measures when and if our understanding of the risk changes.  However, do not wait for us to have the best or only idea – collective defense works best when we share what works, collectively and collaboratively.
 
Stay vigilant, stay connected, and help us – if you See Something, Say Something. For useful tips, resources and information about our offerings, and how to reach us and report information, related to the Bulletin, please visit CISA.gov.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of December 30, 2019

January 6, 2020, 5:41 am
$
0
0
Original release date: January 6, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
citrix -- application_delivery_controller_and_gatewayAn issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.2019-12-277.5CVE-2019-19781
CONFIRM
freeciv -- freecivA denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.2019-12-307.8CVE-2012-5645
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
magnolia_international -- magnolia_cms
 		Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities2019-12-277.5CVE-2013-4621
MISC
MISC
open_dynamics -- collabtiveCollabtive 1.0 has incorrect access control2019-12-277.5CVE-2013-5027
MISC
php-shellcommand -- php-shellcommandphp-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2019-12-3010CVE-2019-10774
MISC
senkas -- kolibriBuffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.2019-12-277.5CVE-2014-5289
MISC
BID
XF
sqlite -- sqlite
 		selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.2020-01-027.5CVE-2019-20218
MISC
wordpress -- wordpress
 		wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.2019-12-277.5CVE-2019-20041
MISC
MISC
yandex -- clickhouseIn all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.2019-12-307.5CVE-2019-16535
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
bolt -- bolt
 		Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.2019-12-314.3CVE-2019-9553
MISC
MISC
genjxcms -- genjxcms
 		GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.2019-12-314.3CVE-2018-14476
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.2019-12-274.3CVE-2019-20009
MISC
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.2019-12-276.8CVE-2019-20010
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.2019-12-276.8CVE-2019-20011
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.2019-12-276.8CVE-2019-20014
MISC
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.2019-12-274.3CVE-2019-20012
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.2019-12-274.3CVE-2019-20013
MISC
MISC
MISC
gnu -- libredwg
 		An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.2019-12-274.3CVE-2019-20015
MISC
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c.2019-12-314.3CVE-2019-20167
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.2019-12-314.3CVE-2019-20163
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c.2019-12-314.3CVE-2019-20169
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c.2019-12-314.3CVE-2019-20168
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.2019-12-314.3CVE-2019-20166
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.2019-12-314.3CVE-2019-20161
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.2019-12-314.3CVE-2019-20160
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.2019-12-314.3CVE-2019-20162
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c.2019-12-314.3CVE-2019-20164
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.2019-12-314.3CVE-2019-20165
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.2019-12-304CVE-2019-4343
XF
CONFIRM
ibm -- mqIBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.2019-12-304CVE-2019-4655
XF
CONFIRM
ibm -- watson_studio_local
 		IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238.2019-12-305CVE-2018-1682
XF
CONFIRM
joomla! -- joomla!
 		Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS2019-12-274.3CVE-2013-4692
MISC
MISC
MISC
libsixel_project -- libsixelA memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.2019-12-274.3CVE-2019-20023
MISC
libsixel_project -- libsixelAn invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.2019-12-274.3CVE-2019-20022
MISC
libsixel_project -- libsixel
 		An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.2019-12-306.8CVE-2019-20094
MISC
libsixel_project -- libsixel
 		A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.2019-12-274.3CVE-2019-20024
MISC
livefyre -- livecommentsCross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.2019-12-274.3CVE-2014-6420
MISC
XF
luquidpixels -- liquifire_osLuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.2019-12-296.4CVE-2019-20055
MISC
netis -- dl4323_devicesOn Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).2019-12-304.3CVE-2019-20072
MISC
MISC
MISC
netis -- dl4323_devicesOn Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).2019-12-304.3CVE-2019-20076
MISC
MISC
MISC
netis -- dl4323_devicesOn Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).2019-12-304.3CVE-2019-20070
MISC
MISC
MISC
netis -- dl4323_devices
 		On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).2019-12-304.3CVE-2019-20075
MISC
MISC
MISC
netis -- dl4323_devices
 		On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.2019-12-304CVE-2019-20074
MISC
MISC
netis -- dl4323_devices
 		On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.2019-12-305.8CVE-2019-20071
MISC
MISC
MISC
netis -- dl4323_devices
 		On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).2019-12-304.3CVE-2019-20073
MISC
MISC
MISC
paessler -- prtg_network_monitorPRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.2019-12-314.3CVE-2019-9207
MISC
MISC
paessler -- prtg_network_monitorPRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.2019-12-314.3CVE-2019-9206
MISC
MISC
pillow -- pillow
 		libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.2020-01-036.8CVE-2020-5312
MISC
MISC
pillow -- pillow
 		libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.2020-01-036.8CVE-2020-5310
MISC
MISC
pillow -- pillow
 		libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.2020-01-036.8CVE-2020-5313
MISC
MISC
pillow -- pillow
 		libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.2020-01-036.8CVE-2020-5311
MISC
MISC
proxyman -- proxyman_for_macoscom.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks.2019-12-294.3CVE-2019-20057
MISC
sencha_labs -- connectSencha Labs Connect has XSS with connect.methodOverride()2019-12-274.3CVE-2013-4691
MISC
spbas -- business_automation_softwareSPBAS Business Automation Software 2012 has CSRF.2019-12-274.3CVE-2013-4665
MISC
MISC
spbas-- business_automation_softwareSPBAS Business Automation Software 2012 has XSS.2019-12-274.3CVE-2013-4664
MISC
MISC
MISC
support_incident_tracker_project -- support_incident_trackerIn Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.2020-01-024.3CVE-2019-20220
MISC
support_incident_tracker_project -- support_incident_trackerIn Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.2020-01-024.3CVE-2019-20222
MISC
support_incident_tracker_project -- support_incident_trackerIn Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.2020-01-024.3CVE-2019-20221
MISC
support_incident_tracker_project -- support_incident_trackerIn Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.2020-01-024.3CVE-2019-20223
MISC
tbeu -- matioA stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17.2019-12-274.3CVE-2019-20018
MISC
tbeu -- matioA stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.2019-12-274.3CVE-2019-20017
MISC
tbeu -- matio
 		A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.2019-12-274.3CVE-2019-20020
MISC
tbeu -- matio
 		An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.2019-12-274.3CVE-2019-20019
MISC
toshiba -- configfree
 		Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.2019-12-276.8CVE-2012-4980
BID
XF
upx -- upx
 		A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.2019-12-274.3CVE-2019-20021
MISC
winamp -- winamp
 		Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution2019-12-276.8CVE-2013-4695
MISC
MISC
wordpress -- wordpressWordPress Xorbin Digital Flash Clock 1.0 has XSS2019-12-274.3CVE-2013-4693
MISC
wordpress -- wordpressWordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel in wp-includes/formatting.php.2019-12-274.3CVE-2019-20042
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressAn XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.2019-12-304.3CVE-2019-20141
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.2019-12-274.3CVE-2014-4519
MISC
wordpress -- wordpress
 		WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the REST API because of missing access control in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php.2019-12-275CVE-2019-20043
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.2019-12-274.3CVE-2014-4592
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.2019-12-274.3CVE-2014-4523
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.2019-12-274.3CVE-2014-4525
MISC
CONFIRM
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.2019-12-274.3CVE-2014-4550
MISC
xnview -- xnview
 		Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.2020-01-026.8CVE-2013-3246
MISC
MISC
xnview -- xnview
 		Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.2020-01-026.8CVE-2013-3247
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- cognos_analytics
 		IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.2019-12-303.5CVE-2019-4623
XF
CONFIRM
ibm -- watson_studio_local
 		IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.2019-12-302.1CVE-2019-4335
XF
CONFIRM
nagios -- nagios_xiIn Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.2019-12-303.5CVE-2019-20139
MISC
tenable -- nessus
 		Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).2019-12-273.5CVE-2016-1000028
MISC
MISC
CONFIRM
tenable -- nessus
 		Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).2019-12-273.5CVE-2016-1000029
MISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
amazon -- blink_xt2_deviceBlink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.2019-12-31not yet calculatedCVE-2019-3984
CONFIRM
angular -- angular
 		There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.2020-01-02not yet calculatedCVE-2019-14863
CONFIRM
MISC
apache -- solrApache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).2019-12-30not yet calculatedCVE-2019-17558
MISC
avira -- free_antivirusAvira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.2019-12-31not yet calculatedCVE-2019-18568
CONFIRM
axiomatic_systems -- bento4An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.2019-12-30not yet calculatedCVE-2019-20092
MISC
axiomatic_systems -- bento4An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.2019-12-30not yet calculatedCVE-2019-20091
MISC
axiomatic_systems -- bento4An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.2019-12-30not yet calculatedCVE-2019-20090
MISC
baidu_x-lab -- rust_sgx_sdkBaidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.2020-01-04not yet calculatedCVE-2020-5499
MISC
boltwire -- boltwire
 		Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.2020-01-02not yet calculatedCVE-2013-0737
MISC
bombba -- bombbaThe quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.2019-12-31not yet calculatedCVE-2018-19834
MISC
bssys -- rbs_bs-clientCross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.2020-01-03not yet calculatedCVE-2014-4196
MISC
bssys -- rbs_bs-client
 		Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value.2020-01-03not yet calculatedCVE-2014-10398
MISC
bulb_security -- smartphone_pentest_framework
 		Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.2020-01-03not yet calculatedCVE-2012-5693
MISC
bulb_security -- smartphone_pentest_framework
 		Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.2020-01-03not yet calculatedCVE-2012-5878
MISC
MISC
business_alliance_financial_circle -- business_alliance_financial_circleThe UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.2019-12-31not yet calculatedCVE-2018-19830
MISC
chamilo -- chamilo_lmsChamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.2020-01-04not yet calculatedCVE-2015-9540
MISC
clusterlabs -- fence-agents
 		In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.2020-01-02not yet calculatedCVE-2014-0104
MISC
MISC
MISC
MISC
comtech -- stampede_fx-1010_devices
 		Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)2020-01-02not yet calculatedCVE-2020-5179
MISC
craftcms -- craft_cmsIn the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.2019-12-31not yet calculatedCVE-2019-9554
MISC
MISC
cryptobond_network -- cryptobond_networkThe ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.2019-12-31not yet calculatedCVE-2018-19831
MISC
cumin -- cumin
 		An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.2019-12-30not yet calculatedCVE-2013-0264
MISC
MISC
d-link -- dgs-1510_series_switchesA security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.2019-12-30not yet calculatedCVE-2018-7859
CONFIRM
d-link -- dir-859_routers
 		D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.2020-01-02not yet calculatedCVE-2019-20213
MISC
MISC
MISC
MISC
d-link -- dir-859_wi-fi_router
 		The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.2019-12-30not yet calculatedCVE-2019-17621
MISC
MISC
CONFIRM
CONFIRM
MISC
MISC
ddq -- ddq
 		The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.2019-12-31not yet calculatedCVE-2018-19833
MISC
docker -- docker
 		An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.2020-01-02not yet calculatedCVE-2014-0048
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ds_data_systems -- konakartCross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.2020-01-03not yet calculatedCVE-2014-5516
MISC
MISC
MISC
easy_xml_editor -- easy_xml_editorEasy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.2019-12-30not yet calculatedCVE-2019-19031
MISC
ecstatic -- ecstaticecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.2020-01-02not yet calculatedCVE-2019-10775
MISC
embedded_glibc -- embedded_glibcThe eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.2019-12-31not yet calculatedCVE-2013-4357
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ezxml -- ezxmlAn issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.2019-12-31not yet calculatedCVE-2019-20198
MISC
ezxml -- ezxml
 		An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.2019-12-31not yet calculatedCVE-2019-20201
MISC
ezxml -- ezxml
 		An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.2019-12-31not yet calculatedCVE-2019-20200
MISC
ezxml -- ezxml
 		An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.2019-12-31not yet calculatedCVE-2019-20199
MISC
ezxml -- ezxml
 		An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.2019-12-31not yet calculatedCVE-2019-20202
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.2020-01-03not yet calculatedCVE-2019-20330
MISC
MISC
fhdk -- gksu-polkit
 		gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.2019-12-31not yet calculatedCVE-2013-4161
MISC
MISC
MISC
MISC
MISC
fiberhome -- an5506-04-f_rp_2669_devicesFiberHome an5506-04-f RP2669 devices have XSS.2019-12-31not yet calculatedCVE-2019-9556
MISC
MISC
fontforge -- fontforgeFontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.2020-01-03not yet calculatedCVE-2020-5395
MISC
fontforge -- fontforgeFontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.2020-01-03not yet calculatedCVE-2020-5496
MISC
ftp -- ftpAn issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value.2019-12-31not yet calculatedCVE-2019-9668
MISC
fusionforge -- fusionforgeFusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.2020-01-02not yet calculatedCVE-2014-6275
MISC
MISC
generalitat_de_catalunya -- accesuniversitat.gencat.cat
 		The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}.2019-12-31not yet calculatedCVE-2019-12837
MISC
getsimple_cms -- getsimple_cms
 		Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621.2020-01-02not yet calculatedCVE-2013-1420
MISC
MISC
MISC
gitlab -- enterprise_editionAn issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20507
MISC
gitlab -- gitlab_community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.2019-12-30not yet calculatedCVE-2018-20490
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_editionGitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.2020-01-03not yet calculatedCVE-2019-19254
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20489
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.2019-12-30not yet calculatedCVE-2018-20488
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20493
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_editionAn issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.2019-12-30not yet calculatedCVE-2018-20499
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_editionGitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).2020-01-03not yet calculatedCVE-2019-19257
CONFIRM
MISC
gitlab -- gitlab_community_and_enterprise_editionGitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).2020-01-03not yet calculatedCVE-2019-19260
CONFIRM
MISC
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20501
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.2019-12-30not yet calculatedCVE-2018-20495
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20494
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.2019-12-30not yet calculatedCVE-2018-20498
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.2019-12-30not yet calculatedCVE-2018-20496
CONFIRM
CONFIRM
gitlab -- gitlab_community_and_enterprise_edition
 		An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.2019-12-30not yet calculatedCVE-2018-20497
CONFIRM
CONFIRM
gitlab -- gitlab_enterprise_editionGitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.2020-01-03not yet calculatedCVE-2019-19263
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.2020-01-03not yet calculatedCVE-2019-19255
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.2020-01-03not yet calculatedCVE-2019-19262
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_editionGitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).2020-01-03not yet calculatedCVE-2019-19087
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.2020-01-03not yet calculatedCVE-2019-19309
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.2020-01-03not yet calculatedCVE-2019-19088
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.2020-01-03not yet calculatedCVE-2019-19261
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).2020-01-03not yet calculatedCVE-2019-19086
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.2019-12-30not yet calculatedCVE-2018-20491
CONFIRM
CONFIRM
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).2020-01-03not yet calculatedCVE-2019-19259
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.2020-01-03not yet calculatedCVE-2019-19258
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.2020-01-03not yet calculatedCVE-2019-19311
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.2020-01-03not yet calculatedCVE-2019-19256
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.2020-01-03not yet calculatedCVE-2019-19310
CONFIRM
MISC
gonicus -- gosaThe GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.2019-12-31not yet calculatedCVE-2019-14466
MISC
MISC
google -- chromeOut of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-03not yet calculatedCVE-2019-5845
MISC
MISC
google -- chromeUse-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-03not yet calculatedCVE-2019-13765
MISC
MISC
google -- chrome
 		Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-03not yet calculatedCVE-2019-5846
MISC
MISC
google -- chrome
 		Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-03not yet calculatedCVE-2019-13766
MISC
MISC
google -- chrome
 		Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-03not yet calculatedCVE-2019-5844
MISC
MISC
gopro -- gpmf-parserGoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.2019-12-30not yet calculatedCVE-2019-20088
MISC
gopro -- gpmf-parserGoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.2019-12-30not yet calculatedCVE-2019-20086
MISC
gopro -- gpmf-parserGoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.2019-12-30not yet calculatedCVE-2019-20089
MISC
gopro -- gpmf-parserGoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.2019-12-30not yet calculatedCVE-2019-20087
MISC
goscript -- goscript
 		go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.2019-12-31not yet calculatedCVE-2004-2776
MISC
MISC
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.2019-12-31not yet calculatedCVE-2019-20170
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.2019-12-31not yet calculatedCVE-2019-20171
MISC
gpac -- gpacAn issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.2019-12-31not yet calculatedCVE-2019-20159
MISC
gpac -- gpacdimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.2020-01-02not yet calculatedCVE-2019-20208
MISC
helpdezk -- helpdezkUnrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.2020-01-03not yet calculatedCVE-2014-8337
MISC
MISC
hp -- multiple_products
 		A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.2020-01-03not yet calculatedCVE-2019-11994
MISC
hp -- multiple_products
 		A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.2020-01-03not yet calculatedCVE-2019-11993
MISC
huawei -- multiple_products
 		Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.2020-01-03not yet calculatedCVE-2019-5304
MISC
huawei -- multiple_smartphonesMate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.2020-01-03not yet calculatedCVE-2020-1785
MISC
huawei -- p30_smartphones
 		HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.2020-01-03not yet calculatedCVE-2019-19441
MISC
huawei -- usg9500_devices
 		USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.2020-01-03not yet calculatedCVE-2020-1871
MISC
infinispan -- infinispan
 		A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.2020-01-02not yet calculatedCVE-2019-10158
CONFIRM
CONFIRM
CONFIRM
irfanview -- irfanview
 		Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.2020-01-02not yet calculatedCVE-2013-3946
MISC
CONFIRM
irfanview -- irfanview
 		Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.2020-01-02not yet calculatedCVE-2013-3944
MISC
MISC
CONFIRM
irfanview -- irfanview
 		The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.2020-01-02not yet calculatedCVE-2013-3945
MISC
CONFIRM
it-novum -- openitcockpitopenITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.2019-12-31not yet calculatedCVE-2019-10227
CONFIRM
CONFIRM
joomla! -- joomla!
 		Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.2020-01-02not yet calculatedCVE-2013-3931
MISC
MISC
MISC
joomla! -- joomla!
 		SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.2020-01-02not yet calculatedCVE-2013-3932
MISC
MISC
MISC
kind-of -- kind-ofctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.2019-12-30not yet calculatedCVE-2019-20149
MISC
MISC
knockout -- knockoutThere is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.2020-01-02not yet calculatedCVE-2019-14862
CONFIRM
MISC
libmysofa -- libmysofa
 		hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.2019-12-29not yet calculatedCVE-2019-20063
MISC
MISC
libsixel_project -- libsixellibsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.2020-01-02not yet calculatedCVE-2019-20205
MISC
libsixel_project -- libsixelstb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.2019-12-29not yet calculatedCVE-2019-20056
MISC
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.2019-12-30not yet calculatedCVE-2019-20140
MISC
linux -- linux_kernelIn the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.2019-12-31not yet calculatedCVE-2019-19927
MISC
MISC
MISC
MISC
linux -- linux_kernelmwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.2019-12-30not yet calculatedCVE-2019-20095
MISC
MISC
linux -- linux_kernel
 		In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.2019-12-30not yet calculatedCVE-2019-20096
MISC
MISC
loaded_commerce -- loaded_commerceThe bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.2020-01-03not yet calculatedCVE-2014-5140
MISC
MISC
MISC
MISC
MISC
mailstore -- mailstore_server_and_mailstore_service_providerAn issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt.2019-12-31not yet calculatedCVE-2019-10229
CONFIRM
mfscripts -- yetishareclass.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.2019-12-30not yet calculatedCVE-2019-19735
MISC
MISC
mfscripts -- yetishareMFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.2019-12-30not yet calculatedCVE-2019-19739
MISC
mfscripts -- yetisharetranslation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.2019-12-30not yet calculatedCVE-2019-19732
MISC
MISC
mfscripts -- yetishareMFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.2019-12-30not yet calculatedCVE-2019-19736
MISC
mfscripts -- yetishareMFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.2019-12-30not yet calculatedCVE-2019-19737
MISC
mfscripts -- yetisharelog_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.2019-12-30not yet calculatedCVE-2019-19738
MISC
MISC
mfscripts -- yetishare
 		_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.2019-12-30not yet calculatedCVE-2019-19734
MISC
MISC
mfscripts -- yetishare
 		_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.2019-12-30not yet calculatedCVE-2019-19805
MISC
mfscripts -- yetishare
 		_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.2019-12-30not yet calculatedCVE-2019-19733
MISC
MISC
mfscripts -- yetishare
 		_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.2019-12-30not yet calculatedCVE-2019-19806
MISC
miniupnp -- ngiflibngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.2020-01-02not yet calculatedCVE-2019-20219
MISC
mitreid_connect -- mitreid_connectThe OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.2020-01-04not yet calculatedCVE-2020-5497
MISC
monitorix -- monitorixThe handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.2019-12-31not yet calculatedCVE-2013-7070
MISC
MISC
MISC
monitorix -- monitorixCross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.2019-12-31not yet calculatedCVE-2013-7071
MISC
MISC
MISC
mybb -- mybbMyBB before 1.8.22 allows an open redirect on login.2020-01-02not yet calculatedCVE-2019-20225
MISC
MISC
nagios -- nagios_xiIn Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.2019-12-31not yet calculatedCVE-2019-20197
MISC
nasm -- netwide_assemblerIn Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.2020-01-04not yet calculatedCVE-2019-20334
MISC
MISC
newinteltechmedia -- newinteltechmediaThe NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.2019-12-31not yet calculatedCVE-2018-19832
MISC
nim -- nimThe HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.2019-12-30not yet calculatedCVE-2019-20138
MISC
obs-server -- obs-serverobs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.2020-01-02not yet calculatedCVE-2010-3782
MISC
open-xchange -- appsuite
 		Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.2020-01-02not yet calculatedCVE-2013-7486
MISC
BUGTRAQ
SECTRACK
XF
CONFIRM
open-xchange -- appsuite
 		Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.2020-01-02not yet calculatedCVE-2013-7485
OSVDB
MISC
BUGTRAQ
SECUNIA
SECTRACK
XF
XF
CONFIRM
open-xchange -- appsuite
 		Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.2020-01-02not yet calculatedCVE-2013-6242
MISC
MISC
MISC
MISC
MISC
opencv -- opencvAn exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.2020-01-03not yet calculatedCVE-2019-5063
MISC
opencv -- opencvAn exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.2020-01-03not yet calculatedCVE-2019-5064
MISC
openlambda -- openlambdaOpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000.2020-01-03not yet calculatedCVE-2019-20329
MISC
MISC
MISC
openldap -- openldap
 		An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.2020-01-02not yet calculatedCVE-2014-8182
MISC
MISC
MISC
MISC
opsview -- opsview_and_opsview_coreMultiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.2020-01-02not yet calculatedCVE-2013-3936
MISC
MISC
opsview -- opsview_and_opsview_coreCross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.2020-01-02not yet calculatedCVE-2013-3935
MISC
MISC
outsystems -- platformOutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: the product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.)2019-12-31not yet calculatedCVE-2019-12273
MISC
ovirt-engine-sdk-python -- ovirt-engine-sdk-python
 		ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.2020-01-02not yet calculatedCVE-2014-0161
MISC
MISC
pivotal -- pivotal_spring_frameworkPivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.2020-01-02not yet calculatedCVE-2016-1000027
MISC
MISC
MISC
MISC
plone -- plone
 		Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.2020-01-02not yet calculatedCVE-2013-7062
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
podofo -- podofoThe PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.2019-12-30not yet calculatedCVE-2019-20093
MISC
pure-ftpd -- pure-ftpd
 		In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.2019-12-31not yet calculatedCVE-2019-20176
MISC
python-ecdsa -- python-ecdsa
 		A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.2020-01-02not yet calculatedCVE-2019-14859
CONFIRM
MISC
MISC
MISC
qemu -- qemu
 		A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.2019-12-30not yet calculatedCVE-2013-2016
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qemu -- qemu
 		Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.2020-01-02not yet calculatedCVE-2013-4532
MISC
MISC
MISC
MISC
MISC
MISC
quixplorer -- quixplorer
 		Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.2020-01-02not yet calculatedCVE-2013-1642
MISC
MISC
MISC
red_hat -- ansibleAnsible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.2020-01-02not yet calculatedCVE-2019-14864
CONFIRM
MISC
MISC
red_hat -- jboss_enterprise_application_platform
 		In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.2020-01-02not yet calculatedCVE-2014-0169
MISC
MISC
red_hat -- jboss_portal
 		It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.2020-01-02not yet calculatedCVE-2014-0245
MISC
MISC
MISC
red_hat -- openshift_enterprise
 		A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.2019-12-30not yet calculatedCVE-2013-0196
MISC
MISC
red_hat -- openstack_essex_releaseWithin the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.2019-12-30not yet calculatedCVE-2012-5476
MISC
MISC
MISC
red_hat -- openstack_platform_and_openstack_essex_release
 		The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.2019-12-30not yet calculatedCVE-2012-5474
MISC
MISC
MISC
MISC
red_hat -- quayA flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.2020-01-02not yet calculatedCVE-2019-10205
CONFIRM
red_hat -- satellite_6Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.2020-01-02not yet calculatedCVE-2014-3590
MISC
MISC
MISC
red_hat -- subscription_asset_managerVersions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.2020-01-02not yet calculatedCVE-2014-0183
MISC
MISC
ricoh -- marcomcentral
 		A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.2019-12-31not yet calculatedCVE-2019-7751
MISC
MISC
ros -- ros
 		An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.2019-12-30not yet calculatedCVE-2019-13445
MISC
CONFIRM
CONFIRM
ros -- ros
 		An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package).2019-12-30not yet calculatedCVE-2019-13465
CONFIRM
CONFIRM
rsa -- authentication_managerRSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.2020-01-03not yet calculatedCVE-2019-3768
MISC
samba -- samba
 		Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.2019-12-31not yet calculatedCVE-2011-3585
MISC
MISC
MISC
MISC
MISC
serenityos -- serenityos
 		Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.2019-12-31not yet calculatedCVE-2019-20172
MISC
MISC
shaarli -- shaarli
 		Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.2020-01-02not yet calculatedCVE-2013-7351
MISC
MISC
MISC
CONFIRM
CONFIRM
sonicwall -- global_management_systemA vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.2019-12-31not yet calculatedCVE-2019-7478
CONFIRM
sonicwall -- sonicos
 		A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).2019-12-31not yet calculatedCVE-2019-7479
CONFIRM
sqlite -- sqlite
 		ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.2020-01-03not yet calculatedCVE-2019-19959
MISC
MISC
supermicro -- x9_and_x8_generation_motherboards
 		Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.2020-01-02not yet calculatedCVE-2013-3619
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
supermicro -- x9_and_x8_generation_motherboards
 		Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.2020-01-02not yet calculatedCVE-2013-3620
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
sylius -- sylius
 		An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object.2019-12-31not yet calculatedCVE-2019-12186
CONFIRM
symfony -- symfony
 		Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.2020-01-02not yet calculatedCVE-2013-4752
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
telos -- automated_message_handling_system: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9538
CERT-VN
telos -- automated_message_handling_system: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9537
CERT-VN
telos -- automated_message_handling_system
 		: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9541
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9542
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9540
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-03not yet calculatedCVE-2019-9539
CERT-VN
textproc/isearch -- textproc/isearch
 		The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).2019-12-30not yet calculatedCVE-2012-5663
MISC
MISC
MISC
MISC
MISC
tigervnc -- tigervnc
 		Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.2020-01-02not yet calculatedCVE-2014-0011
MISC
CONFIRM
tiny_file_manager -- tiny_file_manager
 		In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.2019-12-30not yet calculatedCVE-2019-16790
MISC
CONFIRM
tinywall -- tinywallAn attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13.2019-12-30not yet calculatedCVE-2019-19470
MISC
tvt -- nvms-1000_devicesTVT NVMS-1000 devices allow GET /.. Directory Traversal2019-12-30not yet calculatedCVE-2019-20085
MISC
unity_technologies -- editor
 		The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.2019-12-31not yet calculatedCVE-2019-9197
CONFIRM
MISC
vim -- vim
 		The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.2019-12-30not yet calculatedCVE-2019-20079
MISC
MISC
MISC
visual_mining -- netcharts_server
 		Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.2020-01-03not yet calculatedCVE-2014-8516
MISC
MISC
MISC
MISC
wordpress -- wordpressCross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters.2020-01-02not yet calculatedCVE-2014-4553
MISC
wordpress -- wordpress
 		The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.2020-01-02not yet calculatedCVE-2019-20204
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.2020-01-02not yet calculatedCVE-2019-20203
MISC
MISC
MISC
MISC
xmlblueprint -- xmlblueprintXMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.2019-12-30not yet calculatedCVE-2019-19032
MISC
xnview -- xnviewxnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.2020-01-02not yet calculatedCVE-2013-3939
CONFIRM
SECUNIA
xnview -- xnviewHeap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.2020-01-02not yet calculatedCVE-2013-3937
CONFIRM
SECUNIA
xnview -- xnview
 		Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.2020-01-02not yet calculatedCVE-2013-3941
MISC
MISC
yandex -- clickhouse
 		In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.2019-12-30not yet calculatedCVE-2019-15024
MISC
zend_framework -- zend_frameworkMultiple cross-site scripting (XSS) vulnerabilties in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.2020-01-03not yet calculatedCVE-2012-4451
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
zenphoto -- zenphotoSQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.2019-12-31not yet calculatedCVE-2015-5591
MISC
MISC
MISC
MISC
zenphoto -- zenphoto
 		Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).2019-12-31not yet calculatedCVE-2015-5595
MISC
MISC
MISC
zenphoto -- zenphoto
 		Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.2019-12-31not yet calculatedCVE-2015-5592
MISC
MISC
MISC
MISC
zenphoto -- zenphoto
&#xA0;		The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.2019-12-31not yet calculatedCVE-2015-5593
MISC
MISC
MISC
zoho_manageengine -- adselfservice_plusAn issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.2019-12-31not yet calculatedCVE-2019-7162
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

January 6, 2020, 12:01 pm
$
0
0
Original release date: January 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:

  1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
  2. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
  3. Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
  4. Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

This product is provided subject to this Notification and this Privacy & Use policy.

Release of New CISA Insights on Increased Geopolitical Tensions and Threats

January 6, 2020, 4:19 pm
$
0
0
Original release date: January 6, 2020

Stakeholders,
 
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension with Iran. You can read the new CISA Insights at CISA.gov/insights.
 
As the Nation’s risk advisor, CISA is sharing this to ensure you consider how increased geopolitical tensions and threats of aggression might affect you—such as retaliatory cyber and physical attacks. As you read these insights, we hope they assist in how you look at yourself, your facilities, and your operations from the outside-in. Knowing how you may be exposed or targeted will help you to be better prepared (to act, collaborate, and report).
 
As always, we need to hear from you on whether these insights make a difference and what else you recommend for infrastructure resilience, safety of personnel, and protection of the greater public—collective defense works best when we share what works, communicate, and coordinate. Contact us via cisaservicedesk@cisa.dhs.gov or your local CISA field representative.
 
Stay vigilant, stay connected, and help us—If You See Something, Say Something. For useful tips, resources and information about our offerings, and how to reach us and report information, please visit CISA.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

January 7, 2020, 8:01 am
$
0
0
Original release date: January 7, 2020

Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

January 8, 2020, 8:05 am
$
0
0
Original release date: January 8, 2020

Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox and Firefox ESR

January 8, 2020, 8:21 am
$
0
0
Original release date: January 8, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72 and Firefox ESR 68.4 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Search

Mozilla Patches Critical Vulnerability

January 8, 2020, 11:58 am
$
0
0
Original release date: January 8, 2020

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Application Delivery Controller and Citrix Gateway Vulnerability

January 8, 2020, 12:33 pm
$
0
0
Original release date: January 8, 2020

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.   

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 for more information and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

January 9, 2020, 7:41 am
$
0
0
Original release date: January 9, 2020

Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Webex Video Mesh Advisory and the Cisco IOS and IOS XE Software Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates

January 9, 2020, 7:56 am
$
0
0
Original release date: January 9, 2020

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Continued Exploitation of Pulse Secure VPN Vulnerability

January 10, 2020, 3:45 am
$
0
0
Original release date: January 10, 2020

Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack. [1]

Although Pulse Secure [2] disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510. [3][4][5]

CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes. [6]

Timelines of Specific Events

  • April 24, 2019 – Pulse Secure releases initial advisory and software updates addressing multiple vulnerabilities.
  • May 28, 2019 – Large commercial vendors get reports of vulnerable VPN through HackerOne.
  • July 31, 2019 – Full RCE use of exploit demonstrated using the admin session hash to get complete shell.
  • August 8, 2019 – Meh Chang and Orange Tsai demonstrate the VPN issues across multiple vendors (Pulse Secure) with detailed attack on active VPN exploitation.
  • August 24, 2019 – Bad Packets identifies over 14,500 vulnerable VPN servers globally still unpatched and in need of an upgrade.
  • October 7, 2019 – The National Security Agency (NSA) produces a Cybersecurity Advisory on Pulse Secure and other VPN products being targeted actively by advanced persistent threat actors.
  • October 16, 2019 – The CERT Coordination Center (CERT/CC) releases Vulnerability Note VU#927237: Pulse Secure VPN contains multiple vulnerabilities.
  • January 2020 – Media reports cybercriminals now targeting unpatched Pulse Secure VPN servers to install REvil (Sodinokibi) ransomware.   

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of January 6, 2020

January 13, 2020, 3:23 am
$
0
0
Original release date: January 13, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
ca -- automatic_dollar_universeCA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.2020-01-087.2CVE-2019-19544
MISC
cisco -- data_center_network_managerMultiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15979
CISCO
cisco -- data_center_network_managerMultiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15984
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15985
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2020-01-0610CVE-2019-15975
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2020-01-0610CVE-2019-15976
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2020-01-067.8CVE-2019-15977
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15978
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15980
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15981
CISCO
cisco -- data_center_network_manager
 		Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-069CVE-2019-15982
CISCO
cisco -- multiple_linksys_routersCisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access2020-01-0710CVE-2013-5122
MISC
MISC
MISC
determine -- contract_lifecycle_management
 		An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server.2020-01-059CVE-2019-20155
MISC
gilacms -- gila_cms
 		Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.2020-01-069CVE-2020-5514
MISC
git-diff-apply -- git-diff-apply
 		In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.2020-01-077.5CVE-2019-10776
MISC
MISC
CONFIRM
gitlab -- gitlab_enterprise_editionGitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.2020-01-037.5CVE-2019-19088
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.2020-01-057.5CVE-2019-19628
CONFIRM
MISC
google -- androidIn export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1396834712020-01-067.2CVE-2019-9468
CONFIRM
google -- android
 		In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1426027112020-01-089.3CVE-2020-0002
MISC
CONFIRM
huawei -- multiple_products
 		Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.2020-01-037.8CVE-2019-5304
MISC
huawei -- multiple_smartphonesMate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.2020-01-037.1CVE-2020-1785
MISC
ixia -- centurystarcenturystar 7.12 ActiveX Control has a Stack Buffer Overflow2020-01-0810CVE-2014-1598
MISC
mozilla -- firefox_and_firefox_esr_and_thunderbirdWhen following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-087.5CVE-2019-11757
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpgurukul -- dairy_farm_shop_management_systemPHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.2020-01-077.5CVE-2020-5307
MISC
EXPLOIT-DB
phpgurukul -- hostel_management_system
 		PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.2020-01-0810CVE-2020-5510
EXPLOIT-DB
soplanning -- simple_online_planning
 		Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.2020-01-077.5CVE-2014-8673
MISC
MISC
MISC
MISC
thomson_reuters -- fatca
 		A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.2020-01-069CVE-2015-5951
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).2020-01-087.5CVE-2019-20361
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
anglersnet -- cgi_an-analyzer
 		DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page.2020-01-064.3CVE-2019-5989
MISC
MISC
appspace -- on-prem
 		In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.2020-01-074.3CVE-2020-5393
CONFIRM
MISC
aultware -- pwstore
 		AultWare pwStore 2010.8.30.0 has XSS2020-01-074.3CVE-2013-5658
MISC
MISC
MISC
aultware -- pwstore
 		AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request2020-01-075CVE-2013-5657
MISC
MISC
MISC
chamilo -- chamilo_lms
 		Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.2020-01-045.8CVE-2015-9540
MISC
cipherdyne -- fwknop
 		fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.2020-01-096.5CVE-2012-4434
MISC
MISC
MISC
cisco -- data_center_network_manager
 		A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.2020-01-064CVE-2019-15983
CISCO
codoforum -- codoforum
 		Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.2020-01-074.3CVE-2020-5842
MISC
EXPLOIT-DB
determine -- contract_lifecycle_managementAn issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML.2020-01-054.3CVE-2019-20154
MISC
digi -- anywhereusbDigi AnywhereUSB 14 allows XSS via a link for the Digi Page.2020-01-094.3CVE-2019-18859
MISC
dnsmasq -- dnsmasq
 		A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.2020-01-075CVE-2019-14834
CONFIRM
CONFIRM
fontforge -- fontforge
 		FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.2020-01-036.8CVE-2020-5395
MISC
fontforge -- fontforge
 		FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.2020-01-036.8CVE-2020-5496
MISC
fortinet -- fortisiem
 		An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.2020-01-074CVE-2019-6700
CONFIRM
ftpgetter -- ftpgetter_professional
 		FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.2020-01-085CVE-2020-5183
MISC
EXPLOIT-DB
fuzezip -- fuzezip
 		FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability2020-01-074.6CVE-2013-5656
MISC
MISC
MISC
gilacms -- gila_cmsGila CMS 1.11.8 allows /admin/sql?query= SQL Injection.2020-01-066.5CVE-2020-5515
MISC
gilacms -- gila_cms
 		Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.2020-01-066.8CVE-2020-5512
MISC
gilacms -- gila_cms
 		Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.2020-01-066.8CVE-2020-5513
MISC
MISC
gitlab -- gitlab_community_and_enterprise_edition
 		GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.2020-01-035CVE-2019-19254
CONFIRM
MISC
MISC
gitlab -- gitlab_community_and_enterprise_edition
 		GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).2020-01-035CVE-2019-19257
CONFIRM
MISC
gitlab -- gitlab_community_and_enterprise_edition
 		GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).2020-01-035.5CVE-2019-19260
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.2020-01-034CVE-2019-19263
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.2020-01-034CVE-2019-19255
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.2020-01-034CVE-2019-19310
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).2020-01-034CVE-2019-19259
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).2020-01-034CVE-2019-19087
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.2020-01-036.8CVE-2019-19261
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).2020-01-034CVE-2019-19086
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.2020-01-055CVE-2019-19313
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 		In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.2020-01-055CVE-2019-19629
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.2020-01-055CVE-2019-19314
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.2020-01-034CVE-2019-19309
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.2020-01-055CVE-2019-19312
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.2020-01-035CVE-2019-19258
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.2020-01-035CVE-2019-19256
CONFIRM
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.2020-01-034CVE-2019-19262
CONFIRM
MISC
MISC
gnu -- cpio
 		In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.2020-01-076.9CVE-2019-14866
CONFIRM
MISC
MISC
gnu -- libredwgGNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.2020-01-085.8CVE-2020-6614
MISC
gnu -- libredwgGNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.2020-01-084.3CVE-2020-6610
MISC
gnu -- libredwg
 		GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.2020-01-085.8CVE-2020-6612
MISC
gnu -- libredwg
 		GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).2020-01-084.3CVE-2020-6615
MISC
gnu -- libredwg
 		GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.2020-01-084.3CVE-2020-6611
MISC
gnu -- libredwg
 		GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.2020-01-085.8CVE-2020-6613
MISC
google -- androidIn km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-1302466772020-01-064.6CVE-2019-9469
CONFIRM
google -- android
 		In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-1441683262020-01-064.6CVE-2019-9471
CONFIRM
google -- android
 		In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-1441675282020-01-064.6CVE-2019-9470
CONFIRM
google -- chromeUse-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-034.3CVE-2019-13765
MISC
MISC
google -- chrome
 		Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-034.3CVE-2019-5844
SUSE
SUSE
SUSE
MISC
MISC
google -- chrome
 		Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-034.3CVE-2019-5845
SUSE
SUSE
SUSE
MISC
MISC
google -- chrome
 		Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-034.3CVE-2019-13766
MISC
MISC
google -- chrome
 		Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-034.3CVE-2019-5846
SUSE
SUSE
SUSE
MISC
MISC
huawei -- usg9500_devicesUSG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.2020-01-036.4CVE-2020-1871
MISC
icewarp -- webmail_server
 		IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.2020-01-064.3CVE-2019-19265
MISC
CONFIRM
ignite_realtime -- openfireAn XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.2020-01-084.3CVE-2019-20363
MISC
MISC
ignite_realtime -- openfire
 		An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.2020-01-084.3CVE-2019-20366
MISC
MISC
ignite_realtime -- openfire
 		An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.2020-01-084.3CVE-2019-20365
MISC
MISC
ignite_realtime -- openfire
 		An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.2020-01-084.3CVE-2019-20364
MISC
MISC
it_work_center -- fileview
 		The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.2020-01-064.3CVE-2019-15602
MISC
jamf -- jamf_pro
 		Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro.2020-01-076.5CVE-2018-10465
CONFIRM
kunbus -- pr100088_modbus_gateway
 		An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166).2020-01-076.8CVE-2019-6529
MISC
mitreid_connect -- mitreid_connect
 		The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.2020-01-044.3CVE-2020-5497
MISC
mobileiron -- vsp_and_sentry
 		MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords2020-01-086.4CVE-2014-1409
MISC
MISC
MISC
moodle -- moodlemoodle before versions 3.7.3, 3.6.7, 3.5.9 is vulnerable to a None.2020-01-075.5CVE-2019-14879
CONFIRM
mozilla -- firefox
 		Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.2020-01-085CVE-2019-11756
CONFIRM
CONFIRM
open-xchange -- open-xchange_appsuite
 		OX App Suite through 7.10.2 has XSS.2020-01-064.3CVE-2019-16717
MISC
MISC
MISC
opencv -- opencv
 		An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.2020-01-036.8CVE-2019-5064
MISC
MISC
opencv -- opencv
 		An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.2020-01-036.8CVE-2019-5063
MISC
phpgurukul -- hospital_management_system
 		PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.2020-01-064.3CVE-2020-5191
MISC
MISC
phpscriptsmall.com -- advanced-real-estate-script
 		In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.2020-01-054.3CVE-2019-20336
MISC
phpscriptsmall.com -- advanced-real-estate-script
 		In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.2020-01-056.5CVE-2019-20337
MISC
red_hat -- openshift_container_platform
 		OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.2020-01-074CVE-2019-14854
CONFIRM
red_hat -- openshift_container_platform
 		A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.2020-01-076.5CVE-2019-14819
CONFIRM
samsung_kies -- samsung_kies
 		Samsung Kies before 2.5.0.12094_27_11 has registry modification.2020-01-095CVE-2012-3810
MISC
BID
MISC
samsung_kies -- samsung_kies
 		Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.2020-01-095CVE-2012-3808
MISC
BID
MISC
samsung_kies -- samsung_kies
 		Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.2020-01-095CVE-2012-3806
MISC
BID
MISC
samsung_kies -- samsung_kies
 		Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.2020-01-095CVE-2012-3809
MISC
BID
MISC
seeftl -- seeftlThe seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.2020-01-064.3CVE-2019-15603
MISC
sqlite -- sqlite
 		ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.2020-01-035CVE-2019-19959
MISC
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.2020-01-086.8CVE-2020-6619
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.2020-01-086.8CVE-2020-6620
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.2020-01-086.8CVE-2020-6621
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.2020-01-086.8CVE-2020-6623
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.2020-01-086.8CVE-2020-6618
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.2020-01-086.8CVE-2020-6622
MISC
stb_truetype.h -- stb_truetype.h
 		stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.2020-01-086.8CVE-2020-6617
MISC
telos -- automated_message_handling_system
 		: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-035CVE-2019-9541
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-034.3CVE-2019-9540
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-034.3CVE-2019-9539
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-034.3CVE-2019-9537
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-034.3CVE-2019-9538
CERT-VN
telos -- automated_message_handling_system
 		: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.2020-01-034.3CVE-2019-9542
CERT-VN
troglobit -- uftpd
 		In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.112020-01-066.5CVE-2020-5204
MISC
CONFIRM
typsettercms -- typesetter
 		The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.2020-01-054.3CVE-2019-20077
MISC
watchguard -- xmt515
 		A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).2020-01-074.3CVE-2019-18652
MISC
wordpress -- wordpressA flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.2020-01-085CVE-2019-20360
MISC
MISC
wordpress -- wordpress
 		A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.2020-01-096.8CVE-2020-6167
CONFIRM
MISC
MISC
wordpress -- wordpress
 		A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.2020-01-095.5CVE-2020-6166
CONFIRM
MISC
MISC
wordpress -- wordpress
 		A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).2020-01-096.5CVE-2020-6168
CONFIRM
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
codoforum -- codoforum
 		Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.2020-01-053.5CVE-2020-5305
MISC
MISC
codoforum -- codoforum
 		Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.2020-01-053.5CVE-2020-5306
MISC
MISC
codoforum -- codoforum
 		Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.2020-01-073.5CVE-2020-5843
MISC
MISC
gitlab -- gitlab_enterprise_edition
 		GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.2020-01-033.5CVE-2019-19311
CONFIRM
MISC
MISC
google -- android
 		In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-1401959042020-01-083.7CVE-2020-0003
CONFIRM
google -- android
 		In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-1332580032020-01-072.1CVE-2019-9465
CONFIRM
google -- android
 		In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-1302376112020-01-062.1CVE-2019-9472
CONFIRM
google -- pixel_and_pixel_sl_devices
 		An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).2020-01-082.1CVE-2016-5346
MISC
MISC
MISC
MISC
MISC
hmailserver -- hmailserver
 		HMailServer 5.3.x and prior: Memory Corruption which could cause DOS2020-01-072.6CVE-2013-5571
MISC
huawei -- p30_smartphones
 		HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.2020-01-033.3CVE-2019-19441
MISC
icewarp -- webmail_server
 		IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.2020-01-063.5CVE-2019-19266
MISC
CONFIRM
pearson -- enterprise_student_information_system
 		Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input2020-01-083.5CVE-2014-1454
MISC
MISC
pqi -- aircard
 		PQI AirCard has persistent XSS2020-01-073.5CVE-2013-5637
MISC
soplanning -- simple_online_planning
 		Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.2020-01-063.5CVE-2014-8674
MISC
MISC
MISC
MISC
symantec -- it_management_suite
 		A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.2020-01-083.5CVE-2016-6588
MISC
CONFIRM
MISC
transcend -- wifi_sd_cardTranscend WiFiSD 1.8 has persistent XSS2020-01-073.5CVE-2013-5638
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
advisto -- peel_shopping
 		Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.2020-01-09not yet calculatedCVE-2019-20178
MISC
agilebits -- 1password_for_windows
 		AgileBits 1Password through 1.0.9.340 allows security feature bypass2020-01-09not yet calculatedCVE-2014-3753
MISC
ahsay -- cloud_backup_suite
 		An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds.2020-01-06not yet calculatedCVE-2020-5846
MISC
akips -- akips
 		The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.2020-01-06not yet calculatedCVE-2016-11017
MISC
MISC
amazon -- aws-lambda
 		In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".2020-01-08not yet calculatedCVE-2019-10777
CONFIRM
anglersnet -- cgi_an-analyzerStored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.2020-01-06not yet calculatedCVE-2019-5988
MISC
MISC
anglersnet -- cgi_an-analyzer
 		Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer.2020-01-06not yet calculatedCVE-2019-5990
MISC
MISC
anglersnet -- cgi_an-analyzer
 		Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.2020-01-06not yet calculatedCVE-2019-5987
MISC
MISC
ansible -- ansible
 		Ansible prior to 1.5.4 mishandles the evaluation of some strings.2020-01-09not yet calculatedCVE-2014-2686
MISC
apache -- mavenThe MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element).2020-01-06not yet calculatedCVE-2019-20343
MISC
MISC
MISC
apache -- olingo
 		Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.2020-01-09not yet calculatedCVE-2020-1925
CONFIRM
arial_software -- campaign_enterpriseArial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.2020-01-10not yet calculatedCVE-2012-3822
MISC
XF
arial_software -- campaign_enterprise
 		A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.2020-01-10not yet calculatedCVE-2012-3821
MISC
MISC
MISC
MISC
MISC
arial_software -- campaign_enterprise
 		Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.2020-01-10not yet calculatedCVE-2012-3823
MISC
XF
arial_software -- campaign_enterprise
 		In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.2020-01-10not yet calculatedCVE-2012-3824
MISC
XF
artica -- pandora_fms
 		netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.2020-01-09not yet calculatedCVE-2019-20224
MISC
MISC
MISC
MISC
bftpd -- bftpd
 		An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.2020-01-10not yet calculatedCVE-2020-6835
MISC
MISC
bftpd -- bftpd
 		An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.2020-01-10not yet calculatedCVE-2020-6162
CONFIRM
CONFIRM
bigprof -- online_invoicing_system
 		BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.2020-01-08not yet calculatedCVE-2020-6583
MISC
billon -- smart_energy_router_sg600r2
 		XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp.2020-01-09not yet calculatedCVE-2019-14918
MISC
billon -- smart_energy_router_sg600r2
 		An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device.2020-01-09not yet calculatedCVE-2019-14919
MISC
billon -- smart_energy_router_sg600r2
 		Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.2020-01-09not yet calculatedCVE-2019-14920
MISC
bss -- continuity_cmsBSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability2020-01-09not yet calculatedCVE-2014-3449
MISC
MISC
bss -- continuity_cms
 		BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload2020-01-09not yet calculatedCVE-2014-3448
MISC
MISC
bss -- continuity_cms
 		BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability2020-01-09not yet calculatedCVE-2014-3447
MISC
MISC
ca -- automic_sysload
 		CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.2020-01-08not yet calculatedCVE-2019-19518
CONFIRM
chamilo -- chamilo_lms
 		Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.2020-01-10not yet calculatedCVE-2012-4030
XF
cisco -- data_center_network_manager
 		A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.2020-01-06not yet calculatedCVE-2019-15999
MISC
CISCO
citrix -- xenapp_online_plug-in_for_windows_and_receiver_for_windows
 		Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.2020-01-10not yet calculatedCVE-2012-4603
BID
SECTRACK
SECTRACK
XF
contao -- contao_cmsContao CMS through 3.2.4 has PHP Object Injection Vulnerabilities2020-01-08not yet calculatedCVE-2014-1860
MISC
MISC
MISC
MISC
EXPLOIT-DB
curl -- curl
 		CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue).2020-01-06not yet calculatedCVE-2019-15601
MLIST
MISC
d-link -- dcs-960l_devices
 		This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458.2020-01-07not yet calculatedCVE-2019-17146
N/A
N/A
dassault_systemes -- catia
 		Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks2020-01-08not yet calculatedCVE-2014-2072
MISC
MISC
EXPLOIT-DB
dedecms -- dedecms
 		A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.2020-01-06not yet calculatedCVE-2015-4553
MISC
MISC
MISC
deja_vu -- crescendo_sales_crm
 		D?j? Vu Crescendo Sales CRM has remote SQL Injection2020-01-10not yet calculatedCVE-2014-4984
MISC
MISC
MISC
dell -- dell_emc_unisphere_for_powermax_and_dell_emc_powermax_OS
 		Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.2020-01-10not yet calculatedCVE-2019-18588
MISC
determine -- contract_lifecycle_management
 		An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).2020-01-05not yet calculatedCVE-2019-20153
MISC
devcert-sanscache -- devcert-sanscache
 		devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.2020-01-08not yet calculatedCVE-2019-10778
CONFIRM
dompdf -- dompdf
 		DOMPDF before 0.6.2 allows denial of service.2020-01-10not yet calculatedCVE-2014-5012
MISC
MISC
dompdf -- dompdf
 		DOMPDF before 0.6.2 allows Information Disclosure.2020-01-10not yet calculatedCVE-2014-5011
MISC
MISC
dompdf -- dompdf
 		DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.2020-01-10not yet calculatedCVE-2014-5013
MISC
MISC
drupal -- drupal
 		The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.2020-01-09not yet calculatedCVE-2012-2724
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
drupal -- drupal
 		The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.2020-01-09not yet calculatedCVE-2012-2714
MISC
MISC
MISC
MISC
drupal -- drupal
 		Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.2020-01-09not yet calculatedCVE-2012-5558
MISC
MISC
MISC
MISC
dten -- d5_and_d7_devices
 		DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS.2020-01-06not yet calculatedCVE-2019-16273
MISC
dten -- d5_and_d7_devices
 		DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.2020-01-06not yet calculatedCVE-2019-16274
MISC
dten -- d5_and_d7_devices
 		On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.2020-01-06not yet calculatedCVE-2019-16272
MISC
dten -- d5_and_d7_devices
 		DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication.2020-01-06not yet calculatedCVE-2019-16271
MISC
e2fsprogs_project -- e2fsck
 		A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.2020-01-08not yet calculatedCVE-2019-5188
CONFIRM
ellislab -- codeigniterEllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.2020-01-09not yet calculatedCVE-2012-1915
BID
elog -- electronic_logbook
 		A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c.2020-01-10not yet calculatedCVE-2019-20376
MISC
elog -- electronic_logbook
 		A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.2020-01-10not yet calculatedCVE-2019-20375
MISC
employee_records_system -- employee_records_systemuploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.2020-01-09not yet calculatedCVE-2019-20183
MISC
ether -- etherpad-lite
 		The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability2020-01-10not yet calculatedCVE-2013-7380
MISC
MISC
fedoraproject -- 389_directory_server
 		389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.2020-01-09not yet calculatedCVE-2010-3282
OVAL
CONFIRM
CONFIRM
CONFIRM
fortinet -- fortiauthenticator_web_ui
 		An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.2020-01-07not yet calculatedCVE-2019-16154
CONFIRM
free -- freebox_os_web_interface
 		A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.2020-01-06not yet calculatedCVE-2014-9405
MISC
MISC
MISC
MISC
freedesktop -- poppler
 		The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.2020-01-09not yet calculatedCVE-2012-2142
MISC
MISC
MISC
MISC
MISC
MISC
ganglia -- ganglia-webganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.2020-01-11not yet calculatedCVE-2019-20379
MISC
ganglia -- ganglia-webganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.2020-01-11not yet calculatedCVE-2019-20378
MISC
gateway_geomatics -- mapserver_for_windows
 		Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.2020-01-09not yet calculatedCVE-2012-2950
BID
XF
genexis -- platinum
 		An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.2020-01-08not yet calculatedCVE-2020-6170
MISC
gnome -- glib
 		GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.2020-01-09not yet calculatedCVE-2020-6750
CONFIRM
MISC
gnu -- libredwg
 		GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.2020-01-08not yet calculatedCVE-2020-6609
MISC
google -- android
 		A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).2020-01-08not yet calculatedCVE-2014-9908
MISC
MISC
MISC
MISC
google -- android
 		In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1400553042020-01-08not yet calculatedCVE-2020-0001
CONFIRM
google -- android
 		In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1208474762020-01-08not yet calculatedCVE-2020-0004
CONFIRM
google -- android
 		In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-1429389322020-01-08not yet calculatedCVE-2020-0009
MISC
CONFIRM
google -- android
 		In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1425582282020-01-08not yet calculatedCVE-2020-0008
CONFIRM
google -- android
 		In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1397388282020-01-08not yet calculatedCVE-2020-0006
CONFIRM
google -- android
 		In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-1418908072020-01-08not yet calculatedCVE-2020-0007
CONFIRM
google -- chromeUse after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2020-01-10not yet calculatedCVE-2019-13767
SUSE
MISC
MISC
google -- chromeUse after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-01-10not yet calculatedCVE-2020-6377
SUSE
SUSE
MISC
MISC
FEDORA
gpac -- gpac
 		An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.2020-01-09not yet calculatedCVE-2020-6631
MISC
gpac -- gpac
 		An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.2020-01-09not yet calculatedCVE-2020-6630
MISC
hashbrown_cms -- hashbrown_cms
 		An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.2020-01-06not yet calculatedCVE-2020-5840
MISC
MISC
hp -- access_control
 		A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.2020-01-09not yet calculatedCVE-2019-6330
CONFIRM
hp -- multiple_deskjet_3630_printers
 		HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.2020-01-09not yet calculatedCVE-2019-6319
CONFIRM
hp -- multiple_deskjet_3630_printers
 		Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.2020-01-09not yet calculatedCVE-2019-6320
CONFIRM
hp -- multiple_inkjet_printers
 		A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.2020-01-09not yet calculatedCVE-2019-6332
CONFIRM
huawei -- cloudengine_12800_and_cloudengine_s5700_and_cloudengine_s6700
 		Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R008C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC710.2020-01-09not yet calculatedCVE-2020-1810
CONFIRM
huawei -- honer_magic2_phonesHuawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information.2020-01-09not yet calculatedCVE-2020-1826
CONFIRM
huawei -- mate_20_pro_smartphones
 		HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.2020-01-09not yet calculatedCVE-2020-1786
CONFIRM
huawei -- mate_20_pro_smartphones
 		HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user.2020-01-09not yet calculatedCVE-2020-1787
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.2020-01-10not yet calculatedCVE-2019-4559
XF
CONFIRM
ibm -- qradar_security_information_and_event_manager
 		IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.2020-01-10not yet calculatedCVE-2019-4508
XF
CONFIRM
ibm -- jazz_reporting_serviceIBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.2020-01-09not yet calculatedCVE-2019-4651
XF
CONFIRM
imperva -- securesphere_web_application_firewall
 		Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.2020-01-08not yet calculatedCVE-2011-5266
MISC
intelbras -- iwr_3000n_devices
 		An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.2020-01-05not yet calculatedCVE-2019-20004
MISC
MISC
invisionpower -- invision_power_boardInvision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.2020-01-09not yet calculatedCVE-2012-2226
BID
XF
jamf -- jamf_pro
 		An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.2020-01-08not yet calculatedCVE-2019-17076
CONFIRM
jhead_project -- jhead
 		jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.2020-01-09not yet calculatedCVE-2020-6625
MISC
jhead_project -- jhead
 		jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.2020-01-09not yet calculatedCVE-2020-6624
MISC
jinan_usr_iot_technology -- usr-wifi232-s/t/g2/h_device
 		A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.2020-01-06not yet calculatedCVE-2019-18842
MISC
keepass -- keepass
 		KeePass 2.4.1 allows CSV injection in the title field of a CSV export.2020-01-09not yet calculatedCVE-2019-20184
MISC
kemp_technologies -- loadmaster
 		A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).2020-01-08not yet calculatedCVE-2014-5287
MISC
MISC
CONFIRM
koala_framework -- koala_frameworkKoala Framework before 2011-11-21 has XSS via the request_uri parameter.2020-01-08not yet calculatedCVE-2011-5018
MISC
CONFIRM
MISC
kyrol_security_labs -- kyrol_internet_security
 		An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.2020-01-10not yet calculatedCVE-2019-19820
MISC
MISC
libbsd -- libbsdnlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).2020-01-08not yet calculatedCVE-2019-20367
MISC
MISC
libming -- libming
 		Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.2020-01-09not yet calculatedCVE-2020-6628
MISC
libming -- libming
 		Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.2020-01-09not yet calculatedCVE-2020-6629
MISC
linux -- linux_kernelAn out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.2020-01-09not yet calculatedCVE-2019-19332
MISC
CONFIRM
MISC
MISC
linux_terminal_server_project -- ltsp_display_manager
 		LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.2020-01-09not yet calculatedCVE-2019-20373
MISC
MLIST
DEBIAN
litespeed_technologies -- openlitespeed
 		The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.2020-01-06not yet calculatedCVE-2020-5519
MISC
MISC
mozilla -- firefoxA compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.2020-01-08not yet calculatedCVE-2019-11765
CONFIRM
CONFIRM
mozilla -- firefoxIf upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.2020-01-08not yet calculatedCVE-2019-17002
MISC
CONFIRM
mozilla -- firefox

 		After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.2020-01-08not yet calculatedCVE-2019-17023
MISC
UBUNTU
CONFIRM
mozilla -- firefox

 		If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.2020-01-08not yet calculatedCVE-2019-17020
MISC
UBUNTU
CONFIRM
mozilla -- firefox
 		If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71.2020-01-08not yet calculatedCVE-2019-17014
MISC
CONFIRM
mozilla -- firefox
 		Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.2020-01-08not yet calculatedCVE-2019-17025
MISC
UBUNTU
CONFIRM
mozilla -- firefox
 		When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.2020-01-08not yet calculatedCVE-2019-17018
MISC
CONFIRM
mozilla -- firefox
 		When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.2020-01-08not yet calculatedCVE-2019-17019
MISC
CONFIRM
mozilla -- firefox
 		Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.2020-01-08not yet calculatedCVE-2019-17013
MISC
CONFIRM
mozilla -- firefox
 		A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.2020-01-08not yet calculatedCVE-2019-17001
MISC
CONFIRM
mozilla -- firefox
 		An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.2020-01-08not yet calculatedCVE-2019-17000
MISC
CONFIRM
mozilla -- firefox_and_firefox_esr
 		When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17022
MISC
MLIST
BUGTRAQ
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17024
MISC
MLIST
BUGTRAQ
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17016
MISC
MLIST
BUGTRAQ
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17015
MISC
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17021
MISC
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.2020-01-08not yet calculatedCVE-2019-17017
MISC
MLIST
BUGTRAQ
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr
 		Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.2020-01-08not yet calculatedCVE-2019-9812
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbirdAn attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11759
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbirdA fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11760
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17009
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17010
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17012
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17008
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17005
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-17011
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.2020-01-08not yet calculatedCVE-2019-11745
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11764
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11763
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11762
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11761
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_and_firefox_esr_and_thunderbird
 		Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.2020-01-08not yet calculatedCVE-2019-11758
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mruby -- mrubyIn mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.2020-01-11not yet calculatedCVE-2020-6839
MISC
mruby -- mruby
 		In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.2020-01-11not yet calculatedCVE-2020-6840
MISC
mruby -- mruby
 		In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.2020-01-11not yet calculatedCVE-2020-6838
MISC
multiple_vendors -- multiple_cable_modems
 		Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.2020-01-09not yet calculatedCVE-2019-19494
MISC
MISC
MISC
MISC
nasm -- netwide_assembler
 		In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.2020-01-06not yet calculatedCVE-2019-20352
MISC
network_time_foundation -- network_time_protocol
 		An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.2020-01-08not yet calculatedCVE-2014-5209
MISC
CONFIRM
CONFIRM
nginx -- nginx
 		NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.2020-01-09not yet calculatedCVE-2019-20372
MISC
MISC
MISC
MISC
CONFIRM
nitro_software -- free_pdf_reader
 		The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content.2020-01-10not yet calculatedCVE-2019-19817
MISC
MISC
nitro_software -- free_pdf_reader
 		The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.2020-01-10not yet calculatedCVE-2019-19819
MISC
MISC
node.js -- node.js
 		grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.2020-01-11not yet calculatedCVE-2020-6836
MISC
MISC
node.js -- node.js
 		Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.2020-01-06not yet calculatedCVE-2014-3743
MISC
MISC
MISC
MISC
oker -- g232v1_devices
 		OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks.2020-01-06not yet calculatedCVE-2019-20348
MISC
online_tv_database -- online_tv_database
 		An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.2020-01-10not yet calculatedCVE-2011-5020
MISC
open-xchange -- open-xchange_appsuite
 		OX App Suite through 7.10.2 has Incorrect Access Control.2020-01-06not yet calculatedCVE-2019-16716
MISC
MISC
opentrade -- opentradeOpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.2020-01-11not yet calculatedCVE-2020-6847
MISC
MISC
opservices -- opmon
 		An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.2020-01-07not yet calculatedCVE-2020-5841
MISC
otrs -- otrs_and_otrs_community_editionDue to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.2020-01-10not yet calculatedCVE-2020-1766
CONFIRM
otrs -- otrs_and_otrs_community_edition
 		An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.2020-01-06not yet calculatedCVE-2019-18179
MISC
MLIST
otrs -- otrs_and_otrs_community_edition
 		Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.2020-01-10not yet calculatedCVE-2020-1767
CONFIRM
otrs -- otrs_and_otrs_community_edition
 		An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.2020-01-10not yet calculatedCVE-2020-1765
CONFIRM
parallels -- desktop
 		This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.2020-01-07not yet calculatedCVE-2019-17148
N/A
phpgurukul -- dairy_farm_shop_management_system
 		PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.2020-01-09not yet calculatedCVE-2020-5308
MISC
MISC
MISC
phpgurukul -- hospital_management_system
 		PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.2020-01-06not yet calculatedCVE-2020-5192
MISC
MISC
phpgurukul -- small_crm
 		PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.2020-01-08not yet calculatedCVE-2020-5511
EXPLOIT-DB
phpmyadmin -- phpmyadmin
 		In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.2020-01-09not yet calculatedCVE-2020-5504
CONFIRM
pillow -- pillow
 		There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.2020-01-05not yet calculatedCVE-2019-19911
CONFIRM
pisignage -- pisignageThe web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.2020-01-06not yet calculatedCVE-2019-20354
MISC
MISC
MISC
pivotal -- ops_manager
 		Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.2020-01-09not yet calculatedCVE-2019-11292
CONFIRM
pivotal -- pivotal_spring_frameworkThe JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.2020-01-10not yet calculatedCVE-2013-6430
MISC
MISC
MISC
plixer_international -- scrutinizer
 		Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.2020-01-09not yet calculatedCVE-2012-1260
MISC
MISC
MISC
MISC
MISC
plixer_international -- scrutinizer
 		Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.2020-01-09not yet calculatedCVE-2012-1261
MISC
MISC
MISC
MISC
MISC
plixer_international -- scrutinizer
 		Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.2020-01-09not yet calculatedCVE-2012-1259
MISC
MISC
MISC
MISC
MISC
plixer_international -- scrutinizer
 		cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.2020-01-09not yet calculatedCVE-2012-1258
MISC
MISC
MISC
MISC
MISC
pow -- pow
 		In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.2020-01-09not yet calculatedCVE-2020-5205
MISC
MISC
CONFIRM
prestashop -- prestashopIn PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.2020-01-09not yet calculatedCVE-2020-6632
MISC
publify -- publify
 		Publify before 8.0.1 is vulnerable to a Denial of Service attack2020-01-09not yet calculatedCVE-2014-3211
MISC
rasilient -- pixelstor
 		contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter.2020-01-09not yet calculatedCVE-2020-6757
MISC
rasilient -- pixelstor
 		A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter.2020-01-09not yet calculatedCVE-2020-6758
MISC
rasilient -- pixelstor
 		languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.2020-01-09not yet calculatedCVE-2020-6756
MISC
MISC
rconfig -- rconfig
 		An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.2020-01-06not yet calculatedCVE-2019-19585
MISC
MISC
rconfig -- rconfig
 		An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.2020-01-06not yet calculatedCVE-2019-19509
MISC
MISC
MISC
red_hat -- jboss_keycloak
 		A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.2020-01-07not yet calculatedCVE-2019-14837
CONFIRM
CONFIRM
CONFIRM
red_hat -- jboss_keycloak
 		It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.2020-01-08not yet calculatedCVE-2019-14820
CONFIRM
red_hat -- simple_directmedia_layerA flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.2020-01-07not yet calculatedCVE-2019-14906
CONFIRM
red_hat -- wildfly_security_manager
 		A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.2020-01-07not yet calculatedCVE-2019-14843
CONFIRM
ricoh -- sp_c250dn_printerRicoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).2020-01-10not yet calculatedCVE-2019-14301
CONFIRM
ricoh -- sp_c250dn_printer
 		On Ricoh SP C250DN 1.06 devices, a debug port can be used.2020-01-10not yet calculatedCVE-2019-14302
CONFIRM
ricoh -- sp_c250dn_printer
 		Ricoh SP C250DN 1.06 devices allow CSRF.2020-01-10not yet calculatedCVE-2019-14304
CONFIRM
ricoh -- sp_c250dn_printer
 		Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).2020-01-10not yet calculatedCVE-2019-14306
CONFIRM
samsung -- kies
 		Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.2020-01-09not yet calculatedCVE-2012-3807
MISC
BID
MISC
samsung -- mobile_print_for_android
 		An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.2020-01-09not yet calculatedCVE-2019-6331
CONFIRM
schneider-electric -- ecostruxure_control_expert_and_unity_pro
 		An Improper Authorization - CWE-285 vulnerability exists in EcoStruxure? Control Expert V14.0 and all versions of Unity Pro (previously calledEcoStruxure? Control Expert), which could allow a bypass of the authentication process between EcoStruxure Control Expert and the controller.2020-01-06not yet calculatedCVE-2019-6855
CONFIRM
schneider-electric -- ecostruxure_geo_scada_expert
 		A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.2020-01-06not yet calculatedCVE-2019-6854
CONFIRM
schneider_electric -- multiple_modicon_controllersA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.2020-01-06not yet calculatedCVE-2019-6857
CONFIRM
schneider_electric -- multiple_modicon_controllers
 		A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.2020-01-06not yet calculatedCVE-2019-6856
CONFIRM
schneider_electric -- multiple_modicon_controllers
 		A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.2020-01-06not yet calculatedCVE-2018-7794
CONFIRM
snare -- snare_for_linux
 		Snare for Linux before 1.7.0 has CSRF in the web interface.2020-01-08not yet calculatedCVE-2011-5250
MISC
MISC
snare -- snare_for_linux
 		Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.2020-01-08not yet calculatedCVE-2011-5247
MISC
soplanning -- simple_online_planning
 		SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.2020-01-09not yet calculatedCVE-2019-20179
MISC
spagobi -- spagobi
 		SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script2020-01-10not yet calculatedCVE-2013-6231
MISC
MISC
MISC
sparklabs -- viscosity
 		A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code2020-01-10not yet calculatedCVE-2012-4284
MISC
MISC
MISC
CONFIRM
sphider -- sphider_and_sphider-pro_and_sphider-plussphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass2020-01-10not yet calculatedCVE-2014-5081
MISC
EXPLOIT-DB
status2k -- status2k
 		Status2k does not remove the install directory allowing credential reset.2020-01-10not yet calculatedCVE-2014-5093
MISC
MISC
status2k -- status2k
 		Status2k allows Remote Command Execution in admin/options/editpl.php.2020-01-10not yet calculatedCVE-2014-5092
MISC
MISC
suricata-ids -- suricata
 		An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.2020-01-06not yet calculatedCVE-2019-18625
CONFIRM
CONFIRM
MISC
MISC
suricata-ids -- suricata
 		An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.2020-01-06not yet calculatedCVE-2019-18792
CONFIRM
CONFIRM
MISC
MISC
symantec -- multiple_products
 		A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.2020-01-08not yet calculatedCVE-2016-6589
MISC
CONFIRM
MISC
symantec -- multiple_products
 		A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.2020-01-08not yet calculatedCVE-2016-6590
MISC
MISC
CONFIRM
symantec -- multiple_products
 		A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.2020-01-09not yet calculatedCVE-2016-5311
MISC
MISC
MISC
MISC
CONFIRM
symantec -- norton_app_lock
 		A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.2020-01-08not yet calculatedCVE-2016-6591
MISC
CONFIRM
symantec -- norton_mobile_security_for_androidA Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.2020-01-08not yet calculatedCVE-2016-6585
MISC
MISC
CONFIRM
symantec -- norton_mobile_security_for_android
 		An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.2020-01-08not yet calculatedCVE-2016-6587
MISC
MISC
CONFIRM
MISC
symantec -- norton_mobile_security_for_android
 		A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.2020-01-08not yet calculatedCVE-2016-6586
MISC
MISC
CONFIRM
symantec -- vip_access_desktop
 		A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.2020-01-08not yet calculatedCVE-2016-6593
MISC
MISC
MISC
CONFIRM
technicolor -- tc7230_steb_device
 		The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.2020-01-08not yet calculatedCVE-2019-19495
MISC
MISC
MISC
tencent -- wechat
 		This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.2020-01-07not yet calculatedCVE-2019-17151
N/A
teradici -- pcoip_agent_and_pcoip_clientIn Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.2020-01-08not yet calculatedCVE-2019-20362
MISC
tinywebgallery -- tinywebgallery
 		PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.2020-01-09not yet calculatedCVE-2012-2931
MISC
tophub -- toplist
 		TopList before 2019-09-03 allows XSS via a title.2020-01-11not yet calculatedCVE-2019-20377
MISC
totalav -- totalav
 		TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.2020-01-10not yet calculatedCVE-2019-18194
MISC
MISC
tp-link -- tl-wr841n_routers
 		This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.2020-01-07not yet calculatedCVE-2019-17147
N/A
N/A
typora -- typora
 		A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.2020-01-09not yet calculatedCVE-2019-20374
MISC
MISC
unify -- openstage_and_openscape_desk_phone_sip_devices
 		Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface2020-01-09not yet calculatedCVE-2014-2651
MISC
MISC
unify -- openstage_and_openscape_desk_phone_sip_devices
 		Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface2020-01-09not yet calculatedCVE-2014-2650
MISC
CONFIRM
unisys -- clearpath_forward_libra_and_clearpath_mcp_software_series
 		Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel2020-01-07not yet calculatedCVE-2019-18386
CONFIRM
university_of_wisconsin-madison-- htcondor
 		The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.2020-01-09not yet calculatedCVE-2012-3490
MISC
MISC
MISC
MISC
MISC
wago -- pfc100_and_pfc200_devices
 		An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.2020-01-08not yet calculatedCVE-2019-5082
CONFIRM
wikimedia -- wikibasemediainfo
 		The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).2020-01-08not yet calculatedCVE-2020-6163
MISC
MISC
wordpress -- wordpress
 		Pretty-Link WordPress plugin 1.5.2 has XSS2020-01-10not yet calculatedCVE-2011-4595
MISC
MISC
wordpress -- wordpress
 		The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.2020-01-09not yet calculatedCVE-2019-20182
MISC
wordpress -- wordpress
 		The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.2020-01-09not yet calculatedCVE-2019-20181
MISC
wordpress -- wordpress
 		The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users.2020-01-09not yet calculatedCVE-2019-20180
MISC
MISC
wordpress -- wordpress
 		flog plugin 0.1 for WordPress has XSS2020-01-10not yet calculatedCVE-2014-4530
MISC
wordpress -- wordpress
 		In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.2020-01-09not yet calculatedCVE-2019-16773
MISC
CONFIRM
MISC
MISC
MISC
wordpress -- wordpress
 		The ultimate-weather plugin 1.0 for WordPress has XSS2020-01-10not yet calculatedCVE-2014-4561
MISC
wordpress -- wordpress
 		In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.2020-01-09not yet calculatedCVE-2019-16788
MISC
CONFIRM
MISC
MISC
wordpress -- wordpress
 		Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.2020-01-06not yet calculatedCVE-2015-4039
MISC
MISC
MISC
MISC
xorus -- lpar2rrd
 		LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server.2020-01-10not yet calculatedCVE-2014-4982
MISC
MISC
MISC
MISC
zoho_manageengine -- applications_manager
 		An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in ?Authenticated Users? group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.2020-01-10not yet calculatedCVE-2019-19475
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Test for Citrix ADC and Gateway Vulnerability

January 13, 2020, 11:03 am
$
0
0
Original release date: January 13, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.

CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software.

This product is provided subject to this Notification and this Privacy & Use policy.

Search

Critical Vulnerabilities in Microsoft Windows Operating Systems

January 14, 2020, 9:46 am
$
0
0
Original release date: January 14, 2020

New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:

  • CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.
  • Windows RD Gateway and Windows Remote Client vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop Client and RD Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of these vulnerabilities. However, because patches have been publicly released, the underlying vulnerabilities can be reverse-engineered to create exploits that target unpatched systems.

CISA strongly recommends organizations install these critical patches as soon as possible—prioritize patching by starting with mission critical systems, internet-facing systems, and networked servers. Organizations should then prioritize patching other affected information technology/operational technology (IT/OT) assets.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

January 14, 2020, 11:08 am
$
0
0
Original release date: January 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.

Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases January 2020 Security Updates

January 14, 2020, 12:32 pm
$
0
0
Original release date: January 14, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s January 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Intel Releases Security Updates

January 14, 2020, 12:41 pm
$
0
0
Original release date: January 14, 2020

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update

January 14, 2020, 1:53 pm
$
0
0
Original release date: January 14, 2020

VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0002 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Viewing all 3440 articles
Browse latest View live
Search