| acyba — acymailing |
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. |
2020-03-24 |
6.5 |
CVE-2020-10934
MISC |
| adobe — acrobat_and_reader |
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . |
2020-03-25 |
5 |
CVE-2020-3800
CONFIRM |
| adobe — acrobat_and_reader |
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . |
2020-03-25 |
6.8 |
CVE-2020-3802
CONFIRM |
| adobe — acrobat_and_reader |
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . |
2020-03-25 |
5 |
CVE-2020-3804
CONFIRM |
| adobe — acrobat_and_reader |
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . |
2020-03-25 |
5 |
CVE-2020-3806
CONFIRM |
| adobe — acrobat_and_reader |
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
2020-03-25 |
4.4 |
CVE-2020-3803
CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-9552
CONFIRM |
| adobe — bridge |
Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-9551
CONFIRM |
| adobe — creative_cloud_desktop_application |
Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. |
2020-03-25 |
5.8 |
CVE-2020-3808
CONFIRM |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. |
2020-03-25 |
5 |
CVE-2020-3769
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3780
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
5 |
CVE-2020-3777
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
4.3 |
CVE-2020-3778
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
4.3 |
CVE-2020-3771
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
4.3 |
CVE-2020-3782
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
4.3 |
CVE-2020-3781
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3773
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3790
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
2020-03-25 |
4.3 |
CVE-2020-3791
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3776
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3774
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3772
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3770
CONFIRM |
| adobe — photoshop_cc_2019_and_2020 |
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
2020-03-25 |
6.8 |
CVE-2020-3779
CONFIRM |
| apache — tika |
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika’s PSDParser in versions 1.0-1.23. |
2020-03-23 |
4.3 |
CVE-2020-1950
CONFIRM
MLIST |
| apache — tika |
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika’s PSDParser in versions 1.0-1.23. |
2020-03-23 |
4.3 |
CVE-2020-1951
MISC
MLIST |
| arm — mbed_tls |
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. |
2020-03-24 |
4.3 |
CVE-2020-10941
MISC |
| artica — artica_proxy |
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the “Modify the hostname” field. |
2020-03-22 |
6.5 |
CVE-2020-10818
MISC |
| artica — pandora_fms |
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. |
2020-03-23 |
6.5 |
CVE-2020-7935
MISC |
| artica — pandora_fms |
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. |
2020-03-23 |
5 |
CVE-2020-8497
MISC |
| artica — pandora_fms |
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. |
2020-03-23 |
6.5 |
CVE-2020-8511
MISC |
| asus — asuswrt |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. |
2020-03-20 |
5 |
CVE-2018-20333
MISC |
| auto-maskin — multiple_devices |
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
2020-03-23 |
6.4 |
CVE-2019-6560
MISC |
| auto-maskin — multiple_products |
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
2020-03-23 |
5 |
CVE-2019-6558
MISC |
| centreon — centreon |
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. |
2020-03-20 |
6.5 |
CVE-2019-19487
MISC |
| centreon — centreon |
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. |
2020-03-20 |
4 |
CVE-2019-19486
MISC |
| centreon — centreon |
Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. |
2020-03-20 |
5.8 |
CVE-2019-19484
MISC |
| cmsmadesimple — cms_made_simple |
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). |
2020-03-20 |
6.8 |
CVE-2020-10682
MISC |
| cutephp — cutenews |
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
2020-03-25 |
4.3 |
CVE-2020-5557
MISC |
| druva — insync_client |
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. |
2020-03-24 |
4.6 |
CVE-2019-4001
MISC |
| eaton — ups_companion_software |
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. |
2020-03-23 |
5.8 |
CVE-2020-6650
MISC |
| ekakin — shihonkanri_plus_goout |
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. |
2020-03-25 |
6.4 |
CVE-2020-5555
MISC |
| ekakin — shihonkanri_plus_goout |
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. |
2020-03-25 |
6.4 |
CVE-2020-5554
MISC |
| elog — electronic_logbook |
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115. |
2020-03-23 |
5 |
CVE-2020-8859
MISC
MISC |
| fastify — fastify-multipart |
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. |
2020-03-20 |
5 |
CVE-2020-8136
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. |
2020-03-20 |
6.8 |
CVE-2020-8881
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625. |
2020-03-20 |
6.8 |
CVE-2020-8878
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. |
2020-03-20 |
4.3 |
CVE-2020-8877
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. |
2020-03-20 |
6.8 |
CVE-2020-8880
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. |
2020-03-20 |
4.3 |
CVE-2020-8879
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880. |
2020-03-20 |
4.3 |
CVE-2020-8883
MISC
MISC |
| foxit — studio_photo |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811. |
2020-03-20 |
6.8 |
CVE-2020-8882
MISC
MISC |
| freeradius — freeradius |
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. |
2020-03-21 |
5 |
CVE-2019-17185
MISC
CONFIRM |
| frozennode — laravel_administrator |
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. |
2020-03-25 |
6.5 |
CVE-2020-10963
MISC |
| ghost — ghost_cms |
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. |
2020-03-20 |
5.5 |
CVE-2020-8134
MISC |
| gnupg — gnupg |
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
2020-03-20 |
5 |
CVE-2019-14855
CONFIRM
MISC
MISC
MISC |
| google — chrome |
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2020-03-23 |
4.3 |
CVE-2020-6426
SUSE
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN |
| google — chrome |
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. |
2020-03-23 |
5.8 |
CVE-2020-6425
SUSE
MISC
MISC
FEDORA
FEDORA
FEDORA
GENTOO
DEBIAN |
| google — chrome |
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
2020-03-23 |
6.8 |
CVE-2020-6420
MISC
MISC
FEDORA |
| gpac — gpac |
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. |
2020-03-24 |
4.3 |
CVE-2019-20632
MISC |
| gpac — gpac |
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. |
2020-03-24 |
4.3 |
CVE-2019-20631
MISC |
| gpac — gpac |
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. |
2020-03-24 |
4.3 |
CVE-2019-20630
MISC
MISC |
| gpac — gpac |
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. |
2020-03-24 |
4.3 |
CVE-2019-20629
MISC
MISC |
| gpac — gpac |
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. |
2020-03-24 |
4.3 |
CVE-2019-20628
MISC
MISC
MISC |
| hashicorp — vault_and_vault_enterprise |
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. |
2020-03-23 |
5.8 |
CVE-2020-10661
CONFIRM
MISC |
| hdf_group — hdf5 |
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. |
2020-03-22 |
4.3 |
CVE-2020-10811
MISC
MISC
MISC |
| hdf_group — hdf5 |
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. |
2020-03-22 |
4.3 |
CVE-2020-10809
MISC
MISC
MISC |
| hdf_group — hdf5 |
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. |
2020-03-22 |
4.3 |
CVE-2020-10810
MISC
MISC
MISC |
| hdf_group — hdf5 |
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. |
2020-03-22 |
5 |
CVE-2020-10812
MISC
MISC
MISC |
| honeywell — notifier_web_server |
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. |
2020-03-24 |
6.4 |
CVE-2020-6972
MISC |
| honeywell — win-pak_devices |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. |
2020-03-24 |
6.4 |
CVE-2020-6978
MISC |
| honeywell — win-pak_devices |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. |
2020-03-24 |
5.8 |
CVE-2020-6982
MISC |
| honeywell — win-pak_devices |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. |
2020-03-24 |
6.8 |
CVE-2020-7005
MISC |
| horde — groupware_webmail_edition |
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125. |
2020-03-23 |
4 |
CVE-2020-8866
MLIST
MISC
MISC |
| horde — groupware_webmail_edition |
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469. |
2020-03-23 |
6.5 |
CVE-2020-8865
MISC |
|
huawei — mate_20_and_mate_30_pro_smartphones
|
There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). |
2020-03-20 |
4.6 |
CVE-2020-1796
MISC |
| huawei — secospace_antiddos8000_versions |
Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. |
2020-03-20 |
6.8 |
CVE-2020-1864
MISC |
| ibm — api_connect |
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. |
2020-03-24 |
5 |
CVE-2019-4553
XF
CONFIRM |
| ibm — content_navigator |
IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. |
2020-03-24 |
5 |
CVE-2020-4309
XF
CONFIRM |
| ibm — content_navigator |
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. |
2020-03-24 |
6.5 |
CVE-2020-4253
XF
CONFIRM |
| ibm — tivoli_netcool_impact |
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. |
2020-03-24 |
4.3 |
CVE-2019-4681
XF
CONFIRM |
| inextrix_technologies — astpp |
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. |
2020-03-20 |
5 |
CVE-2019-15075
MISC |
| insulet — omnipod_insulin_management_system |
The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. |
2020-03-20 |
4.6 |
CVE-2020-10597
MISC |
| it-novum — openitcockpit |
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing “dev” or “staging” in the HTTP Host header. |
2020-03-20 |
5 |
CVE-2020-10792
MISC
CONFIRM |
| it-novum — openitcockpit |
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. |
2020-03-25 |
4 |
CVE-2020-10791
MISC
CONFIRM |
| jenkins — jenkins |
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. |
2020-03-25 |
5 |
CVE-2020-2165
MLIST
CONFIRM |
| jenkins — jenkins |
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. |
2020-03-25 |
4.3 |
CVE-2020-2169
MLIST
CONFIRM |
| jenkins — jenkins |
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. |
2020-03-25 |
4 |
CVE-2020-2164
MLIST
CONFIRM |
| kde — okular |
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. |
2020-03-24 |
6.8 |
CVE-2020-9359
CONFIRM
CONFIRM
MLIST
FEDORA |
| keitai-site.net — mailform |
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
2020-03-25 |
4.3 |
CVE-2020-5552
MISC |
| linux — linux_kernel |
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. |
2020-03-24 |
4.9 |
CVE-2020-10942
MISC
MISC
MISC |
| lix-pm — lix |
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field. |
2020-03-21 |
6.8 |
CVE-2020-10800
MISC |
| marketplace_expert — subversion_alm |
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. |
2020-03-20 |
4.3 |
CVE-2020-9344
MISC
MISC |
| mediawiki — mediawiki |
An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. |
2020-03-20 |
5 |
CVE-2019-16528
MISC
MISC
MISC
MISC |
| memcached — memcached |
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. |
2020-03-24 |
5 |
CVE-2020-10931
MISC
MISC
MISC |
| mikrotik — multiple_routers |
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. |
2020-03-23 |
5 |
CVE-2020-10364
MISC
MISC |
| mitre — caldera |
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged “localhost” string in the HTTP Host header. |
2020-03-22 |
5 |
CVE-2020-10807
MISC
MISC
MISC
MISC |
| motorola — fx9500_devices |
Motorola FX9500 devices allow remote attackers to read database files. |
2020-03-23 |
5 |
CVE-2020-10874
MISC |
| motorola — fx9500_devices |
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. |
2020-03-23 |
5 |
CVE-2020-10875
MISC |
| moxa — eds-g516e_series_devices |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. |
2020-03-24 |
5 |
CVE-2020-6979
MISC |
| moxa — eds-g516e_series_devices |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. |
2020-03-24 |
5 |
CVE-2020-7001
MISC |
| moxa — eds-g516e_series_devices |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. |
2020-03-24 |
5 |
CVE-2020-6991
MISC |
| moxa — eds-g516e_series_devices |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. |
2020-03-24 |
5 |
CVE-2020-6997
MISC |
|
moxa — iologik_2500_series_controllers_and_ioexpress_configuration_utility
|
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. |
2020-03-24 |
5 |
CVE-2019-18242
MISC |
|
moxa — iologik_2500_series_controllers_and_ioxpres_configuration_utility
|
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. |
2020-03-24 |
5 |
CVE-2020-7003
MISC |
| moxa — pt-7528_series_devices |
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. |
2020-03-24 |
5 |
CVE-2020-6983
MISC |
| moxa — pt-7528_series_devices |
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. |
2020-03-24 |
5 |
CVE-2020-6987
MISC |
| moxa — pt-7528_series_devices |
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. |
2020-03-24 |
5 |
CVE-2020-6993
MISC |
| mozilla — bleach |
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. |
2020-03-24 |
4.3 |
CVE-2020-6816
MISC |
| mozilla — bleach |
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. |
2020-03-24 |
4.3 |
CVE-2020-6802
MISC |
| mozilla — firefox |
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document’s URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. |
2020-03-25 |
4.3 |
CVE-2020-6808
MISC
MISC |
| mozilla — thunderbird_and_firefox_and_firefox_esr |
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
2020-03-25 |
6.8 |
CVE-2020-6805
MISC
MISC
MISC
MISC |
| mozilla — thunderbird_and_firefox_and_firefox_esr |
When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
2020-03-25 |
6.8 |
CVE-2020-6807
MISC
MISC
MISC
MISC |
| mozilla — thunderbird_and_firefox_and_firefox_esr |
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
2020-03-25 |
6.8 |
CVE-2020-6806
MISC
MISC
MISC
MISC |
| netgear — gs728tps_devices |
On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. |
2020-03-23 |
4 |
CVE-2019-19964
CONFIRM |
| netgear — multiple_prosafe_devices |
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. |
2020-03-23 |
6.5 |
CVE-2016-11022
MISC
MISC
MISC |
| netsas — enigma_network_management_solution |
Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator. |
2020-03-20 |
6.5 |
CVE-2019-16071
MISC |
| nextcloud — nextcloud_desktop_client |
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. |
2020-03-20 |
4.6 |
CVE-2020-8140
MISC
CONFIRM |
| nextcloud — nextcloud_server |
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. |
2020-03-20 |
4 |
CVE-2020-8139
MISC
CONFIRM |
| nextcloud — nextcloud_server |
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. |
2020-03-20 |
4 |
CVE-2020-8138
MISC
CONFIRM |
| parallells — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032. |
2020-03-23 |
4.6 |
CVE-2020-8874
MISC |
| parallells — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031. |
2020-03-23 |
4.6 |
CVE-2020-8873
MISC |
| parallells — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403. |
2020-03-23 |
4.6 |
CVE-2020-8871
MISC |
| phpbb — phpbb |
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. |
2020-03-20 |
5 |
CVE-2019-16108
CONFIRM |
| phpmyadmin — phpmyadmin |
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). |
2020-03-22 |
6 |
CVE-2020-10804
SUSE
MISC |
| phpmyadmin — phpmyadmin |
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. |
2020-03-22 |
6 |
CVE-2020-10802
SUSE
MLIST
MISC |
| pki-core — pki-core |
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. |
2020-03-20 |
4.3 |
CVE-2019-10221
CONFIRM |
| pki-core — pki-core |
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. |
2020-03-20 |
4.3 |
CVE-2019-10179
CONFIRM |
| rainloop — webmail |
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. |
2020-03-20 |
4.3 |
CVE-2019-13389
MISC |
| rconfig — rconfig |
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. |
2020-03-20 |
5 |
CVE-2020-9425
MISC
CONFIRM |
| red_hat — jboss_keycloak |
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. |
2020-03-24 |
5 |
CVE-2020-1744
CONFIRM
CONFIRM |
| red_hat — openshift/mediawiki |
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. |
2020-03-20 |
4.6 |
CVE-2020-1709
CONFIRM |
| red_hat — openshift/mediawiki-apb |
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. |
2020-03-20 |
4.6 |
CVE-2019-19345
CONFIRM |
| red_hat — openshift/postgresql-apb |
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. |
2020-03-20 |
4.4 |
CVE-2020-1707
CONFIRM |
| rivet_networks — killer_control_center |
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2). |
2020-03-20 |
4 |
CVE-2019-15663
MISC
CONFIRM
MISC |
| rivet_networks — killer_control_center |
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2). |
2020-03-20 |
4 |
CVE-2019-15664
MISC
CONFIRM
MISC |
| rivet_networks — killer_control_center |
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges. |
2020-03-20 |
4 |
CVE-2019-15662
MISC
CONFIRM
MISC |
| salesagility — suitecrm |
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. |
2020-03-20 |
5 |
CVE-2019-18785
CONFIRM
CONFIRM |
| salesagility — suitecrm |
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. |
2020-03-20 |
5 |
CVE-2019-18782
CONFIRM
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20619
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20612
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). |
2020-03-24 |
5 |
CVE-2020-10854
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020). |
2020-03-24 |
4.6 |
CVE-2020-10829
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). |
2020-03-24 |
5 |
CVE-2020-10849
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). |
2020-03-24 |
5 |
CVE-2019-20555
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). |
2020-03-24 |
5 |
CVE-2020-10834
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019). |
2020-03-24 |
5 |
CVE-2019-20564
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20618
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20616
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). |
2020-03-24 |
5 |
CVE-2020-10831
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020). |
2020-03-24 |
4.6 |
CVE-2020-10841
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). |
2020-03-24 |
5 |
CVE-2020-10853
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019). |
2020-03-24 |
5 |
CVE-2019-20602
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019). |
2020-03-24 |
4.6 |
CVE-2019-20594
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). |
2020-03-24 |
4.6 |
CVE-2019-20574
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). |
2020-03-24 |
4.6 |
CVE-2019-20573
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019). |
2020-03-24 |
4.6 |
CVE-2019-20542
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019). |
2020-03-24 |
5 |
CVE-2019-20603
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). |
2020-03-24 |
4.8 |
CVE-2019-20575
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. There is a heap overflow in the knox_kap driver. The Samsung ID is SVE-2019-14857 (November 2019). |
2020-03-24 |
4.6 |
CVE-2019-20538
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). |
2020-03-24 |
5 |
CVE-2019-20599
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020). |
2020-03-24 |
4.6 |
CVE-2020-10838
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020). |
2020-03-24 |
4.6 |
CVE-2020-10852
MISC |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019). |
2020-03-24 |
5 |
CVE-2019-20570
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019). |
2020-03-24 |
6.4 |
CVE-2019-20596
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019). |
2020-03-24 |
5 |
CVE-2019-20551
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019). |
2020-03-24 |
5 |
CVE-2019-20552
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020). |
2020-03-24 |
4.6 |
CVE-2020-10842
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020). |
2020-03-24 |
4.6 |
CVE-2020-10851
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019). |
2020-03-24 |
6.4 |
CVE-2019-20597
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020). |
2020-03-24 |
4.4 |
CVE-2020-10843
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020). |
2020-03-24 |
4.4 |
CVE-2020-10845
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20617
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020). |
2020-03-24 |
6.4 |
CVE-2020-10844
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). |
2020-03-24 |
4.6 |
CVE-2020-10839
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). |
2020-03-24 |
5 |
CVE-2019-20624
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019). |
2020-03-24 |
5 |
CVE-2019-20547
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020). |
2020-03-24 |
4.6 |
CVE-2020-10832
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019). |
2020-03-24 |
6.8 |
CVE-2019-20568
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). |
2020-03-24 |
5 |
CVE-2019-20565
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20620
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019). |
2020-03-24 |
5 |
CVE-2019-20539
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019). |
2020-03-24 |
5 |
CVE-2019-20532
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020). |
2020-03-24 |
5 |
CVE-2020-10833
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). |
2020-03-24 |
5 |
CVE-2019-20601
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019). |
2020-03-24 |
4.6 |
CVE-2019-20541
CONFIRM |
| samsung — multiple_mobile_devices |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). |
2020-03-24 |
5 |
CVE-2019-20614
CONFIRM |
| schneider_electric — andover_continuum_controllers |
A CWE-79:Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products’ web server. |
2020-03-23 |
4.3 |
CVE-2020-7482
MISC |
| schneider_electric — andover_continuum_controllers |
A CWE-79:Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products’ web server. |
2020-03-23 |
4.3 |
CVE-2020-7481
MISC |
| schneider_electric — interactive_graphical_scada_system |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. |
2020-03-23 |
5 |
CVE-2020-7478
MISC |
| schneider_electric — interactive_graphical_scada_system |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. |
2020-03-23 |
4.6 |
CVE-2020-7479
MISC |
| schneider_electric — multiple_devices |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus. |
2020-03-23 |
5 |
CVE-2020-7477
MISC |
| schneider_electric — pmepxm0100_devices |
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. |
2020-03-23 |
4.4 |
CVE-2020-7474
MISC |
| schneider_electric — zigbee_installation_kit |
A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. |
2020-03-23 |
4.4 |
CVE-2020-7476
MISC |
| signotec — signopad-api/web |
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn’t limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. |
2020-03-20 |
4.3 |
CVE-2020-9343
MISC |
| signotec — signopad-api/web |
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn’t limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. |
2020-03-20 |
4.3 |
CVE-2020-9345
MISC |
| squid — squid |
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. |
2020-03-20 |
4.3 |
CVE-2019-18860
CONFIRM
MISC |
| sustainsys — saml2 |
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use. |
2020-03-25 |
4.9 |
CVE-2020-5261
MISC
MISC
CONFIRM |
| swann — multiple_dvr_devices |
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. |
2020-03-21 |
6.8 |
CVE-2013-7487
MISC |
| synacor — zimbra_zm-mailbox |
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. |
2020-03-20 |
4 |
CVE-2020-10194
MISC
MISC
CONFIRM |
| tor_project — tor |
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. |
2020-03-23 |
5 |
CVE-2020-10593
SUSE
GENTOO
MISC |
| tor_project — tor |
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. |
2020-03-23 |
5 |
CVE-2020-10592
SUSE
GENTOO
MISC |
| univalue — univalue |
UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. |
2020-03-21 |
5 |
CVE-2019-18936
MISC
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. |
2020-03-24 |
5 |
CVE-2020-6078
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. |
2020-03-24 |
5 |
CVE-2020-6080
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. |
2020-03-24 |
5 |
CVE-2020-6079
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
2020-03-24 |
5 |
CVE-2020-6073
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
2020-03-24 |
5 |
CVE-2020-6071
MISC |
| videolabs — libmicrodns |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
2020-03-24 |
5 |
CVE-2020-6077
MISC |
| wago — pfc200_devices |
An exploitable double free vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. |
2020-03-23 |
4.6 |
CVE-2019-5184
MISC |
| wago — pfc200_devices |
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(“https://www.cisa.gov/etc/config-tools/config_interfaces interface=X1 state=”) in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. |
2020-03-23 |
4.4 |
CVE-2019-5185
MISC |
| wago — pfc200_devices |
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(“https://www.cisa.gov/etc/config-tools/config_interfaces interface=”) in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. |
2020-03-23 |
4.4 |
CVE-2019-5186
MISC |
| weechat — weechat |
An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash. |
2020-03-23 |
5 |
CVE-2020-9759
MISC
MLIST
GENTOO
MISC |
| wonderlink — wl-enq |
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
2020-03-25 |
4.3 |
CVE-2020-5559
MISC |
| wordpress — wordpress |
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the “echo get_the_title()” or “echo $term->name” statement. |
2020-03-20 |
4.3 |
CVE-2019-13463
MISC
MISC |
| xmidt — cjwt |
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance. |
2020-03-20 |
5 |
CVE-2019-19324
MISC
MISC |
| zendto — zendto |
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. |
2020-03-24 |
6.8 |
CVE-2020-8985
MISC |
| zendto — zendto |
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. |
2020-03-24 |
5 |
CVE-2020-8984
MISC
MISC |
| zoho — manageengine_asset_explorer |
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges. |
2020-03-23 |
6.5 |
CVE-2019-19034
CONFIRM |
| zoho — manageengine_assetexplorer |
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. |
2020-03-23 |
4.9 |
CVE-2020-8838
CONFIRM |
| zoho — manageengine_desktop_central |
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. |
2020-03-23 |
4.3 |
CVE-2019-15510
MISC
MISC |
