TeamViewer 14.7.1965 Crack With Serial Number Free Download 2020

TeamViewer Full 14.7.1965 Crack with Keygen Full Activation Code Torrent. Download VMware Fusion for MacOS free Cracked. Feel free to surf to my web blog:: suggested web page: Download NOGIR 3.rar thingiverse TeamViewer 14.7.1965 Crack With Serial Key Free Download 2019. Software similar a Serial Key Generator. TeamViewer 14.7.1965 Crack Premium (Latest) syarah syamail muhammadiyah pdf download.

: TeamViewer 14.7.1965 Crack With Serial Number Free Download 2020

TeamViewer 14.7.1965 Crack With Serial Number Free Download 2020
360 TOTAL SECURITY LICENSE KEY CRACK - CRACK KEY FOR U
TeamViewer 14.7.1965 Crack With Serial Number Free Download 2020
FILMORA 8.2 LICENSED EMAIL AND REGISTRATION CODE

Thematic video

How To Crack TeamViewer Full Version - Free Download Link

TeamViewer 14.7.1965 Crack With Serial Number Free Download 2020 -

Last revised: February 12, 2020
Click to print.
Click to send to Facebook.
Click to Share.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aircrack-ng -- aircrack-ng
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.2020-01-317.5CVE-2014-8322
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
aruba_networks -- instant
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.2020-01-317.5CVE-2016-2031
MISC
MISC
MISC
MISC
changing_information_technology -- servisign
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.2020-02-037.8CVE-2020-3926
CONFIRM
changing_information_technology -- servisign
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.2020-02-038.5CVE-2020-3927
CONFIRM
cisco -- multiple_ip_phones
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).2020-02-058.3CVE-2020-3111
MISC
CISCO
cisco -- video_surveillance_8000_series_ip_cameras
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.2020-02-058.3CVE-2020-3110
MISC
CISCO
coppermine_development_team -- coppermine_gallery
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.2020-02-057.5CVE-2010-4815
MISC
MISC
MISC
curling -- curling
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.2020-02-0610CVE-2019-10789
MISC
MISC
django -- django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.2020-02-037.5CVE-2020-7471
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
CONFIRM
CONFIRM
dot-prop -- dot-propPrototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.2020-02-047.5CVE-2020-8116
MISC
dotcms -- dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).2020-02-057.5CVE-2020-6754
CONFIRM
CONFIRM
edk2 -- unified_extensible_firmware_interface
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.2020-01-317.2CVE-2014-4860
MISC
edk2 -- unified_extensible_firmware_interface
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.2020-01-317.2CVE-2014-4859
MISC
eg_innovations -- eg_manager
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).2020-02-037.5CVE-2020-8592
MISC
eg_innovations -- eg_manager
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.2020-02-037.5CVE-2020-8591
MISC
fortinet -- fortimanagerA Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.2020-02-049CVE-2015-3611
MISC
MISC
CONFIRM
fortinet -- mortimanager
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page2020-02-047.5CVE-2015-3613
MISC
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission2020-02-057.5CVE-2020-8114
CONFIRM
MISC
MISC
hashicorp -- nomad_and_nomad_enterprise
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.2020-01-317.5CVE-2020-7956
MISC
MISC
jobberbase -- jobberbase
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.2020-02-057.5CVE-2019-20447
MISC
MISC
klona -- klonaFlaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.2020-02-047.5CVE-2020-8125
MISC
nanopb -- nanopb
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.2020-02-047.5CVE-2020-5235
MISC
MISC
MISC
CONFIRM
netapp -- oncommand_system_managerNetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.2020-01-319CVE-2013-3322
XF
MISC
norman -- malware_cleanernsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.2020-02-037.5CVE-2020-8508
MISC
phpabook -- phpabook
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.2020-02-037.5CVE-2020-8510
MISC
MISC
phplist -- phplist
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.2020-02-037.5CVE-2020-8547
MISC
playsms -- playsms
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.2020-02-057.5CVE-2020-8644
MISC
MISC
ppp -- ppp
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.2020-02-037.5CVE-2020-8597
MISC
MLIST
python -- python
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.2020-02-047.1CVE-2019-9674
MISC
MISC
MISC
MISC
MISC
qualcomm -- mdm9206_and_mdm9607_devices
Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM96072020-02-077.2CVE-2019-14051
CONFIRM
qualcomm -- multiple_snapdragon_productsOut of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX242020-02-077.2CVE-2019-14046
CONFIRM
qualcomm -- multiple_snapdragon_productsOut of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX242020-02-077.2CVE-2019-14044
CONFIRM
qualcomm -- multiple_snapdragon_productsPossibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR21302020-02-077.2CVE-2019-14055
CONFIRM
qualcomm -- multiple_snapdragon_productsAPKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR21302020-02-077.2CVE-2019-14002
CONFIRM
qualcomm -- multiple_snapdragon_products
There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-02-077.2CVE-2019-10567
CONFIRM
qualcomm -- multiple_snapdragon_products
Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21302020-02-079.4CVE-2019-14063
CONFIRM
qualcomm -- multiple_snapdragon_products
Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-02-077.2CVE-2019-14060
CONFIRM
qualcomm -- multiple_snapdragon_products
Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-02-079.4CVE-2019-14057
CONFIRM
qualcomm -- multiple_snapdragon_products
Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR11302020-02-077.2CVE-2019-14049
CONFIRM
qualcomm -- multiple_snapdragon_products
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-02-0710CVE-2019-10590
CONFIRM
sap -- netweaver
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.2020-02-057.5CVE-2011-1517
MISC
MISC
MISC
simplejobscript.com -- simplejobscript.comcontrollers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.2020-01-317.5CVE-2020-8440
CONFIRM
smartbear -- readyapi_and_soapuiAn issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.2020-02-059.3CVE-2019-12180
MISC
squid -- squid
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.2020-02-047.5CVE-2020-8450
MISC
MISC
MISC
MISC
MISC
MISC
the_update_framework -- tufTUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.2020-02-057.5CVE-2020-6174
CONFIRM
tp-link -- tg-sg105e_devicesThe Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.2020-02-037.8CVE-2019-16893
EXPLOIT-DB
zpanel_project -- zpanel
ZPanel 10.0.1 has insufficient entropy for its password reset process.2020-02-047.5CVE-2012-5686
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1up -- oneupuploaderbundle
oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5.2020-02-056.5CVE-2020-5237
MISC
CONFIRM
abrt -- abrt
ABRT might allow attackers to obtain sensitive information from crash reports.2020-01-315CVE-2011-4088
MISC
MISC
aircrack-ng -- aircrack-ng
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.2020-01-314.6CVE-2014-8321
CONFIRM
MISC
MISC
CONFIRM
MISC
alcatel-lucent -- 1830_photonic_service_switch
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.2020-01-314.3CVE-2014-3809
MISC
apache -- ofbiz
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.062020-02-065CVE-2019-12426
MLIST
CONFIRM
apple -- bonjour
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.2020-02-054.9CVE-2011-0220
MISC
apple -- safari
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.2020-02-035CVE-2016-4676
MISC
MISC
MISC
CONFIRM
MISC
aroxsolution -- school_management_software_php/mysql
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.2020-01-314.3CVE-2020-8505
MISC
aroxsolution -- school_management_software_php/mysql
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.2020-01-314.3CVE-2020-8504
MISC
aruba -- airwave_management_platform
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 556722020-01-315CVE-2016-2032
MISC
MISC
MISC
MISC
atlassian -- crowd
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.2020-02-065CVE-2019-20104
N/A
atlassian -- jira
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.2020-02-064CVE-2019-20404
N/A
atlassian -- jira
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.2020-02-064.4CVE-2019-20400
N/A
atlassian -- jira
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.2020-02-064.3CVE-2019-20405
N/A
atlassian -- jira
Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.2020-02-064.3CVE-2019-20401
N/A
atlassian -- jira
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.2020-02-065CVE-2019-20403
N/A
atlassian -- jira
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.2020-02-064CVE-2019-20106
N/A
atlassian -- jira
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.2020-02-064CVE-2019-20402
N/A
auth0 -- auth0_lock
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.2020-02-034.3CVE-2019-20174
CONFIRM
MISC
batavi -- batavi
Batavi before 1.0 has CSRF.2020-02-056.8CVE-2011-0525
MISC
MISC
brocade -- fabric_os
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.2020-02-055CVE-2019-16204
CONFIRM
brocade -- fabric_os
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.2020-02-055CVE-2019-16203
CONFIRM
brother -- mfc-9970cdw_devices
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.2020-02-035CVE-2013-2674
MISC
XF
BID
brother -- mfc-9970cdw_devices
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.2020-02-035CVE-2013-2672
MISC
XF
brother -- mfc-9970cdw_devices
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.2020-02-034.6CVE-2013-2673
MISC
BID
c-lightning -- c-lightning
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."2020-01-315CVE-2019-12998
MISC
CONFIRM
cisco -- linksys_e4200
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.2020-02-065CVE-2013-2683
MISC
BID
XF
cisco -- linksys_e4200
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.2020-02-055CVE-2013-2680
MISC
BID
XF
cisco -- linksys_e4200
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.2020-02-046.8CVE-2013-2678
MISC
EXPLOIT-DB
BID
XF
cisco -- linksys_e4200Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.2020-02-054.3CVE-2013-2681
MISC
BID
XF
cisco -- linksys_e4200
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.2020-02-054.3CVE-2013-2682
MISC
BID
XF
cisco -- linksys_e4200
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-02-064.3CVE-2013-2684
MISC
BID
XF
computer_incident_response_center_luxembourg -- ail-frameworkGlobal.py in AIL framework 2.8 allows path traversal.2020-02-035CVE-2020-8545
MISC
cysharp -- messagepack_for_c#_and_unity
MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.2020-01-316.8CVE-2020-5234
MISC
CONFIRM
d-link -- dir-100_devices
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure2020-02-045CVE-2013-7055
MISC
MISC
MISC
d-link -- dir-100_devices
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script2020-02-045CVE-2013-7052
MISC
MISC
MISC
d-link -- dir-100_devices
D-Link DIR-100 4.03B07: cli.cgi CSRF2020-02-046.8CVE-2013-7053
MISC
MISC
MISC
d-link -- dir-100_devices
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters2020-02-046.8CVE-2013-7051
MISC
MISC
MISC
MISC
d-link -- dir-100_devices
D-Link DIR-100 4.03B07: cli.cgi XSS2020-02-044.3CVE-2013-7054
MISC
MISC
MISC
drupal -- drupal
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.2020-01-314.3CVE-2014-8338
MISC
MISC
eclair -- eclair
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."2020-01-315CVE-2019-13000
MISC
MISC
CONFIRM
ens_domains -- ens
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.2020-01-314.9CVE-2020-5232
MISC
CONFIRM
eucalyptus -- eucalyptus_management_console
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-01-316.8CVE-2014-5039
CONFIRM
evernote_corporation -- evernote
Evernote prior to 5.5.1 has insecure password change2020-01-316.6CVE-2013-5116
MISC
MISC
MISC
f5 -- big-ip
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.2020-02-065CVE-2020-5856
CONFIRM
f5 -- big-ip_edge_client_for_windows
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.2020-02-064.6CVE-2020-5855
CONFIRM
gitlab -- gitlab_enterprise_edition
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.2020-02-055CVE-2020-6833
MISC
CONFIRM
gitlab -- gitlab
GitLab through 12.7.2 allows XSS.2020-02-054.3CVE-2020-7973
MISC
CONFIRM
MISC
gitlab -- gitlab_enterprise_editionGitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.2020-02-055CVE-2020-7966
MISC
CONFIRM
gitlab -- gitlab_enterprise_editionGitLab EE 10.1 through 12.7.2 allows Information Disclosure.2020-02-055CVE-2020-7974
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission2020-02-054.3CVE-2020-7979
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).2020-02-054CVE-2020-7967
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.2020-02-055CVE-2020-7976
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.2020-02-055CVE-2020-7968
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.2020-02-055CVE-2020-7969
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 11.0 and later through 12.7.2 allows XSS.2020-02-054.3CVE-2020-7971
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.2020-02-055CVE-2020-7978
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).2020-02-055CVE-2020-7972
MISC
CONFIRM
gitlab -- gitlab_enterprise_edition
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.2020-02-054.3CVE-2020-7977
MISC
CONFIRM
google -- android
An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition.2020-02-056.8CVE-2019-11516
CONFIRM
MISC
MISC
hashicorp -- consul_and_consul_enterprise
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.2020-01-315CVE-2020-7955
MISC
MISC
hashicorp -- consul_and_consul_enterprise
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.2020-01-315CVE-2020-7219
MISC
MISC
hashicorp -- nomad_and_nomad_enterprise
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.2020-01-315CVE-2020-7218
MISC
MISC
htcondor -- mrg_grid
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.2020-01-316.5CVE-2014-8126
MISC
MISC
MISC
MISC
ibm -- infosphere_information_server
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability2020-02-055.8CVE-2013-0507
MISC
ibm -- planning_analytics
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.2020-02-056.8CVE-2019-4613
XF
CONFIRM
ibm -- sdk_java_technology
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.2020-02-036.9CVE-2019-4732
XF
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.2020-02-046.5CVE-2019-4541
XF
CONFIRM
ibm -- websphere_application_server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.2020-02-046CVE-2020-4163
XF
CONFIRM
ibm -- workflow_for_bluemix
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2020-02-055.8CVE-2015-0102
MISC
CONFIRM
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.2020-02-045CVE-2019-4562
XF
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.2020-02-044.3CVE-2019-4548
XF
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.2020-02-045CVE-2019-4551
XF
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.2020-02-045CVE-2019-4550
XF
CONFIRM
ibm -- security_directory_server
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.2020-02-045CVE-2019-4540
XF
CONFIRM
ibm -- security_identity_manager
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.2020-02-044CVE-2019-4674
XF
CONFIRM
ibm -- websphere_application_server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.2020-01-315CVE-2019-4720
XF
CONFIRM
ibm -- websphere_application_server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.2020-02-054CVE-2019-4670
XF
CONFIRM
icewarp -- webmail_server
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.2020-02-014.3CVE-2020-8512
MISC
MISC
MISC
info-zip -- unzip
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.2020-01-316.8CVE-2014-8140
MISC
MISC
MISC
MISC
info-zip -- unzip
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.2020-01-316.8CVE-2014-8139
MISC
MISC
MISC
MISC
info-zip -- unzip
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.2020-01-316.8CVE-2014-8141
MISC
MISC
MISC
MISC
infoware -- mapsuite_mapapi
Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2020-01-314.3CVE-2014-2843
MISC
MISC
MISC
ipmitool -- ipmitool
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.2020-02-056.5CVE-2020-5208
MISC
CONFIRM
MLIST
jetbrains -- intellij_idea
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.2020-01-315CVE-2020-7914
MISC
CONFIRM
joomla! -- joomla!Joomla! 1.7.1 has core information disclosure due to inadequate error checking.2020-02-045CVE-2011-4937
MISC
MISC
MISC
MISC
joomla! -- joomla!
Joomla! core 1.7.1 allows information disclosure due to weak encryption2020-02-045CVE-2011-3629
MISC
MISC
MISC
MISC
joomla! -- joomla!
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.2020-02-056.4CVE-2011-1151
MISC
MISC
joomla! -- joomla!
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.2020-02-045CVE-2011-4912
MISC
MISC
joomla! -- joomla!
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).2020-02-034.3CVE-2020-5182
CONFIRM
kubernetes -- kubernetes
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.2020-02-034.3CVE-2019-11251
CONFIRM
MLIST
libvncserver -- libvncserver
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.2020-02-055CVE-2010-5304
MISC
MISC
MISC
MISC
MISC
MISC
lightning_labs -- lightning_network_daemon
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.2020-01-315CVE-2019-12999
MISC
MISC
CONFIRM
logmein -- lastpass
LastPass prior to 2.5.1 allows secure wipe bypass.2020-01-316.6CVE-2013-5114
MISC
MISC
MISC
lotus_core -- lotus_core_cms
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.2020-02-056.5CVE-2020-8641
MISC
masscode -- masscode
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).2020-02-034.3CVE-2020-8548
MISC
MISC
maxum_development_corporation -- rumpus
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.2020-02-024.3CVE-2020-8514
MISC
MISC
microsoft -- windows_operating_system
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.2020-02-064.4CVE-2019-20406
N/A
movable_type -- multiple_products
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.2020-02-064.3CVE-2020-5528
MISC
MISC
nextcloud -- nextcloud_server
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.2020-02-044CVE-2020-8117
MISC
MISC
nextcloud -- nextcloud_server
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.2020-02-044.3CVE-2020-8120
MISC
MISC
nextcloud -- nextcloud_server
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.2020-02-045CVE-2019-15623
MISC
MISC
nextcloud -- nextcloud_server
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.2020-02-044CVE-2020-8119
MISC
MISC
nextcloud -- talk
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.2020-02-044CVE-2019-15620
MISC
MISC
open-xchange -- ox_app_suite
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.2020-01-315CVE-2014-5236
MISC
MISC
MISC
openwall -- openwall
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.2020-02-054.3CVE-2011-1150
MISC
perl -- perl
_is_safe in the File::Temp module for Perl does not properly handle symlinks.2020-01-315CVE-2011-4116
MISC
MISC
MISC
MISC
MISC
perl -- perl
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.2020-01-315CVE-2011-4117
MISC
MISC
MISC
perl -- perl
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.2020-01-316.4CVE-2011-4115
MISC
MISC
CONFIRM
phpshop -- phpshop
PHPShop through 0.8.1 has XSS.2020-02-054.3CVE-2011-1069
MISC
pmwiki -- pmwiki
PmWiki before 2.2.21 has XSS.2020-02-054.3CVE-2010-4662
MISC
MISC
prototype -- prototype
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.2020-02-034CVE-2020-7993
MISC
MISC
pylons_project -- waitress
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.2020-02-046.8CVE-2020-5236
MISC
CONFIRM
qualcomm -- multiple_snapdragon_products
Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR11302020-02-074.6CVE-2019-14040
CONFIRM
qualcomm -- multiple_snapdragon_products
During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302020-02-074.6CVE-2019-14041
CONFIRM
senior -- rubiweb
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.2020-01-315CVE-2019-19550
CONFIRM
sos -- jobscheduler
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.2020-02-066.8CVE-2020-6855
MISC
sos -- jobscheduler
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.2020-02-064CVE-2020-6856
MISC
squid-cache -- squid
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.2020-02-045CVE-2020-8517
MISC
MISC
squid-cache -- squid
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.2020-02-045CVE-2020-8449
MISC
MISC
MISC
MISC
MISC
MISC
squid-cache -- squid
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.2020-02-045CVE-2019-12528
CONFIRM
strapi -- strapi
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.2020-02-044CVE-2020-8123
MISC
suse -- openSUSE_wicked
An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.2020-02-055CVE-2020-7216
CONFIRM
MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.2020-02-045CVE-2020-3937
MISC
sysjust_syuan-gu-d-shih -- sysjust_syuan-gu-da-shih
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.2020-02-045CVE-2020-3938
MISC
sysjust_syuan-gu-da-shih -- sysjust_syuan-gu-da-shih
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.2020-02-044.3CVE-2020-3939
MISC
telaen -- telaen
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.2020-02-035.8CVE-2013-2621
BID
XF
MISC
telaen -- telaen
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.2020-02-035CVE-2013-2624
XF
MISC
telaen -- telaen
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.2020-02-034.3CVE-2013-2623
BID
XF
MISC
the_citytv_video_application -- the_citytv_video_application
The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.2020-02-055CVE-2020-8507
MISC
MISC
the_global_tv_application -- the_global_tv_application
The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.2020-02-054CVE-2020-8506
MISC
MISC
tinywebgallery -- tinywebgallery
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.2020-02-035CVE-2013-2631
MISC
MISC
torproject -- tor
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information.2020-02-025CVE-2020-8516
MISC
tp-link -- tl-wr1043nd_v1_120405_devices
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.2020-02-035CVE-2013-2646
BID
troglobit -- minisnmpd
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.2020-02-046.4CVE-2020-6059
MISC
troglobit -- minisnmpd
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.2020-02-046.4CVE-2020-6058
MISC
typo3 -- typo3
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.2020-02-035CVE-2014-8328
MISC
MISC
MISC
uebimiau -- uebimiau
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.2020-02-034.3CVE-2013-2622
XF
MISC
unisys -- unisys_stealth
In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled.2020-02-034.3CVE-2019-18193
CONFIRM
MISC
vanilla_forums -- vanilla_forums
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.2020-02-054.3CVE-2011-1009
MISC
videolan -- vlc_media_player
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.2020-01-314.3CVE-2013-3565
MISC
MISC
MISC
MISC
web2project -- web2project
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.2020-01-316.5CVE-2014-3119
MISC
MISC
MISC
wordpress -- wordpress
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.2020-02-066.8CVE-2020-8658
MISC
MISC
MISC
wordpress -- wordpress
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.2020-02-034.3CVE-2020-8549
MISC
MISC
MISC
MISC
wordpress -- wordpress
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.2020-02-054.3CVE-2019-20173
CONFIRM
CONFIRM
MISC
zeuscart -- zeuscart
Multiple SQL injection vulnerabilities in ZeusCart 4.x.2020-01-316.5CVE-2014-3868
MISC
MISC
MISC
MISC
zoho_manageengine -- remote_access_plus
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).2020-01-314CVE-2020-8422
MISC
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
biscom -- biscom_secure_file_transfer
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.2020-01-31