Medium
CVE-2019-19670
A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacemen…
Read moreUncategorized 2020
Page 29/32.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2020-02-10
Medium
CVE-2012-2204
InfoSphere Guardium aix_ktap module: DoS
Read more2020-02-08
High
CVE-2019-11483
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unpr…
Read more2020-02-07
High
CVE-2020-8808
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary ph…
Read moreCritical
CVE-2020-8796
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
Read moreMedium
CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
Read moreHigh
CVE-2019-16155
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file v…
Read moreCritical
CVE-2014-9530
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.
Read moreHigh
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
Read moreHigh
CVE-2013-2009
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Read moreHigh
CVE-2013-1202
Cisco ACE A2(3.6) allows log retention DoS.
Read moreHigh
CVE-2012-1567
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate.
Read moreHigh
CVE-2012-1566
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny.
Read moreHigh
CVE-2019-10567
There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Aut…
Read more2020-02-06
High
CVE-2012-6309
A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.
Read moreHigh
CVE-2012-6307
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
Read moreCritical
CVE-2012-6306
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.
Read moreMedium
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
Read moreHigh
CVE-2020-5856
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experie…
Read moreMedium
CVE-2020-5855
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell…
Read moreMedium
CVE-2020-5854
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a speci…
Read moreHigh
CVE-2019-15711
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportL…
Read moreMedium
CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulner…
Read moreMedium
CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
Read moreMedium
CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an imprope…
Read more2020-02-05
Critical
CVE-2011-1517
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerabi…
Read moreHigh
CVE-2020-6833
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
Read moreHigh
CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to ex…
Read moreHigh
CVE-2020-7978
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
Read moreMedium
CVE-2020-7976
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
Read moreMedium
CVE-2020-7974
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
Read moreHigh
CVE-2020-7969
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
Read moreMedium
CVE-2019-4670
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.
Read more2020-02-04
High
CVE-2019-12528
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions…
Read moreHigh
CVE-2020-4163
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp…
Read moreMedium
CVE-2019-4550
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
Read moreHigh
CVE-2019-4541
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity…
Read more2020-02-03
High
CVE-2013-2646
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.
Read moreCritical
CVE-2020-8547
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical character…
Read moreHigh
CVE-2020-3925
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arb…
Read more2020-02-02
Medium
CVE-2020-8516
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to di…
Read more2020-01-31
High
CVE-2019-13000
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."
Read moreHigh
CVE-2019-12999
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.
Read moreHigh
CVE-2019-12998
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."
Read moreHigh
CVE-2011-4117
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.
Read moreHigh
CVE-2011-4115
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.
Read moreMedium
CVE-2020-8422
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined c…
Read moreHigh
CVE-2020-7914
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
Read moreMedium
CVE-2019-18913
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slot…
Read more2020-01-30
High
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privil…
Read moreMedium
CVE-2020-8093
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
Read moreLow
CVE-2020-8092
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. Thi…
Read moreHigh
CVE-2020-7905
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
Read moreMedium
CVE-2019-17273
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.
Read more2020-01-29
Critical
CVE-2020-3718
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execut…
Read moreMedium
CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
Read more2020-01-28
Medium
CVE-2019-4679
IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force…
Read moreMedium
CVE-2019-4637
IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IB…
Read moreMedium
CVE-2019-4614
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.
Read moreMedium
CVE-2019-4568
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
Read moreMedium
CVE-2020-1932
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed pa…
Read more2020-01-27
Critical
CVE-2020-8088
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numeric…
Read moreHigh
CVE-2014-3979
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.
Read moreHigh
CVE-2020-7952
rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a cra…
Read moreHigh
CVE-2020-7950
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted…
Read moreHigh
CVE-2020-7949
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafte…
Read more2020-01-26
High
CVE-2020-3115
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system…
Read moreHigh
CVE-2019-16022
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a d…
Read moreHigh
CVE-2019-16020
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a d…
Read moreMedium
CVE-2019-16018
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of…
Read more2020-01-25
Critical
CVE-2013-1744
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
Read moreHigh
CVE-2012-6613
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.
Read moreHigh
CVE-2012-6345
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
Read more2020-01-24
Critical
CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known…
Read moreLow
CVE-2019-1348
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also vi…
Read moreMedium
CVE-2019-1460
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
Read moreHigh
CVE-2019-1414
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Read moreHigh
CVE-2015-2929
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and app…
Read moreHigh
CVE-2015-2928
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and d…
Read more2020-01-23
Critical
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Read moreHigh
CVE-2020-7938
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Read moreHigh
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in…
Read moreMedium
CVE-2019-16515
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.
Read moreHigh
CVE-2019-15712
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
Read moreMedium
CVE-2019-15707
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authoriz…
Read moreHigh
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions be…
Read moreHigh
CVE-2019-17201
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using…
Read moreCritical
CVE-2013-6792
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
Read moreMedium
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
Read more2020-01-22
Critical
CVE-2011-3621
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
Read moreCritical
CVE-2011-3614
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
Read moreCritical
CVE-2020-7109
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
Read moreCritical
CVE-2011-4943
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
Read moreMedium
CVE-2019-12490
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
Read more2020-01-21
High
CVE-2019-17584
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The pri…
Read moreHigh
CVE-2014-2680
The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.
Read moreMedium
CVE-2020-5202
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via…
Read moreHigh
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.
Read moreHigh
CVE-2011-2668
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header
Read moreHigh
CVE-2019-2267
Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume…
Read moreHigh
CVE-2019-14023
String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer…
Read moreMedium
CVE-2019-10561
Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn…
Read moreHigh
CVE-2019-10558
While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electro…
Read more2020-01-19
High
CVE-2020-7232
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff…
Read more2020-01-18
Medium
CVE-2020-7227
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web applic…
Read moreMedium
CVE-2019-19697
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected…
Read moreMedium
CVE-2019-15625
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
Read more2020-01-17
Medium
CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via l…
Read moreHigh
CVE-2019-14613
Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access.
Read moreMedium
CVE-2019-14596
Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local acce…
Read moreHigh
CVE-2019-15854
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a craft…
Read moreMedium
CVE-2019-19801
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an un…
Read moreHigh
CVE-2019-15742
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Read more2020-01-15
Medium
CVE-2019-19859
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anyth…
Read moreHigh
CVE-2019-20097
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from versio…
Read moreCritical
CVE-2009-1120
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where…
Read moreLow
CVE-2020-2731
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged a…
Read moreMedium
CVE-2020-2729
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnera…
Read moreHigh
CVE-2020-2728
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnera…
Read moreMedium
CVE-2020-2727
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily expl…
Read more