Uncategorized CVEs — 2020 (Page 32/32)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2020-01-13

Medium

CVE-2019-20147

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-20145

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.

CVSS: 4.3CWE: N/A

High

CVE-2014-6059

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

CVSS: 7.2CWE: N/A

2020-01-10

Critical

CVE-2012-4284

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execut…

CVSS: 9.8CWE: N/A

High

CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.

CVSS: 7.8CWE: N/A

High

CVE-2019-14306

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).

CVSS: 7.5CWE: N/A

Medium

CVE-2019-14302

On Ricoh SP C250DN 1.06 devices, a debug port can be used.

CVSS: 6.8CWE: N/A

Low

CVE-2020-1767

Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that…

CVSS: 3.5CWE: N/A

High

CVE-2014-5013

DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.

CVSS: 8.8CWE: N/A

Medium

CVE-2014-5012

DOMPDF before 0.6.2 allows denial of service.

CVSS: 6.5CWE: N/A

2020-01-09

High

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-…

CVSS: 7.8CWE: N/A

High

CVE-2012-3810

Samsung Kies before 2.5.0.12094_27_11 has registry modification.

CVSS: 7.5CWE: N/A

High

CVE-2012-3809

Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.

CVSS: 7.5CWE: N/A

High

CVE-2012-3808

Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.

CVSS: 7.5CWE: N/A

Critical

CVE-2012-3807

Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.

CVSS: 9.8CWE: N/A

High

CVE-2012-3490

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befo…

CVSS: 8.8CWE: N/A

High

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

CVSS: 7.8CWE: N/A

Medium

CVE-2020-6750

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mis…

CVSS: 5.9CWE: N/A

Critical

CVE-2019-6330

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

CVSS: 9.8CWE: N/A

High

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.

CVSS: 8.8CWE: N/A

2020-01-08

Critical

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a maliciou…

CVSS: 9.3CWE: N/A

High

CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected…

CVSS: 8.8CWE: N/A

High

CVE-2019-17009

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the up…

CVSS: 7.8CWE: N/A

Medium

CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox <…

CVSS: 4.3CWE: N/A

High

CVE-2020-0001

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User…

CVSS: 7.8CWE: N/A

Medium

CVE-2014-9908

A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).

CVSS: 6.5CWE: N/A

2020-01-07

Medium

CVE-2019-9465

In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execut…

CVSS: 5.5CWE: N/A

High

CVE-2019-18386

Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems…

CVSS: 8.7CWE: N/A

High

CVE-2018-10465

Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of a…

CVSS: 8.8CWE: N/A

Medium

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revok…

CVSS: 5.4CWE: CWE-264

High

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access un…

CVSS: 8.8CWE: CWE-592

High

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request

CVSS: 7.5CWE: N/A

2020-01-06

High

CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inj…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-18179

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent…

CVSS: 4.3CWE: N/A

Critical

CVE-2019-16273

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a co…

CVSS: 9.8CWE: N/A

2020-01-05

High

CVE-2019-19629

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch int…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-19312

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private p…

CVSS: 5.8CWE: N/A

2020-01-04

Critical

CVE-2020-5499

Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.

CVSS: 9.8CWE: N/A

2020-01-03

High

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by…

CVSS: 7.5CWE: N/A

High

CVE-2019-11993

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-19309

GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-19260

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).

CVSS: 5.4CWE: N/A

Medium

CVE-2019-19258

GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-19257

GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).

CVSS: 5.3CWE: N/A

Medium

CVE-2019-19255

GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.

CVSS: 4.3CWE: N/A

High

CVE-2020-1871

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The so…

CVSS: 8.2CWE: N/A

Medium

CVE-2020-1785

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should…

CVSS: 5.5CWE: N/A

Medium

CVE-2019-19441

HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit t…

CVSS: 6.5CWE: N/A