CVE List - 2020 / January
Showing 1 - 100 of 1655 CVEs for January 2020 (Page 1 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-20203 | 2020-01-01 | The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. |
| CVE-2019-20204 | 2020-01-01 | The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. |
| CVE-2019-20205 | 2020-01-01 | libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. |
| CVE-2019-20208 | 2020-01-01 | dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. |
| CVE-2016-1000027 | 2020-01-02 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within... |
| CVE-2019-20213 | 2020-01-02 | D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. |
| CVE-2019-20218 | 2020-01-02 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. |
| CVE-2019-20223 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235. |
| CVE-2019-20222 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS. |
| CVE-2019-20221 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page. |
| CVE-2019-20220 | 2020-01-02 | In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS. |
| CVE-2019-20225 | 2020-01-02 | MyBB before 1.8.22 allows an open redirect on login. |
| CVE-2019-20219 | 2020-01-02 | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. |
| CVE-2019-14859 | 2020-01-02 | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted,... |
| CVE-2019-14862 | 2020-01-02 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted... |
| CVE-2019-14863 | 2020-01-02 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other... |
| CVE-2019-14864 | 2020-01-02 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins... |
| CVE-2019-10158 | 2020-01-02 | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling. |
| CVE-2013-3936 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. |
| CVE-2013-3935 | 2020-01-02 | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password... |
| CVE-2019-10775 | 2020-01-02 | ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. |
| CVE-2013-4532 | 2020-01-02 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
| CVE-2013-4752 | 2020-01-02 | Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker... |
| CVE-2014-0048 | 2020-01-02 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. |
| CVE-2019-10205 | 2020-01-02 | A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database... |
| CVE-2014-0104 | 2020-01-02 | In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. |
| CVE-2014-0161 | 2020-01-02 | ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a... |
| CVE-2013-3619 | 2020-01-02 | Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys... |
| CVE-2013-3620 | 2020-01-02 | Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. |
| CVE-2013-7485 | 2020-01-02 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2013-7486 | 2020-01-02 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2013-6242 | 2020-01-02 | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2013-7062 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers... |
| CVE-2014-4553 | 2020-01-02 | Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters. |
| CVE-2010-3782 | 2020-01-02 | obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. |
| CVE-2013-3946 | 2020-01-02 | Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. |
| CVE-2013-3945 | 2020-01-02 | The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. |
| CVE-2013-3944 | 2020-01-02 | Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. |
| CVE-2014-0169 | 2020-01-02 | In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated... |
| CVE-2013-3941 | 2020-01-02 | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the... |
| CVE-2013-3939 | 2020-01-02 | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size... |
| CVE-2013-3937 | 2020-01-02 | Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. |
| CVE-2014-0183 | 2020-01-02 | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. |
| CVE-2013-3931 | 2020-01-02 | Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via... |
| CVE-2013-3932 | 2020-01-02 | SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter... |
| CVE-2014-0011 | 2020-01-02 | Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash)... |
| CVE-2013-3247 | 2020-01-02 | Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. |
| CVE-2013-3246 | 2020-01-02 | Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file. |
| CVE-2013-7351 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3)... |
| CVE-2014-0245 | 2020-01-02 | It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take... |
| CVE-2014-3590 | 2020-01-02 | Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user... |
| CVE-2013-0737 | 2020-01-02 | Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. |
| CVE-2013-1642 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5)... |
| CVE-2013-1420 | 2020-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or... |
| CVE-2014-6275 | 2020-01-02 | FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server... |
| CVE-2014-8182 | 2020-01-02 | An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash... |
| CVE-2019-20329 | 2020-01-02 | OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000. |
| CVE-2020-5395 | 2020-01-03 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. |
| CVE-2020-5496 | 2020-01-03 | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. |
| CVE-2020-5313 | 2020-01-03 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. |
| CVE-2020-5312 | 2020-01-03 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. |
| CVE-2020-5311 | 2020-01-03 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. |
| CVE-2020-5310 | 2020-01-03 | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
| CVE-2019-20330 | 2020-01-03 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
| CVE-2019-19441 | 2020-01-03 | HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability.... |
| CVE-2020-1871 | 2020-01-03 | USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure... |
| CVE-2019-5304 | 2020-01-03 | Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some... |
| CVE-2020-1785 | 2020-01-03 | Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should... |
| CVE-2019-19311 | 2020-01-03 | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. |
| CVE-2019-19086 | 2020-01-03 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). |
| CVE-2019-19087 | 2020-01-03 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). |
| CVE-2019-19088 | 2020-01-03 | Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. |
| CVE-2019-19254 | 2020-01-03 | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. |
| CVE-2012-4451 | 2020-01-03 | Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3)... |
| CVE-2019-19255 | 2020-01-03 | GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. |
| CVE-2019-19256 | 2020-01-03 | GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. |
| CVE-2019-19257 | 2020-01-03 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). |
| CVE-2019-19258 | 2020-01-03 | GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. |
| CVE-2019-19259 | 2020-01-03 | GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). |
| CVE-2019-19260 | 2020-01-03 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). |
| CVE-2019-19261 | 2020-01-03 | GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. |
| CVE-2019-19262 | 2020-01-03 | GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. |
| CVE-2019-19263 | 2020-01-03 | GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. |
| CVE-2019-19309 | 2020-01-03 | GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. |
| CVE-2019-19310 | 2020-01-03 | GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. |
| CVE-2019-5063 | 2020-01-03 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap... |
| CVE-2019-5064 | 2020-01-03 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in... |
| CVE-2019-11993 | 2020-01-03 | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube,... |
| CVE-2019-11994 | 2020-01-03 | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube,... |
| CVE-2012-5693 | 2020-01-03 | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/;... |
| CVE-2012-5878 | 2020-01-03 | Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in... |
| CVE-2014-4196 | 2020-01-03 | Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter. |
| CVE-2014-10398 | 2020-01-03 | Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject... |
| CVE-2014-5140 | 2020-01-03 | The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks... |
| CVE-2014-5516 | 2020-01-03 | Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a... |
| CVE-2014-8337 | 2020-01-03 | Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via... |
| CVE-2014-8516 | 2020-01-03 | Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. |
| CVE-2019-19959 | 2020-01-03 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example)... |
| CVE-2019-9537 | 2020-01-03 | Telos Automated Message Handling System reflected XSS in uploaditem.asp |
| CVE-2019-9538 | 2020-01-03 | Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter |