CVE List - 2020 / January
Showing 1101 - 1200 of 1655 CVEs for January 2020 (Page 12 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-4863 | 2020-01-23 | IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability |
| CVE-2012-2087 | 2020-01-23 | ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. |
| CVE-2012-4900 | 2020-01-23 | Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference |
| CVE-2019-18898 | 2020-01-23 | trousers: Local privilege escalation from tss to root |
| CVE-2012-5867 | 2020-01-23 | HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability |
| CVE-2012-5699 | 2020-01-23 | BabyGekko before 1.2.4 allows PHP file inclusion. |
| CVE-2012-5698 | 2020-01-23 | BabyGekko before 1.2.4 has SQL injection. |
| CVE-2013-4176 | 2020-01-23 | mysecureshell 1.31: Local Information Disclosure Vulnerability |
| CVE-2013-6785 | 2020-01-23 | Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. |
| CVE-2013-4175 | 2020-01-23 | MySecureShell 1.31 has a Local Denial of Service Vulnerability |
| CVE-2016-1000237 | 2020-01-23 | sanitize-html before 1.4.3 has XSS. |
| CVE-2013-6358 | 2020-01-23 | PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. |
| CVE-2012-4981 | 2020-01-23 | Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability |
| CVE-2020-7931 | 2020-01-23 | In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and... |
| CVE-2014-7238 | 2020-01-23 | The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS |
| CVE-2013-6792 | 2020-01-23 | Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability |
| CVE-2013-6772 | 2020-01-23 | Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking |
| CVE-2013-6773 | 2020-01-23 | Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
| CVE-2008-7314 | 2020-01-23 | mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. |
| CVE-2019-18899 | 2020-01-23 | apt-cacher-ng insecure use of /run/apt-cacher-ng |
| CVE-2007-6758 | 2020-01-23 | Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. |
| CVE-2019-3691 | 2020-01-23 | Local privilege escalation from user munge to root |
| CVE-2019-14888 | 2020-01-23 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of... |
| CVE-2019-16153 | 2020-01-23 | A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. |
| CVE-2019-5593 | 2020-01-23 | Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the... |
| CVE-2019-16513 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. |
| CVE-2019-16512 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. |
| CVE-2019-16517 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on... |
| CVE-2019-16514 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code... |
| CVE-2019-16516 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists... |
| CVE-2019-16515 | 2020-01-23 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. |
| CVE-2019-15712 | 2020-01-23 | An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. |
| CVE-2020-7220 | 2020-01-23 | HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. |
| CVE-2019-15707 | 2020-01-23 | An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized... |
| CVE-2012-6083 | 2020-01-23 | Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. |
| CVE-2012-5626 | 2020-01-23 | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat... |
| CVE-2015-1931 | 2020-01-23 | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before... |
| CVE-2013-1592 | 2020-01-23 | A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver... |
| CVE-2014-2050 | 2020-01-23 | Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a... |
| CVE-2015-5745 | 2020-01-23 | Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. |
| CVE-2015-5278 | 2020-01-23 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related... |
| CVE-2013-1593 | 2020-01-23 | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP... |
| CVE-2015-5239 | 2020-01-23 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
| CVE-2015-5334 | 2020-01-23 | Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509... |
| CVE-2015-5333 | 2020-01-23 | Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in... |
| CVE-2020-7941 | 2020-01-23 | A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. |
| CVE-2020-7940 | 2020-01-23 | Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. |
| CVE-2020-7939 | 2020-01-23 | SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) |
| CVE-2020-7938 | 2020-01-23 | plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. |
| CVE-2020-7937 | 2020-01-23 | An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access... |
| CVE-2020-7936 | 2020-01-23 | An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed,... |
| CVE-2019-19898 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. |
| CVE-2019-19897 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in... |
| CVE-2019-19896 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification... |
| CVE-2019-19895 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and... |
| CVE-2019-19894 | 2020-01-23 | In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users... |
| CVE-2019-19893 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights... |
| CVE-2020-6007 | 2020-01-23 | Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote... |
| CVE-2012-5389 | 2020-01-23 | NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request. |
| CVE-2012-5340 | 2020-01-23 | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. |
| CVE-2012-4606 | 2020-01-23 | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local... |
| CVE-2012-6663 | 2020-01-23 | General Electric D20ME devices are not properly configured and reveal plaintext passwords. |
| CVE-2012-6649 | 2020-01-23 | WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. |
| CVE-2020-7245 | 2020-01-23 | Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled... |
| CVE-2019-3687 | 2020-01-24 | "easy" permission profile allows everyone execute dumpcap and read all network traffic |
| CVE-2019-3692 | 2020-01-24 | Local privilege escalation from user news to root in the packaging of inn |
| CVE-2019-3693 | 2020-01-24 | Local privilege escalation from user wwwrun to root in the packaging of mailman |
| CVE-2019-3694 | 2020-01-24 | Local privilege escalation from munin to root in the packaging of munin |
| CVE-2019-3697 | 2020-01-24 | Local privilege escalation from user gnump3d to root |
| CVE-2019-3699 | 2020-01-24 | Local privilege escalation from user privoxy to root |
| CVE-2019-3700 | 2020-01-24 | yast: Fallback to DES without configuration in /etc/login.def |
| CVE-2012-6302 | 2020-01-24 | Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. |
| CVE-2020-7226 | 2020-01-24 | CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with... |
| CVE-2012-6451 | 2020-01-24 | Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability |
| CVE-2013-3960 | 2020-01-24 | Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass |
| CVE-2013-4333 | 2020-01-24 | OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability |
| CVE-2019-19632 | 2020-01-24 | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7... |
| CVE-2019-18900 | 2020-01-24 | libzypp stores cookies world readable |
| CVE-2019-19631 | 2020-01-24 | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7... |
| CVE-2020-5219 | 2020-01-24 | Remote Code Execution in Angular Expressions |
| CVE-2020-6961 | 2020-01-24 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station... |
| CVE-2020-6962 | 2020-01-24 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station... |
| CVE-2020-6963 | 2020-01-24 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected... |
| CVE-2020-6964 | 2020-01-24 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE... |
| CVE-2014-1923 | 2020-01-24 | Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow... |
| CVE-2014-1922 | 2020-01-24 | Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-1924 | 2020-01-24 | The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct... |
| CVE-2014-1925 | 2020-01-24 | SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute... |
| CVE-2015-4041 | 2020-01-24 | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which... |
| CVE-2013-1594 | 2020-01-24 | An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. |
| CVE-2015-4042 | 2020-01-24 | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified... |
| CVE-2014-9720 | 2020-01-24 | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH... |
| CVE-2020-6965 | 2020-01-24 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version... |
| CVE-2020-6966 | 2020-01-24 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected... |
| CVE-2013-1595 | 2020-01-24 | A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could... |
| CVE-2015-1530 | 2020-01-24 | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid... |
| CVE-2015-1525 | 2020-01-24 | audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. |
| CVE-2019-19363 | 2020-01-24 | An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for... |
| CVE-2015-2928 | 2020-01-24 | The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon... |
| CVE-2015-2929 | 2020-01-24 | The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application... |