CVE List - 2020 / February
Showing 301 - 400 of 1397 CVEs for February 2020 (Page 4 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-8796 | 2020-02-07 | Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. |
| CVE-2020-6768 | 2020-02-07 | Path Traversal in Bosch Video Management System (BVMS) |
| CVE-2020-6770 | 2020-02-07 | Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service |
| CVE-2020-1708 | 2020-02-07 | It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by... |
| CVE-2011-1084 | 2020-02-07 | A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. |
| CVE-2011-1085 | 2020-02-07 | CSRF vulnerability in Smoothwall Express 3. |
| CVE-2011-1086 | 2020-02-07 | Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. |
| CVE-2020-8808 | 2020-02-07 | The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain... |
| CVE-2019-13163 | 2020-02-07 | The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager... |
| CVE-2019-19356 | 2020-02-07 | Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After... |
| CVE-2020-8812 | 2020-02-07 | Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. |
| CVE-2020-8811 | 2020-02-07 | ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. |
| CVE-2019-13333 | 2020-02-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13334 | 2020-02-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17135 | 2020-02-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17136 | 2020-02-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-11481 | 2020-02-08 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink |
| CVE-2019-11482 | 2020-02-08 | Race condition between reading current working directory and writing a core dump |
| CVE-2019-11483 | 2020-02-08 | Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable... |
| CVE-2019-11484 | 2020-02-08 | Integer overflow in bson_ensure_space |
| CVE-2019-11485 | 2020-02-08 | apport created lock file in wrong directory |
| CVE-2011-3642 | 2020-02-08 | Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script... |
| CVE-2014-2225 | 2020-02-08 | Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin... |
| CVE-2014-9470 | 2020-02-08 | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to... |
| CVE-2014-9126 | 2020-02-08 | Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas... |
| CVE-2014-9127 | 2020-02-08 | Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export... |
| CVE-2015-1394 | 2020-02-08 | Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2)... |
| CVE-2014-7863 | 2020-02-08 | The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access,... |
| CVE-2015-2062 | 2020-02-08 | Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or... |
| CVE-2014-8739 | 2020-02-08 | Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0... |
| CVE-2015-3423 | 2020-02-08 | Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0,... |
| CVE-2015-2207 | 2020-02-08 | Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3)... |
| CVE-2012-4029 | 2020-02-08 | Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. |
| CVE-2012-4381 | 2020-02-08 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack... |
| CVE-2015-5741 | 2020-02-08 | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains... |
| CVE-2012-4512 | 2020-02-08 | The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related... |
| CVE-2012-5570 | 2020-02-08 | The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. |
| CVE-2017-18641 | 2020-02-10 | In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. |
| CVE-2020-8822 | 2020-02-10 | Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. |
| CVE-2020-8823 | 2020-02-10 | htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. |
| CVE-2020-7059 | 2020-02-10 | OOB read in php_strip_tags_ex |
| CVE-2020-7060 | 2020-02-10 | global buffer-overflow in mbfl_filt_conv_big5_wchar |
| CVE-2020-8825 | 2020-02-10 | index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. |
| CVE-2019-20059 | 2020-02-10 | payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL... |
| CVE-2019-20062 | 2020-02-10 | MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used). |
| CVE-2019-20061 | 2020-02-10 | The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to... |
| CVE-2019-20060 | 2020-02-10 | MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. |
| CVE-2012-6666 | 2020-02-10 | vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. |
| CVE-2013-1353 | 2020-02-10 | Orange HRM 2.7.1 allows XSS via the vacancy name. |
| CVE-2014-5086 | 2020-02-10 | A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code.... |
| CVE-2020-1697 | 2020-02-10 | It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks.... |
| CVE-2014-5085 | 2020-02-10 | A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to... |
| CVE-2014-5084 | 2020-02-10 | A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of... |
| CVE-2019-20451 | 2020-02-10 | The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an... |
| CVE-2012-6611 | 2020-02-10 | An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password... |
| CVE-2014-5083 | 2020-02-10 | A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to... |
| CVE-2012-6449 | 2020-02-10 | The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. |
| CVE-2020-8089 | 2020-02-10 | Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. |
| CVE-2012-1994 | 2020-02-10 | HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information |
| CVE-2012-2204 | 2020-02-10 | InfoSphere Guardium aix_ktap module: DoS |
| CVE-2019-19660 | 2020-02-10 | A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network... |
| CVE-2012-5828 | 2020-02-10 | BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error |
| CVE-2019-19659 | 2020-02-10 | A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing... |
| CVE-2019-19663 | 2020-02-10 | A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. |
| CVE-2019-19665 | 2020-02-10 | A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. |
| CVE-2013-2108 | 2020-02-10 | WordPress WP Cleanfix Plugin 2.4.4 has CSRF |
| CVE-2013-2109 | 2020-02-10 | WordPress plugin wp-cleanfix has Remote Code Execution |
| CVE-2019-19664 | 2020-02-10 | A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. |
| CVE-2019-19662 | 2020-02-10 | A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. |
| CVE-2019-19661 | 2020-02-10 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. |
| CVE-2019-19666 | 2020-02-10 | A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. |
| CVE-2019-19667 | 2020-02-10 | A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via... |
| CVE-2019-19670 | 2020-02-10 | A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website... |
| CVE-2019-19669 | 2020-02-10 | A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload... |
| CVE-2019-19668 | 2020-02-10 | A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are... |
| CVE-2019-13321 | 2020-02-10 | This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the... |
| CVE-2019-13322 | 2020-02-10 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2019-17137 | 2020-02-10 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The... |
| CVE-2019-6744 | 2020-02-10 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical... |
| CVE-2020-8840 | 2020-02-10 | FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. |
| CVE-2019-17060 | 2020-02-10 | The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE... |
| CVE-2019-17061 | 2020-02-10 | The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving... |
| CVE-2019-17517 | 2020-02-10 | The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a... |
| CVE-2019-17518 | 2020-02-10 | The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio... |
| CVE-2020-8841 | 2020-02-10 | An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection. |
| CVE-2019-17520 | 2020-02-10 | The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range... |
| CVE-2019-19193 | 2020-02-10 | The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement... |
| CVE-2019-19195 | 2020-02-10 | The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to... |
| CVE-2017-18642 | 2020-02-10 | Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. |
| CVE-2020-7217 | 2020-02-10 | An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. |
| CVE-2020-8596 | 2020-02-10 | participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate... |
| CVE-2019-14514 | 2020-02-10 | An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root... |
| CVE-2016-5710 | 2020-02-10 | NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. |
| CVE-2018-14553 | 2020-02-11 | gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked... |
| CVE-2019-13924 | 2020-02-11 | A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1),... |
| CVE-2020-8893 | 2020-02-11 | An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. |
| CVE-2020-8894 | 2020-02-11 | An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. |
| CVE-2013-5945 | 2020-02-11 | Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with... |
| CVE-2014-0144 | 2020-02-11 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations... |
| CVE-2014-0147 | 2020-02-11 | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed... |