CVE List - 2020 / March
Showing 1101 - 1200 of 1754 CVEs for March 2020 (Page 12 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-19677 | 2020-03-18 | arxes-tolina 3.0.0 allows User Enumeration. |
| CVE-2019-16375 | 2020-03-19 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as... |
| CVE-2019-20485 | 2020-03-19 | qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). |
| CVE-2019-14872 | 2020-03-19 | The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference. |
| CVE-2019-19336 | 2020-03-19 | A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an... |
| CVE-2020-10675 | 2020-03-19 | The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. |
| CVE-2020-10648 | 2020-03-19 | Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default... |
| CVE-2020-4203 | 2020-03-19 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956. |
| CVE-2020-4205 | 2020-03-19 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force... |
| CVE-2019-12128 | 2020-03-19 | In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-12129 | 2020-03-19 | In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-12130 | 2020-03-19 | In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-20524 | 2020-03-19 | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. |
| CVE-2019-20527 | 2020-03-19 | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. |
| CVE-2019-20523 | 2020-03-19 | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. |
| CVE-2019-20522 | 2020-03-19 | ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. |
| CVE-2020-10678 | 2020-03-19 | In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges. |
| CVE-2019-12416 | 2020-03-19 | we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. |
| CVE-2019-14873 | 2020-03-19 | In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify... |
| CVE-2019-14877 | 2020-03-19 | In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify... |
| CVE-2019-14878 | 2020-03-19 | In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to... |
| CVE-2019-14874 | 2020-03-19 | In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to... |
| CVE-2019-14875 | 2020-03-19 | In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to... |
| CVE-2019-14876 | 2020-03-19 | In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to... |
| CVE-2020-1705 | 2020-03-19 | A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with... |
| CVE-2014-2722 | 2020-03-19 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.... |
| CVE-2020-3266 | 2020-03-19 | Cisco SD-WAN Solution Command Injection Vulnerability |
| CVE-2020-3265 | 2020-03-19 | Cisco SD-WAN Solution Privilege Escalation Vulnerability |
| CVE-2020-3264 | 2020-03-19 | Cisco SD-WAN Solution Buffer Overflow Vulnerability |
| CVE-2019-16012 | 2020-03-19 | Cisco SD-WAN Solution vManage SQL Injection Vulnerability |
| CVE-2019-16010 | 2020-03-19 | Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability |
| CVE-2014-2721 | 2020-03-19 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.... |
| CVE-2014-2723 | 2020-03-19 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.... |
| CVE-2019-11361 | 2020-03-19 | Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. |
| CVE-2019-16382 | 2020-03-19 | An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid... |
| CVE-2020-5262 | 2020-03-19 | GitHub personal access token leaking into temporary EasyBuild (debug) logs |
| CVE-2019-16337 | 2020-03-19 | The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. |
| CVE-2019-16338 | 2020-03-19 | The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. |
| CVE-2019-15653 | 2020-03-19 | Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username... |
| CVE-2019-15654 | 2020-03-19 | Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving... |
| CVE-2019-15655 | 2020-03-19 | D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead... |
| CVE-2019-15656 | 2020-03-19 | D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. |
| CVE-2020-5267 | 2020-03-19 | Possible XSS vulnerability in ActionView |
| CVE-2019-12125 | 2020-03-19 | In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-12126 | 2020-03-19 | In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-12127 | 2020-03-19 | In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services... |
| CVE-2019-20513 | 2020-03-19 | Open edX Ironwood.1 allows support/certificates?user= reflected XSS. |
| CVE-2019-20514 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. |
| CVE-2019-20515 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. |
| CVE-2019-20516 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. |
| CVE-2019-20517 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. |
| CVE-2019-16061 | 2020-03-19 | A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system... |
| CVE-2019-20518 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. |
| CVE-2019-20519 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. |
| CVE-2019-20520 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. |
| CVE-2019-20521 | 2020-03-19 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. |
| CVE-2019-16062 | 2020-03-19 | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data. |
| CVE-2019-16064 | 2020-03-19 | NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder.... |
| CVE-2019-16065 | 2020-03-19 | A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the... |
| CVE-2019-16066 | 2020-03-19 | An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform... |
| CVE-2019-20525 | 2020-03-19 | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. |
| CVE-2019-16067 | 2020-03-19 | NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow... |
| CVE-2019-20526 | 2020-03-19 | Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. |
| CVE-2019-16070 | 2020-03-19 | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the... |
| CVE-2020-10667 | 2020-03-19 | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the... |
| CVE-2019-15124 | 2020-03-19 | In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. |
| CVE-2020-10668 | 2020-03-19 | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the... |
| CVE-2020-10670 | 2020-03-19 | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in... |
| CVE-2020-10671 | 2020-03-19 | The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a... |
| CVE-2019-15539 | 2020-03-19 | The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment... |
| CVE-2020-7006 | 2020-03-19 | Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. |
| CVE-2019-16063 | 2020-03-19 | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data. |
| CVE-2020-10669 | 2020-03-19 | The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's... |
| CVE-2019-16529 | 2020-03-19 | An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model. |
| CVE-2019-16068 | 2020-03-19 | A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request.... |
| CVE-2019-16069 | 2020-03-19 | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the... |
| CVE-2019-16108 | 2020-03-19 | phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. |
| CVE-2019-16072 | 2020-03-19 | An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell... |
| CVE-2019-16071 | 2020-03-19 | Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However,... |
| CVE-2019-13389 | 2020-03-20 | RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. |
| CVE-2019-14855 | 2020-03-20 | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures.... |
| CVE-2020-1707 | 2020-03-20 | A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with... |
| CVE-2020-1709 | 2020-03-20 | A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access... |
| CVE-2020-6449 | 2020-03-20 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-20334 | 2020-03-20 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue,... |
| CVE-2018-20335 | 2020-03-20 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. |
| CVE-2018-20333 | 2020-03-20 | An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed... |
| CVE-2019-18782 | 2020-03-20 | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. |
| CVE-2019-18785 | 2020-03-20 | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. |
| CVE-2019-19025 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. |
| CVE-2019-19026 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. |
| CVE-2019-19029 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. |
| CVE-2020-9343 | 2020-03-20 | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit... |
| CVE-2020-9344 | 2020-03-20 | Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. |
| CVE-2020-9345 | 2020-03-20 | An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit... |
| CVE-2019-19023 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. |
| CVE-2019-19487 | 2020-03-20 | Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. |
| CVE-2019-19486 | 2020-03-20 | Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. |
| CVE-2019-19484 | 2020-03-20 | Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. |
| CVE-2020-10681 | 2020-03-20 | The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. |