Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15613 1 Nextcloud 1 Server 2020-02-16 6.0 MEDIUM 8.0 HIGH
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVE-2019-15621 1 Nextcloud 1 Nextcloud Server 2020-02-16 4.0 MEDIUM 6.5 MEDIUM
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
CVE-2020-8119 1 Nextcloud 1 Nextcloud Server 2020-02-16 4.0 MEDIUM 4.3 MEDIUM
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
CVE-2020-3723 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3720 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3721 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3722 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3724 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3725 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3726 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3727 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3728 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3729 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3730 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3731 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3732 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3736 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3733 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3734 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3735 2 Adobe, Microsoft 2 Framemaker, Windows 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2014-5085 1 Sphider-plus 1 Sphider-plus 2020-02-14 6.5 MEDIUM 8.8 HIGH
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.
CVE-2020-3737 1 Adobe 1 Framemaker 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2020-3738 1 Adobe 1 Framemaker 2020-02-14 6.8 MEDIUM 8.8 HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2009-5140 1 Linksys 2 Spa2102, Spa2102 Firmware 2020-02-14 4.3 MEDIUM 8.8 HIGH
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2014-5083 1 Sphider 1 Sphider 2020-02-14 6.5 MEDIUM 8.8 HIGH
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.
CVE-2020-8894 1 Misp 1 Misp 2020-02-14 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVE-2018-3987 1 Rakuten 1 Viber 2020-02-14 2.1 LOW 5.5 MEDIUM
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
CVE-2020-6969 1 Automationdirect 22 C-more Ea9-rhi, C-more Ea9-rhi Firmware, C-more Ea9-t10cl and 19 more 2020-02-14 10.0 HIGH 9.8 CRITICAL
It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.
CVE-2019-4741 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2020-02-14 5.0 MEDIUM 5.3 MEDIUM
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.
CVE-2012-0810 1 Linux 1 Linux Kernel 2020-02-14 4.9 MEDIUM 5.5 MEDIUM
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.
CVE-2020-8890 1 Misp 1 Misp 2020-02-14 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVE-2020-2122 1 Jenkins 1 Brakeman 2020-02-14 3.5 LOW 5.4 MEDIUM
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.
CVE-2020-8892 1 Misp 1 Misp 2020-02-14 6.8 MEDIUM 8.1 HIGH
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVE-2020-2121 1 Jenkins 1 Google Kubernetes Engine 2020-02-14 6.5 MEDIUM 8.8 HIGH
Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVE-2019-4431 1 Ibm 1 Rational Publishing Engine 2020-02-14 3.5 LOW 5.4 MEDIUM
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888.
CVE-2020-8893 1 Misp 1 Misp 2020-02-14 5.0 MEDIUM 7.5 HIGH
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVE-2020-5824 1 Symantec 1 Endpoint Protection 2020-02-14 2.1 LOW 5.5 MEDIUM
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
CVE-2019-4427 2 Ibm, Microsoft 2 Cloud Cli, Windows 2020-02-14 5.0 MEDIUM 7.5 HIGH
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.
CVE-2020-8891 1 Misp 1 Misp 2020-02-14 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVE-2020-2120 1 Jenkins 1 Fitnesse 2020-02-14 6.5 MEDIUM 8.8 HIGH
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
CVE-2013-3942 1 Daum 1 Potplayer 2020-02-14 6.8 MEDIUM 7.8 HIGH
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability
CVE-2020-2119 1 Jenkins 1 Azure Ad 2020-02-14 5.0 MEDIUM 5.3 MEDIUM
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2013-2057 1 Yabb 1 Yabb 2020-02-14 7.5 HIGH 9.8 CRITICAL
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
CVE-2009-5139 1 Google 1 Gizmo5 2020-02-14 4.3 MEDIUM 7.5 HIGH
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2013-1607 1 Pdfkit Project 1 Pdfkit 2020-02-14 7.5 HIGH 9.8 CRITICAL
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
CVE-2014-8128 2 Apple, Libtiff 3 Iphone Os, Mac Os X, Libtiff 2020-02-14 4.3 MEDIUM 6.5 MEDIUM
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
CVE-2020-8947 1 Artica 1 Pandora Fms 2020-02-14 9.0 HIGH 7.2 HIGH
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
CVE-2013-1359 1 Sonicwall 4 Analyzer, Global Management System, Universal Management Appliance and 1 more 2020-02-14 10.0 HIGH 9.8 CRITICAL
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
CVE-2019-19193 1 Ti 4 Ble-stack, Cc2540\/1, Cc2640r2 and 1 more 2020-02-14 6.1 MEDIUM 6.5 MEDIUM
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
CVE-2019-17518 1 Dialog-semiconductor 5 Da14680, Da14681, Da14682 and 2 more 2020-02-14 6.1 MEDIUM 6.5 MEDIUM
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.