Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17520 1 Ti 2 Cc2640r2, Cc2640r2 Software Development Kit 2020-02-14 6.1 MEDIUM 6.5 MEDIUM
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
CVE-2020-6767 1 Bosch 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
CVE-2015-7508 1 Netsurf-browser 1 Libnsbmp 2020-02-14 6.8 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.
CVE-2020-2115 1 Jenkins 1 Nunit 2020-02-14 6.5 MEDIUM 8.8 HIGH
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2114 1 Jenkins 1 S3 Publisher 2020-02-14 5.0 MEDIUM 7.5 HIGH
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-2113 1 Jenkins 1 Git Parameter 2020-02-14 3.5 LOW 5.4 MEDIUM
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
CVE-2020-2112 1 Jenkins 1 Git Parameter 2020-02-14 3.5 LOW 5.4 MEDIUM
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
CVE-2020-2116 1 Jenkins 1 Pipeline Github Notify Step 2020-02-14 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-19762 2020-02-14 N/A N/A
** REJECT ** Unused CVE for 2019.
CVE-2019-19763 2020-02-14 N/A N/A
** REJECT ** Unused CVE for 2019.
CVE-2019-19764 2020-02-14 N/A N/A
** REJECT ** Unused CVE for 2019.
CVE-2019-19765 2020-02-14 N/A N/A
** REJECT ** Unused CVE for 2019.
CVE-2012-5828 1 Blackberry 2 Playbook, Playbook Firmware 2020-02-14 4.3 MEDIUM 6.5 MEDIUM
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error
CVE-2020-8089 1 Piwigo 1 Piwigo 2020-02-14 3.5 LOW 5.4 MEDIUM
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
CVE-2020-0729 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2020-02-14 6.8 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.
CVE-2013-7378 1 Hubot Scripts Project 1 Hubot Scripts 2020-02-14 7.5 HIGH 9.8 CRITICAL
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
CVE-2012-4512 2 Kde, Redhat 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more 2020-02-14 6.8 MEDIUM 8.8 HIGH
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
CVE-2020-2129 1 Jenkins 1 Eagle Tester 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVE-2020-2111 1 Jenkins 1 Subversion 2020-02-14 3.5 LOW 5.4 MEDIUM
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2130 1 Jenkins 1 Harvest Scm 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVE-2020-2131 1 Jenkins 1 Harvest Scm 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2020-0730 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2020-02-14 3.6 LOW 7.1 HIGH
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
CVE-2012-6611 1 Polycom 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more 2020-02-14 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
CVE-2020-2132 1 Jenkins 1 Parasoft Environment Manager 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2020-2133 1 Jenkins 1 Applatix 2020-02-14 4.0 MEDIUM 6.5 MEDIUM
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2014-2560 1 Phoner 1 Phonerlite 2020-02-14 4.3 MEDIUM 7.5 HIGH
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2014-4607 1 Oberhumer 2 Liblzo2, Lzo2 2020-02-14 6.8 MEDIUM 8.8 HIGH
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
CVE-2020-2123 1 Jenkins 1 Radargun 2020-02-14 6.5 MEDIUM 8.8 HIGH
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVE-2013-1410 1 Perforce 1 P4web 2020-02-14 4.3 MEDIUM 6.1 MEDIUM
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
CVE-2013-2010 2 Automattic, Boldgrid 2 Wp Super Cache, W3 Total Cache 2020-02-14 7.5 HIGH 9.8 CRITICAL
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVE-2013-7381 1 Libnotify Project 1 Libnotify 2020-02-14 7.5 HIGH 9.8 CRITICAL
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
CVE-2015-5617 1 Enorth 1 Webpublisher Cms 2020-02-14 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
CVE-2020-2127 1 Jenkins 1 Bmc Release Package And Deployment 2020-02-14 4.0 MEDIUM 4.3 MEDIUM
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2020-2128 1 Jenkins 1 Ecx Copy Data Management 2020-02-14 4.0 MEDIUM 4.3 MEDIUM
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2013-0803 1 Polarbear Cms Project 1 Polarbear Cms 2020-02-14 7.5 HIGH 9.8 CRITICAL
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
CVE-2019-19547 1 Symantec 1 Endpoint Detection And Response 2020-02-14 4.3 MEDIUM 6.1 MEDIUM
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
CVE-2020-2125 1 Jenkins 1 Debian Package Builder 2020-02-13 4.0 MEDIUM 4.3 MEDIUM
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVE-2020-2126 1 Jenkins 1 Digitalocean 2020-02-13 4.0 MEDIUM 4.3 MEDIUM
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.
CVE-2020-2124 1 Jenkins 1 Dynamic Extended Choice Parameter 2020-02-13 4.0 MEDIUM 4.3 MEDIUM
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2014-2025 1 Unitedplanet 1 Intrexx 2020-02-13 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.
CVE-2020-0696 1 Microsoft 3 Office, Office 365 Proplus, Outlook 2020-02-13 4.3 MEDIUM 6.5 MEDIUM
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
CVE-2020-5831 1 Symantec 1 Endpoint Protection Manager 2020-02-13 2.1 LOW 3.3 LOW
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
CVE-2020-5828 1 Symantec 1 Endpoint Protection Manager 2020-02-13 2.1 LOW 3.3 LOW
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
CVE-2020-5827 1 Symantec 1 Endpoint Protection Manager 2020-02-13 2.1 LOW 3.3 LOW
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
CVE-2020-5829 1 Symantec 1 Endpoint Protection Manager 2020-02-13 2.1 LOW 3.3 LOW
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
CVE-2020-5830 1 Symantec 1 Endpoint Protection Manager 2020-02-13 2.1 LOW 3.3 LOW
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
CVE-2020-0686 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2020-02-13 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683.
CVE-2013-0295 2020-02-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0342. Reason: This candidate is a duplicate of [ID]. Notes: All CVE users should reference CVE-2013-0342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2019-1234 1 Microsoft 1 Azure Stack 2020-02-13 5.0 MEDIUM 7.5 HIGH
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
CVE-2020-0751 1 Microsoft 2 Windows 10, Windows Server 2016 2020-02-13 2.1 LOW 6.0 MEDIUM
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661.