Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6410 1 Google 1 Chrome 2020-02-12 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.
CVE-2020-6411 1 Google 1 Chrome 2020-02-12 5.8 MEDIUM 5.4 MEDIUM
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-18671 1 Keepkey 2 Keepkey, Keepkey Firmware 2020-02-12 10.0 HIGH 9.8 CRITICAL
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.
CVE-2015-1394 1 10web 1 Photo Gallery 2020-02-11 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.
CVE-2015-2207 1 Netcracker 1 Resource Management System 2020-02-11 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter.
CVE-2012-1994 1 Hp 1 Systems Insight Manager 2020-02-11 2.7 LOW 5.7 MEDIUM
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
CVE-2019-13322 1 Mi 1 Mi Browser 2020-02-11 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483.
CVE-2020-8822 1 Digi 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more 2020-02-11 3.5 LOW 4.8 MEDIUM
Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.
CVE-2012-2204 1 Ibm 1 Infosphere Guardium 2020-02-11 4.9 MEDIUM 5.5 MEDIUM
InfoSphere Guardium aix_ktap module: DoS
CVE-2019-17268 1 Omniauth-weibo-oauth2 Project 1 Omniauth-weibo-oauth2 2020-02-11 7.5 HIGH 9.8 CRITICAL
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.
CVE-2012-2216 2020-02-11 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2020-8772 1 Revmakx 1 Infinitewp Client 2020-02-11 7.5 HIGH 9.8 CRITICAL
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
CVE-2020-8788 1 Synaptivemedical 1 Clearcanvas 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report.
CVE-2013-3591 1 Vtiger 1 Vtiger Crm 2020-02-11 6.5 MEDIUM 8.8 HIGH
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVE-2013-5113 1 Logmein 1 Lastpass 2020-02-11 1.9 LOW 6.8 MEDIUM
LastPass prior to 2.5.1 has an insecure PIN implementation.
CVE-2020-6760 1 Schmid-telecom 2 Zi 620 V400, Zi 620 V400 Firmware 2020-02-11 10.0 HIGH 9.8 CRITICAL
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
CVE-2020-5318 1 Dell 1 Emc Isilon Onefs 2020-02-11 5.0 MEDIUM 7.5 HIGH
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
CVE-2010-4658 1 Status 1 Statusnet 2020-02-11 5.0 MEDIUM 5.3 MEDIUM
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
CVE-2013-6499 2020-02-11 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2013-1202 1 Cisco 1 Ace Application Control Engine Module A2 2020-02-11 5.0 MEDIUM 7.5 HIGH
Cisco ACE A2(3.6) allows log retention DoS.
CVE-2014-6413 1 Watchguard 1 Fireware Xtm 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.
CVE-2012-6297 1 Dd-wrt 1 Dd-wrt 2020-02-11 9.3 HIGH 8.8 HIGH
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
CVE-2019-15616 1 Nextcloud 1 Nextcloud Server 2020-02-11 4.0 MEDIUM 4.3 MEDIUM
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
CVE-2013-4335 1 Openpne 1 Opopensocialplugin 2020-02-11 7.5 HIGH 9.8 CRITICAL
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
CVE-2013-2675 1 Brother 2 Mfc-9970cdw, Mfc-9970cdw Firmware 2020-02-11 4.3 MEDIUM 6.5 MEDIUM
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.
CVE-2012-6340 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2020-02-11 2.1 LOW 4.6 MEDIUM
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
CVE-2014-7969 2020-02-11 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8739. Reason: This candidate is a duplicate of CVE-2014-8739. Notes: All CVE users should reference CVE-2014-8739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2015-2287 2020-02-11 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A typo caused the wrong ID to be used. Notes: none.
CVE-2014-10399 1 Keplerproject 1 Cgilua 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
CVE-2012-6666 1 Vbseo 1 Vbseo 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.
CVE-2019-19670 1 Maxum 1 Rumpus Ftp 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.
CVE-2014-10400 1 Keplerproject 1 Cgilua 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
CVE-2019-15611 1 Nextcloud 1 Nextcloud 2020-02-11 4.0 MEDIUM 4.9 MEDIUM
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
CVE-2013-1353 1 Orangehrm 1 Orangehrm 2020-02-11 3.5 LOW 5.4 MEDIUM
Orange HRM 2.7.1 allows XSS via the vacancy name.
CVE-2019-19661 1 Maxum 1 Rumpus Ftp 2020-02-11 4.3 MEDIUM 6.1 MEDIUM
A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.
CVE-2019-19667 1 Maxum 1 Rumpus Ftp 2020-02-11 5.8 MEDIUM 5.4 MEDIUM
A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.
CVE-2019-19666 1 Maxum 1 Rumpus Ftp 2020-02-11 4.3 MEDIUM 4.3 MEDIUM
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.
CVE-2020-1768 1 Otrs 1 Otrs 2020-02-11 5.5 MEDIUM 5.4 MEDIUM
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
CVE-2019-19669 1 Maxum 1 Rumpus Ftp 2020-02-11 5.8 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.
CVE-2014-5288 1 Kemptechnologies 1 Load Master 2020-02-11 6.8 MEDIUM 8.8 HIGH
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
CVE-2014-5468 1 Getrailo 1 Railo 2020-02-11 6.8 MEDIUM 8.8 HIGH
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
CVE-2013-4334 1 Tejimaya 1 Opwebapiplugin 2020-02-11 7.5 HIGH 9.8 CRITICAL
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
CVE-2019-19668 1 Maxum 1 Rumpus Ftp 2020-02-11 4.3 MEDIUM 4.3 MEDIUM
A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.
CVE-2020-8121 1 Nextcloud 1 Nextcloud Server 2020-02-11 5.5 MEDIUM 8.1 HIGH
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVE-2020-8122 1 Nextcloud 1 Nextcloud Server 2020-02-11 4.0 MEDIUM 4.3 MEDIUM
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVE-2020-8771 1 Wptimecapsule 1 Wp Time Capsule 2020-02-11 7.5 HIGH 9.8 CRITICAL
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
CVE-2014-8271 1 Tianocore 1 Edk2 2020-02-11 4.6 MEDIUM 6.8 MEDIUM
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
CVE-2019-19659 1 Maxum 1 Rumpus 2020-02-11 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
CVE-2014-2030 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2020-02-11 6.8 MEDIUM 8.8 HIGH
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVE-2019-19660 1 Maxum 1 Rumpus 2020-02-11 4.3 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.