Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10957 1 Geutebrueck 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more 2020-02-10 3.5 LOW 4.8 MEDIUM
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
CVE-2019-11145 1 Intel 1 Driver \& Support Assistant 2020-02-10 4.6 MEDIUM 7.8 HIGH
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11146 1 Intel 1 Driver \& Support Assistant 2020-02-10 4.6 MEDIUM 7.8 HIGH
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-12331 1 Phpspreadsheet Project 1 Phpspreadsheet 2020-02-10 6.8 MEDIUM 8.8 HIGH
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ‚<!ENTITY‘ and thus allowing for an xml external entity processing (XXE) attack.
CVE-2019-12455 1 Linux 1 Linux Kernel 2020-02-10 4.9 MEDIUM 5.5 MEDIUM
** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.
CVE-2018-7712 1 Opencv 1 Opencv 2020-02-10 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
CVE-2018-7713 1 Opencv 1 Opencv 2020-02-10 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
CVE-2018-7714 1 Opencv 1 Opencv 2020-02-10 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
CVE-2018-7827 1 Schneider-electric 118 D6220, D6220 Firmware, D6220l and 115 more 2020-02-10 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.
CVE-2019-0316 1 Sap 1 Netweaver Process Integration 2020-02-10 3.5 LOW 4.8 MEDIUM
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.
CVE-2019-0380 1 Sap 1 Landscape Management 2020-02-10 4.0 MEDIUM 4.9 MEDIUM
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
CVE-2018-5926 1 Hp 1 Remote Graphics Software 2020-02-10 6.4 MEDIUM 9.1 CRITICAL
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.
CVE-2018-11691 1 Emerson 2 Ve6046, Ve6046 Firmware 2020-02-10 10.0 HIGH 9.8 CRITICAL
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool.
CVE-2017-17518 1 White Dune Project 1 White Dune 2020-02-10 6.8 MEDIUM 8.8 HIGH
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".”
CVE-2016-5819 1 Moxa 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more 2020-02-10 4.3 MEDIUM 6.1 MEDIUM
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server.
CVE-2014-4984 1 Dejavuprotech 1 Crescendo - Sales Crm 2020-02-10 7.5 HIGH 9.8 CRITICAL
Déjà Vu Crescendo Sales CRM has remote SQL Injection
CVE-2013-2805 1 Rockwellautomation 1 Rslinx Enterprise 2020-02-10 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-2806 1 Rockwellautomation 1 Rslinx Enterprise 2020-02-10 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-2807 1 Rockwellautomation 1 Rslinx Enterprise 2020-02-10 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-3366 1 Trendnet 2 Tew-812dru, Tew-812dru Firmware 2020-02-10 9.3 HIGH 8.8 HIGH
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
CVE-2013-3367 1 Trendnet 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more 2020-02-10 10.0 HIGH 9.8 CRITICAL
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
CVE-2011-1596 2020-02-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2010-5305 1 Rockwellautomation 5 Plc5 1785-lx, Plc5 1785-lx Firmware, Rslogix and 2 more 2020-02-10 7.5 HIGH 9.8 CRITICAL
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.
CVE-2009-5093 1 Php4scripte 1 Gastebuch 2020-02-10 5.0 MEDIUM N/A
Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVE-2008-6586 1 Utorrent 1 Utorrent Webui 2020-02-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action.
CVE-2008-7272 1 Getfiregpg 1 Firegpg 2020-02-10 5.0 MEDIUM 7.5 HIGH
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.
CVE-2009-1784 1 Avg 1 Avg Anti-virus 2020-02-10 10.0 HIGH N/A
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
CVE-2008-1508 1 Efestech 1 E-kontor 2020-02-10 7.5 HIGH N/A
SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2020-02-10 4.4 MEDIUM N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2006-4595 1 Muforum 1 Muforum 2020-02-10 5.0 MEDIUM N/A
muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.
CVE-2006-2108 1 Oce North America 2 3121 Printer, 3122 Printer 2020-02-10 7.8 HIGH N/A
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.
CVE-2006-0706 1 Gastebuch 1 Gastebuch 2020-02-10 4.3 MEDIUM N/A
Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2020-02-10 7.5 HIGH N/A
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2005-2036 1 Cool Cafe Chat 1 Cool Cafe Chat 2020-02-10 7.5 HIGH N/A
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.
CVE-2003-0497 1 Intersystems 1 Cache Database 2020-02-10 7.2 HIGH N/A
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
CVE-2003-0498 1 Intersystems 1 Cache Database 2020-02-10 7.2 HIGH N/A
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2019-19663 1 Maxum 1 Rumpus 2020-02-10 5.8 MEDIUM 6.5 MEDIUM
A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
CVE-2013-3636 1 Projectpier 1 Projectpier 2020-02-10 3.5 LOW 5.4 MEDIUM
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
CVE-2013-4572 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2020-02-10 5.0 MEDIUM 7.5 HIGH
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
CVE-2013-3637 1 Projectpier 1 Projectpier 2020-02-10 3.5 LOW 5.4 MEDIUM
ProjectPier 0.8.8 does not use the Secure flag for cookies
CVE-2011-1597 1 Openvas 1 Openvas Manager 2020-02-10 6.5 MEDIUM 8.8 HIGH
OpenVAS Manager v2.0.3 allows plugin remote code execution.
CVE-2013-0192 1 Simplemachines 1 Simple Machines Forum 2020-02-10 4.0 MEDIUM 4.9 MEDIUM
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
CVE-2013-4166 2 Gnome, Redhat 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more 2020-02-10 5.0 MEDIUM 7.5 HIGH
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVE-2013-2009 1 Automattic 1 Wp Super Cache 2020-02-10 6.8 MEDIUM 8.8 HIGH
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
CVE-2019-10782 1 Checkstyle 1 Checkstyle 2020-02-10 5.0 MEDIUM 5.3 MEDIUM
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
CVE-2013-3629 1 Ispconfig 1 Ispconfig 2020-02-10 6.5 MEDIUM 8.8 HIGH
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
CVE-2013-3628 1 Zabbix 1 Zabbix 2020-02-10 6.5 MEDIUM 8.8 HIGH
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVE-2013-3091 1 Belkin 2 N300, N300 Firmware 2020-02-10 10.0 HIGH 9.8 CRITICAL
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
CVE-2010-3917 1 Google 1 Chrome 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2013-3096 1 Dlink 2 Dir865l, Dir865l Firmware 2020-02-10 4.3 MEDIUM 5.9 MEDIUM
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.