Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5650 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5651 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5652 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5653 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5654 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5655 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5656 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5657 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5658 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5659 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5660 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5661 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5662 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5663 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-5664 2020-02-07 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-5218 1 Sylius 1 Sylius 2020-02-07 4.0 MEDIUM 4.3 MEDIUM
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.
CVE-2016-2032 1 Arubanetworks 3 Airwave, Aruba Instant, Arubaos 2020-02-07 5.0 MEDIUM 7.5 HIGH
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
CVE-2013-2681 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 4.3 MEDIUM 9.8 CRITICAL
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
CVE-2013-2682 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 4.3 MEDIUM 4.3 MEDIUM
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
CVE-2013-2678 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 6.8 MEDIUM 8.1 HIGH
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
CVE-2020-8420 1 Joomla 1 Joomla\! 2020-02-07 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVE-2013-2683 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 5.0 MEDIUM 5.3 MEDIUM
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
CVE-2020-5211 1 Nethack 1 Nethack 2020-02-07 7.5 HIGH 9.8 CRITICAL
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5214 1 Nethack 1 Nethack 2020-02-07 7.5 HIGH 9.8 CRITICAL
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5213 1 Nethack 1 Nethack 2020-02-07 7.5 HIGH 9.8 CRITICAL
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5212 1 Nethack 1 Nethack 2020-02-07 7.5 HIGH 9.8 CRITICAL
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2013-2684 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-7966 1 Gitlab 1 Gitlab 2020-02-07 5.0 MEDIUM 7.5 HIGH
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
CVE-2013-2680 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2020-02-07 5.0 MEDIUM 7.5 HIGH
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
CVE-2019-17585 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-17586 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-17587 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-17588 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-17589 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-6478 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-6479 2020-02-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2020-7971 1 Gitlab 1 Gitlab 2020-02-06 4.3 MEDIUM 6.1 MEDIUM
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVE-2020-8419 1 Joomla 1 Joomla\! 2020-02-06 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVE-2020-8421 1 Joomla 1 Joomla\! 2020-02-06 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVE-2013-0291 1 Imagely 1 Nextgen Gallery 2020-02-06 5.0 MEDIUM 7.5 HIGH
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability
CVE-2020-8591 1 Eginnovations 1 Eg Manager 2020-02-06 7.5 HIGH 9.8 CRITICAL
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
CVE-2016-11018 1 Huge-it 1 Image Gallery 2020-02-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().
CVE-2019-15975 1 Cisco 1 Data Center Network Manager 2020-02-06 10.0 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-15976 1 Cisco 1 Data Center Network Manager 2020-02-06 10.0 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-15977 1 Cisco 1 Data Center Network Manager 2020-02-06 7.8 HIGH 7.5 HIGH
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2019-15978 1 Cisco 1 Data Center Network Manager 2020-02-06 9.0 HIGH 7.2 HIGH
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVE-2019-15984 1 Cisco 1 Data Center Network Manager 2020-02-06 9.0 HIGH 7.2 HIGH
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVE-2020-8417 1 Codesnippets 1 Code Snippets 2020-02-06 6.8 MEDIUM 8.8 HIGH
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.
CVE-2020-6849 1 Hutchhouse 1 Marketo Forms And Tracking 2020-02-06 6.8 MEDIUM 8.8 HIGH
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS.
CVE-2011-1150 1 Bbpress 1 Bbpress 2020-02-06 4.3 MEDIUM 6.1 MEDIUM
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.