Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16266 2 Linux, Samsung 2 Tizen, Galaxy Gear 2020-02-03 4.8 MEDIUM 8.1 HIGH
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16264 2 Linux, Samsung 2 Tizen, Galaxy Gear 2020-02-03 3.3 LOW 6.5 MEDIUM
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16262 2 Linux, Samsung 2 Tizen, Galaxy Gear 2020-02-03 5.8 MEDIUM 8.8 HIGH
The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16268 2 Linux, Samsung 2 Tizen, Galaxy Gear 2020-02-03 3.3 LOW 4.3 MEDIUM
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-16267 2 Linux, Samsung 2 Tizen, Galaxy Gear 2020-02-03 4.8 MEDIUM 8.1 HIGH
The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2019-13521 1 Rockwellautomation 1 Arena Simulation 2020-02-03 6.8 MEDIUM 7.8 HIGH
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVE-2014-2906 1 Fishshell 1 Fish 2020-02-03 4.4 MEDIUM 7.0 HIGH
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.
CVE-2014-3856 1 Fishshell 1 Fish 2020-02-03 4.4 MEDIUM 7.0 HIGH
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
CVE-2013-1350 1 Veraxsystems 1 Network Management System 2020-02-03 6.4 MEDIUM 9.1 CRITICAL
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities
CVE-2019-13519 1 Rockwellautomation 1 Arena Simulation 2020-02-03 6.8 MEDIUM 7.8 HIGH
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVE-2013-5114 1 Logmein 1 Lastpass 2020-02-03 6.6 MEDIUM 6.1 MEDIUM
LastPass prior to 2.5.1 allows secure wipe bypass.
CVE-2013-5116 1 Evernote 1 Evernote 2020-02-03 6.6 MEDIUM 7.1 HIGH
Evernote prior to 5.5.1 has insecure password change
CVE-2020-7965 1 Webargs Project 1 Webargs 2020-02-03 6.8 MEDIUM 8.8 HIGH
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF.
CVE-2019-12998 1 Elementsproject 1 C-lightning 2020-02-03 5.0 MEDIUM 7.5 HIGH
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."
CVE-2019-12999 1 Lightning 1 Network Daemon 2020-02-03 5.0 MEDIUM 7.5 HIGH
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.
CVE-2019-13000 1 Acinq 1 Eclair 2020-02-03 5.0 MEDIUM 7.5 HIGH
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."
CVE-2012-4606 1 Citrix 1 Xenserver 2020-02-03 4.6 MEDIUM 7.8 HIGH
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
CVE-2019-11256 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11257 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11258 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11259 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11260 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11261 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11262 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11263 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11264 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11265 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11266 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2019-11267 2020-02-03 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019.
CVE-2014-3868 1 Zeuscart 1 Zeuscart 2020-02-03 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
CVE-2019-17103 1 Bitdefender 1 Antivirus 2020-02-03 2.1 LOW 5.5 MEDIUM
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVE-2018-8019 2 Apache, Debian 2 Tomcat Native, Debian Linux 2020-02-03 4.3 MEDIUM 7.4 HIGH
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
CVE-2016-10935 1 Visser 1 Store Exporter For Woocommerce 2020-02-03 7.5 HIGH 9.8 CRITICAL
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
CVE-2017-11124 1 Xar Project 1 Xar 2020-02-03 7.5 HIGH 9.8 CRITICAL
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
CVE-2017-11125 1 Xar Project 1 Xar 2020-02-03 7.5 HIGH 9.8 CRITICAL
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
CVE-2018-11243 1 Upx Project 1 Upx 2020-02-03 6.8 MEDIUM 7.8 HIGH
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.
CVE-2019-20051 1 Upx Project 1 Upx 2020-02-03 4.3 MEDIUM 5.5 MEDIUM
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
CVE-2020-1930 1 Apache 1 Spamassassin 2020-02-02 9.3 HIGH 8.1 HIGH
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.
CVE-2020-1931 1 Apache 1 Spamassassin 2020-02-02 9.3 HIGH 8.1 HIGH
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.
CVE-2019-17095 1 Bitdefender 2 Box 2, Box 2 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
CVE-2019-17099 1 Bitdefender 1 Endpoint Security Tools 2020-02-01 4.4 MEDIUM 7.8 HIGH
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
CVE-2020-7909 1 Jetbrains 1 Teamcity 2020-02-01 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVE-2020-7912 1 Jetbrains 1 Youtrack 2020-02-01 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
CVE-2013-2567 1 Zavio 4 F3105, F3105 Firmware, F312a and 1 more 2020-02-01 5.0 MEDIUM 7.5 HIGH
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
CVE-2013-2568 1 Zavio 4 F3105, F3105 Firmware, F312a and 1 more 2020-02-01 10.0 HIGH 9.8 CRITICAL
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
CVE-2013-2569 1 Zavio 4 F3105, F3105 Firmware, F312a and 1 more 2020-02-01 5.0 MEDIUM 7.5 HIGH
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
CVE-2013-2570 1 Zavio 4 F3105, F3105 Firmware, F312a and 1 more 2020-02-01 7.5 HIGH 9.8 CRITICAL
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
CVE-2012-6302 1 Soapbox Project 1 Soapbox 2020-02-01 7.2 HIGH 7.8 HIGH
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox.
CVE-2013-4333 1 Tejimaya 1 Openpne 2020-02-01 6.4 MEDIUM 9.1 CRITICAL
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
CVE-2015-4041 1 Gnu 1 Coreutils 2020-02-01 4.6 MEDIUM 7.8 HIGH
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.