Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4042 1 Gnu 1 Coreutils 2020-02-01 7.5 HIGH 9.8 CRITICAL
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
CVE-2015-2929 1 Torproject 1 Tor 2020-02-01 5.0 MEDIUM 7.5 HIGH
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
CVE-2013-3316 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
CVE-2013-3317 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
CVE-2015-2928 1 Torproject 1 Tor 2020-02-01 5.0 MEDIUM 7.5 HIGH
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
CVE-2014-3979 1 Bytemark 1 Symbiosis 2020-02-01 5.0 MEDIUM 7.5 HIGH
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.
CVE-2020-7904 1 Jetbrains 1 Intellij Idea 2020-02-01 5.8 MEDIUM 7.4 HIGH
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
CVE-2020-7906 1 Jetbrains 1 Rider 2020-02-01 5.0 MEDIUM 7.5 HIGH
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
CVE-2020-3147 1 Cisco 114 Sf300-08, Sf300-08 Firmware, Sf300-24 and 111 more 2020-02-01 7.8 HIGH 7.5 HIGH
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18
CVE-2013-3488 1 Mpc-hc 1 Mpc-hc 2020-02-01 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file.
CVE-2013-3489 1 Mpc-hc 1 Mpc-hc 2020-02-01 6.8 MEDIUM 7.8 HIGH
Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file
CVE-2016-1000105 2020-01-31 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2015-2689 1 Torproject 1 Tor 2020-01-31 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVE-2015-2688 1 Torproject 1 Tor 2020-01-31 5.0 MEDIUM 7.5 HIGH
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVE-2015-5483 1 Private Only Project 1 Private Only 2020-01-31 6.8 MEDIUM 8.8 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.
CVE-2020-7994 1 Dolibarr 1 Dolibarr 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page.
CVE-2020-5219 1 Peerigon 1 Angular-expressions 2020-01-31 6.8 MEDIUM 8.8 HIGH
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.
CVE-2012-6133 1 Roundup-tracker 1 Roundup 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
CVE-2020-8438 1 Arris 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware 2020-01-31 9.0 HIGH 7.2 HIGH
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
CVE-2015-0243 2 Debian, Postgresql 2 Debian Linux, Postgresql 2020-01-31 6.5 MEDIUM 8.8 HIGH
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2015-0242 3 Debian, Microsoft, Postgresql 3 Debian Linux, Windows, Postgresql 2020-01-31 6.5 MEDIUM 8.8 HIGH
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
CVE-2020-5523 9 77bank, Ashikagabank, Hokkaidobank and 6 more 9 77 Bank, Ashigin, Dogin and 6 more 2020-01-31 5.8 MEDIUM 7.4 HIGH
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0244 2 Debian, Postgresql 2 Debian Linux, Postgresql 2020-01-31 7.5 HIGH 9.8 CRITICAL
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
CVE-2013-2294 1 Viewgit Project 1 Viewgit 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.
CVE-2019-5464 1 Gitlab 1 Gitlab 2020-01-31 7.5 HIGH 9.8 CRITICAL
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVE-2015-0241 2 Debian, Postgresql 2 Debian Linux, Postgresql 2020-01-31 6.5 MEDIUM 8.8 HIGH
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
CVE-2019-4707 1 Ibm 1 Security Access Manager 2020-01-31 5.5 MEDIUM 7.1 HIGH
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
CVE-2019-5472 1 Gitlab 1 Gitlab 2020-01-31 5.0 MEDIUM 7.5 HIGH
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
CVE-2013-3215 1 Vtiger 1 Vtiger Crm 2020-01-31 7.5 HIGH 9.8 CRITICAL
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVE-2013-3321 1 Netapp 1 Oncommand System Manager 2020-01-31 6.0 MEDIUM 7.5 HIGH
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
CVE-2020-8000 1 Intelliantech 1 Aptus Web 2020-01-31 10.0 HIGH 9.8 CRITICAL
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
CVE-2014-3445 1 Handsomeweb 1 Sos Webpages 2020-01-31 7.5 HIGH 9.8 CRITICAL
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.
CVE-2020-5225 1 Simplesamlphp 1 Simplesamlphp 2020-01-31 5.5 MEDIUM 5.4 MEDIUM
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.
CVE-2013-2573 1 Tp-link 6 Tl-sc 3130g, Tl-sc 3130g Firmware, Tl-sc 3171g and 3 more 2020-01-31 10.0 HIGH 9.8 CRITICAL
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
CVE-2013-0294 2 Fedoraproject, Pyrad Project 2 Fedora, Pyrad 2020-01-31 4.3 MEDIUM 5.9 MEDIUM
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
CVE-2013-3214 1 Vtiger 1 Vtiger Crm 2020-01-31 7.5 HIGH 9.8 CRITICAL
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVE-2013-1598 1 Vivotek 2 Pt7135, Pt7135 Firmware 2020-01-31 9.0 HIGH 8.8 HIGH
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
CVE-2013-2572 1 Tp-link 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more 2020-01-31 5.0 MEDIUM 7.5 HIGH
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
CVE-2013-1596 1 Vivotek 2 Pt7135, Pt7135 Firmware 2020-01-31 5.0 MEDIUM 5.3 MEDIUM
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
CVE-2019-4620 1 Ibm 1 Mq Appliance 2020-01-31 4.6 MEDIUM 7.8 HIGH
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.
CVE-2020-3121 1 Cisco 90 Sf350-48, Sf350-48 Firmware, Sf350-48mp and 87 more 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2019-19632 1 Bigswitch 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.
CVE-2013-1592 1 Sap 1 Netweaver 2020-01-31 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
CVE-2020-3115 1 Cisco 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more 2020-01-31 7.2 HIGH 8.8 HIGH
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.
CVE-2020-7910 1 Jetbrains 1 Teamcity 2020-01-31 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2013-1593 1 Sap 1 Netweaver 2020-01-31 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
CVE-2020-7911 1 Jetbrains 1 Teamcity 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
CVE-2020-7913 1 Jetbrains 1 Youtrack 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
CVE-2013-3093 1 Asus 14 Dsl-n55u, Dsl-n55u Firmware, Rt-ac66u and 11 more 2020-01-31 9.3 HIGH 8.8 HIGH
ASUS RT-N56U devices allow CSRF.
CVE-2020-7245 1 Ctfd 1 Ctfd 2020-01-31 6.8 MEDIUM 9.8 CRITICAL
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision.