Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1454 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2020-01-27 3.6 LOW 5.5 MEDIUM
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
CVE-2020-7981 1 Rubygeocoder 1 Geocoder 2020-01-27 7.5 HIGH 9.8 CRITICAL
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVE-2019-5124 2 Amd, Vmware 2 Atidxx64, Workstation 2020-01-27 7.8 HIGH 8.6 HIGH
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
CVE-2019-5146 2 Amd, Vmware 2 Atidxx64, Workstation 2020-01-27 7.8 HIGH 8.6 HIGH
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
CVE-2019-5147 2 Amd, Vmware 2 Atidxx64, Workstation 2020-01-27 7.8 HIGH 8.6 HIGH
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
CVE-2019-15278 1 Cisco 2 Finesse, Unified Contact Center Express 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
CVE-2013-1595 1 Vivotek 2 Pt7135, Pt7135 Firmware 2020-01-27 7.5 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
CVE-2019-16003 1 Cisco 1 Ucs Director 2020-01-27 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator.
CVE-2013-6792 1 Google 1 Android 2020-01-27 7.5 HIGH 9.8 CRITICAL
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
CVE-2020-5390 1 Pysaml2 Project 1 Pysaml2 2020-01-27 5.0 MEDIUM 7.5 HIGH
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.
CVE-2019-3686 1 Suse 1 Openqa 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
CVE-2012-4900 1 Corel 1 Wordperfect Office X6 2020-01-27 4.3 MEDIUM 5.5 MEDIUM
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference
CVE-2019-20003 1 Dicube 1 Easescreen Crystal 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication.
CVE-2013-6772 1 Splunk 1 Splunk 2020-01-27 4.3 MEDIUM 4.3 MEDIUM
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
CVE-2019-13524 1 Emerson 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more 2020-01-27 7.8 HIGH 7.5 HIGH
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
CVE-2013-6773 2 Microsoft, Splunk 2 Windows, Splunk 2020-01-27 4.6 MEDIUM 7.8 HIGH
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
CVE-2020-3940 1 Vmware 9 Workspace One Boxer, Workspace One Content, Workspace One Intelligent Hub and 6 more 2020-01-27 4.3 MEDIUM 5.9 MEDIUM
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
CVE-2012-2713 2 Browserid Project, Drupal 2 Browserid, Drupal 2020-01-27 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
CVE-2020-6638 1 Grin 1 Grin 2020-01-27 5.0 MEDIUM 7.5 HIGH
Grin through 2.1.1 has Insufficient Validation.
CVE-2019-19842 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-27 10.0 HIGH 9.8 CRITICAL
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVE-2015-4709 2020-01-27 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-11997 1 Hp 1 Enhanced Internet Usage Manager 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.
CVE-2019-16153 1 Fortinet 1 Fortisiem 2020-01-27 7.5 HIGH 9.8 CRITICAL
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
CVE-2012-6345 1 Novell 1 Zenworks Configuration Management 2020-01-27 5.0 MEDIUM 7.5 HIGH
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
CVE-2012-6083 1 Freeciv 1 Freeciv 2020-01-27 7.8 HIGH 7.5 HIGH
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.
CVE-2012-6344 1 Novell 1 Zenworks Configuration Management 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
CVE-2019-19840 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-27 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
CVE-2017-16112 2020-01-27 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-15010. Reason: This candidate is a reservation duplicate of CVE-2017-15010. Notes: All CVE users should reference CVE-2017-15010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2019-19835 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2020-01-27 5.0 MEDIUM 7.5 HIGH
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2012-2714 1 Browserid Project 1 Browserid 2020-01-27 7.5 HIGH 9.8 CRITICAL
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
CVE-2011-3582 1 Anelectron 1 Advanced Electron Forums 2020-01-27 6.8 MEDIUM 8.8 HIGH
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.
CVE-2015-6748 1 Jsoup 1 Jsoup 2020-01-27 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
CVE-2019-20093 1 Podofo Project 1 Podofo 2020-01-26 4.3 MEDIUM 5.5 MEDIUM
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
CVE-2015-9275 1 Arc Project 1 Arc 2020-01-25 5.0 MEDIUM 5.3 MEDIUM
ARC 5.21q allows directory traversal via a full pathname in an archive file.
CVE-2019-0141 2020-01-25 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2011-3612 1 Usebb 1 Usebb 2020-01-24 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
CVE-2019-16513 1 Connectwise 1 Control 2020-01-24 6.8 MEDIUM 8.8 HIGH
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
CVE-2020-7937 1 Plone 1 Plone 2020-01-24 3.5 LOW 5.4 MEDIUM
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
CVE-2020-7939 1 Plone 1 Plone 2020-01-24 6.5 MEDIUM 8.8 HIGH
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
CVE-2020-7104 1 Kibokolabs 1 Chained Quiz 2020-01-24 4.3 MEDIUM 6.1 MEDIUM
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
CVE-2020-7239 1 Ibm 1 Chatbot With Ibm Watson 2020-01-24 4.3 MEDIUM 6.1 MEDIUM
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.
CVE-2020-7940 1 Plone 1 Plone 2020-01-24 5.0 MEDIUM 7.5 HIGH
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
CVE-2020-7244 1 Comtechtel 2 Stampede Fx-1010, Stampede Fx-1010 Firmware 2020-01-24 9.0 HIGH 7.2 HIGH
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
CVE-2020-7243 1 Comtechtel 2 Stampede Fx-1010, Stampede Fx-1010 Firmware 2020-01-24 9.0 HIGH 7.2 HIGH
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
CVE-2020-7242 1 Comtechtel 2 Stampede Fx-1010, Stampede Fx-1010 Firmware 2020-01-24 9.0 HIGH 7.2 HIGH
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
CVE-2019-10958 1 Geutebrueck 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more 2020-01-24 9.0 HIGH 7.2 HIGH
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
CVE-2015-1202 2020-01-24 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2015-1203 2020-01-24 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-0542 2020-01-24 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-0544 2020-01-24 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.