Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4877 1 Basercms 2 Basercms, Mail 2020-01-23 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4879 1 Basercms 2 Basercms, Mail 2020-01-23 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-8211 1 Dell 1 Emc Data Protection Advisor 2020-01-23 5.0 MEDIUM 7.5 HIGH
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2016-8216 1 Dell 1 Emc Data Domain Os 2020-01-23 7.2 HIGH 6.7 MEDIUM
EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-1999-0144 1 Qmail Project 1 Qmail 2020-01-23 2.1 LOW N/A
Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
CVE-2018-18035 1 Open-emr 1 Openemr 2020-01-23 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
CVE-2020-2097 1 Jenkins 1 Sounds 2020-01-23 6.5 MEDIUM 8.8 HIGH
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.
CVE-2009-5025 1 Pyforum Project 1 Pyforum 2020-01-23 5.0 MEDIUM 7.5 HIGH
A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.
CVE-2012-0070 1 Spamdyke 1 Spamdyke 2020-01-23 5.0 MEDIUM 7.5 HIGH
spamdyke prior to 4.2.1: STARTTLS reveals plaintext
CVE-2014-3606 2020-01-23 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-14005 1 Qualcomm 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-14016 1 Qualcomm 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more 2020-01-23 10.0 HIGH 9.8 CRITICAL
Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130
CVE-2012-0334 1 Cisco 1 Ironport Web Security Appliance 2020-01-23 3.2 LOW 6.4 MEDIUM
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks
CVE-2019-17635 1 Eclipse 1 Memory Analyzer 2020-01-23 6.8 MEDIUM 7.8 HIGH
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.
CVE-2010-3295 2020-01-23 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2014-5380 1 Granding 2 Grand Ma300, Grand Ma300 Firmware 2020-01-23 5.0 MEDIUM 7.5 HIGH
Grand MA 300 allows retrieval of the access PIN from sniffed data.
CVE-2020-5502 1 Phpbb 1 Phpbb 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.
CVE-2020-5501 1 Phpbb 1 Phpbb 2020-01-23 4.3 MEDIUM 4.3 MEDIUM
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
CVE-2020-0656 1 Microsoft 1 Dynamics 365 2020-01-23 3.5 LOW 5.4 MEDIUM
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
CVE-2005-4154 1 Php 1 Pear 2020-01-23 5.1 MEDIUM N/A
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
CVE-2011-1072 1 Php 1 Pear 2020-01-23 3.3 LOW N/A
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
CVE-2011-1144 1 Php 1 Pear 2020-01-23 3.3 LOW N/A
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
CVE-2007-4773 1 Systrace Project 1 Systrace 2020-01-23 7.5 HIGH 9.8 CRITICAL
Systrace before 1.6.0 has insufficient escape policy enforcement.
CVE-2020-6162 1 Bftpd Project 1 Bftpd 2020-01-23 5.8 MEDIUM 9.1 CRITICAL
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.
CVE-2019-19727 2 Opensuse, Schedmd 2 Leap, Slurm 2020-01-23 2.1 LOW 5.5 MEDIUM
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
CVE-2014-9382 1 Free 1 Freebox Os 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
CVE-2016-4764 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2020-01-23 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2020-6609 1 Gnu 1 Libredwg 2020-01-23 6.8 MEDIUM 8.8 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVE-2020-6611 1 Gnu 1 Libredwg 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
CVE-2020-6612 1 Gnu 1 Libredwg 2020-01-23 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVE-2020-6613 1 Gnu 1 Libredwg 2020-01-23 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVE-2020-6614 1 Gnu 1 Libredwg 2020-01-23 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVE-2020-6615 1 Gnu 1 Libredwg 2020-01-23 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVE-2012-1326 1 Cisco 1 Ironport Web Security Appliance 2020-01-23 5.8 MEDIUM 7.4 HIGH
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
CVE-2012-1316 1 Cisco 1 Ironport Web Security Appliance 2020-01-23 4.3 MEDIUM 5.9 MEDIUM
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks
CVE-2015-7874 1 Portapps 1 Kitty Portable 2020-01-23 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVE-2011-4907 1 Joomla 1 Joomla\! 2020-01-22 5.0 MEDIUM 5.3 MEDIUM
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVE-2020-2098 1 Jenkins 1 Sounds 2020-01-22 9.3 HIGH 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.
CVE-2012-2950 2 Gatewaygeomatics, Microsoft 2 Mapserver, Windows 2020-01-22 9.3 HIGH 8.1 HIGH
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.
CVE-2012-4603 2 Citrix, Microsoft 3 Receiver, Xenapp Online, Windows 2020-01-22 9.3 HIGH 7.8 HIGH
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
CVE-2019-18893 3 Avast, Avg, Video Downloader Project 3 Secure Browser, Secure Browser, Video Downloader 2020-01-22 4.3 MEDIUM 6.1 MEDIUM
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
CVE-2019-17125 1 Solarwinds 1 Orion Platform 2020-01-22 4.3 MEDIUM 6.1 MEDIUM
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
CVE-2020-1609 1 Juniper 1 Junos 2020-01-22 8.3 HIGH 8.8 HIGH
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.
CVE-2018-10653 1 Citrix 1 Xenmobile Server 2020-01-22 7.5 HIGH 9.8 CRITICAL
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-5333 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2020-01-22 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVE-2019-17621 1 Dlink 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more 2020-01-22 10.0 HIGH 9.8 CRITICAL
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
CVE-2019-17127 1 Solarwinds 1 Orion Platform 2020-01-22 4.3 MEDIUM 6.1 MEDIUM
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
CVE-2012-0945 1 Whoopsie-daisy Project 1 Whoopsie-daisy 2020-01-22 5.5 MEDIUM 4.9 MEDIUM
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
CVE-2020-2093 1 Jenkins 1 Health Advisor By Cloudbees 2020-01-22 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.
CVE-2012-1563 1 Joomla 1 Joomla\! 2020-01-22 5.0 MEDIUM 7.5 HIGH
Joomla! before 2.5.3 allows Admin Account Creation.