Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6621 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
CVE-2020-6620 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
CVE-2020-6619 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
CVE-2020-6618 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
CVE-2020-6623 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
CVE-2020-6617 1 Nothings 1 Stb Truetype.h 2020-01-10 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
CVE-2019-18961 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18962 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18963 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18964 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18965 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18966 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18967 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18968 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18969 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18970 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-5205 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-5206 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-5207 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-5208 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-5209 2020-01-09 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-20077 1 Typesettercms 1 Typesetter 2020-01-09 4.3 MEDIUM 4.3 MEDIUM
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
CVE-2019-20360 1 Impress 1 Givewp 2020-01-09 5.0 MEDIUM 7.5 HIGH
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.
CVE-2018-20507 1 Gitlab 1 Gitlab 2020-01-09 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2014-4553 1 Spreadshirt-rss-3d-cube-flash-gallery Project 1 Spreadshirt-rss-3d-cube-flash-gallery 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters.
CVE-2013-3932 1 Jomres 1 Jomres 2020-01-09 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.
CVE-2013-3931 1 Jomres 1 Jomres 2020-01-09 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.
CVE-2016-4980 3 Ethz, Fedoraproject, Redhat 3 Xquest, Fedora, Enterprise Linux 2020-01-09 1.9 LOW 2.5 LOW
A password generation weakness exists in xquest through 2016-06-13.
CVE-2018-5732 1 Isc 1 Dhcp 2020-01-09 5.0 MEDIUM 7.5 HIGH
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
CVE-2013-0737 1 Boltwire 1 Boltwire 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.
CVE-2018-5733 4 Canonical, Debian, Isc and 1 more 8 Ubuntu Linux, Debian Linux, Dhcp and 5 more 2020-01-09 5.0 MEDIUM 7.5 HIGH
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
CVE-2017-3144 4 Canonical, Debian, Isc and 1 more 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more 2020-01-09 5.0 MEDIUM 7.5 HIGH
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
CVE-2013-1642 1 Quixplorer Project 1 Quixplorer 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.
CVE-2019-16717 1 Open-xchange 1 Open-xchange Appsuite 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.2 has XSS.
CVE-2012-5476 2 Debian, Openstack 2 Debian Linux, Horizon 2020-01-09 2.1 LOW 5.5 MEDIUM
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
CVE-2019-19311 1 Gitlab 1 Gitlab 2020-01-09 3.5 LOW 5.4 MEDIUM
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
CVE-2019-9471 1 Google 1 Android 2020-01-09 4.6 MEDIUM 6.7 MEDIUM
In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326
CVE-2019-9470 1 Google 1 Android 2020-01-09 4.6 MEDIUM 6.7 MEDIUM
In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528
CVE-2013-7351 1 Shaarli Project 1 Shaarli 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
CVE-2016-5285 5 Avaya, Debian, Mozilla and 2 more 32 Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager and 29 more 2020-01-09 5.0 MEDIUM 7.5 HIGH
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVE-2019-15603 1 Seeftl Project 1 Seeftl 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.
CVE-2019-14863 2 Angularjs, Redhat 3 Angular.js, Decision Manager, Process Automation 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVE-2019-10227 1 It-novum 1 Openitcockpit 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
CVE-2019-13445 1 Ros 1 Ros-comm 2020-01-09 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.
CVE-2019-7478 1 Sonicwall 1 Global Management System 2020-01-09 7.5 HIGH 9.8 CRITICAL
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
CVE-2020-5842 1 Codologic 1 Codoforum 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
CVE-2018-1253 1 Emc 1 Rsa Authentication Manager 2020-01-09 4.3 MEDIUM 6.1 MEDIUM
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVE-2013-5122 1 Cisco 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more 2020-01-09 10.0 HIGH 9.8 CRITICAL
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access
CVE-2019-19261 1 Gitlab 1 Gitlab 2020-01-09 6.8 MEDIUM 8.8 HIGH
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
CVE-2013-7070 1 Fibranet 1 Monitorix 2020-01-09 10.0 HIGH 9.8 CRITICAL
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.