Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5601 1 Edx 1 Edx-platform 2020-01-07 6.5 MEDIUM 8.8 HIGH
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
CVE-2015-6253 1 Edx 1 Edx-platform 2020-01-07 3.5 LOW 5.4 MEDIUM
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
CVE-2017-18381 2 Edx, Mongodb 2 Edx-platform, Mongodb 2020-01-07 6.5 MEDIUM 9.1 CRITICAL
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVE-2019-3663 1 Mcafee 1 Advanced Threat Defense 2020-01-07 2.1 LOW 7.8 HIGH
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details
CVE-2014-4535 1 Import Legacy Media Project 1 Import Legacy Media 2020-01-07 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
CVE-2019-6013 1 Dlink 2 Dba-1510p, Dba-1510p Firmware 2020-01-07 6.8 MEDIUM 6.6 MEDIUM
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
CVE-2019-6014 1 Dlink 2 Dba-1510p, Dba-1510p Firmware 2020-01-07 8.3 HIGH 8.8 HIGH
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
CVE-2013-4743 1 Static Http Server Project 1 Static Http Server 2020-01-07 7.5 HIGH 9.8 CRITICAL
Static HTTP Server 1.0 has a Local Overflow
CVE-2019-20197 1 Nagios 1 Nagios Xi 2020-01-07 9.0 HIGH 8.8 HIGH
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
CVE-2014-4536 1 Katz 1 Infusionsoft Gravity Forms 2020-01-07 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
CVE-2018-20492 1 Gitlab 1 Gitlab 2020-01-07 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).
CVE-2018-6875 2 Keepkey, Shapeshift 2 Keepkey, Keepkey Firmware 2020-01-07 5.0 MEDIUM 7.5 HIGH
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
CVE-2019-19998 1 Xiuno 1 Xiunobbs 2020-01-07 5.0 MEDIUM 7.5 HIGH
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
CVE-2013-4796 1 Reviewboard 1 Reviewboard 2020-01-07 6.5 MEDIUM 8.8 HIGH
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
CVE-2019-20088 1 Gopro 1 Gpmf-parser 2020-01-07 6.8 MEDIUM 7.8 HIGH
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.
CVE-2019-18249 1 Reliablecontrols 4 Mach-prowebcom, Mach-prowebcom Firmware, Mach-prowebsys and 1 more 2020-01-07 4.3 MEDIUM 6.1 MEDIUM
Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link.
CVE-2019-20089 1 Gopro 1 Gpmf-parser 2020-01-07 6.8 MEDIUM 7.8 HIGH
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
CVE-2019-20090 1 Axiosys 1 Bento4 2020-01-07 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
CVE-2019-19733 1 Mfscripts 1 Yetishare 2020-01-07 4.3 MEDIUM 6.1 MEDIUM
_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
CVE-2019-6011 1 Tms-outsource 1 Wpdatatables Lite 2020-01-07 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-16790 1 Tiny File Manager Project 1 Tiny File Manager 2020-01-07 6.5 MEDIUM 8.8 HIGH
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
CVE-2019-20091 1 Axiosys 1 Bento4 2020-01-07 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.
CVE-2019-20092 1 Axiosys 1 Bento4 2020-01-07 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
CVE-2019-14897 1 Linux 1 Linux Kernel 2020-01-07 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
CVE-2019-19524 1 Linux 1 Linux Kernel 2020-01-07 4.9 MEDIUM 4.6 MEDIUM
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19526 1 Linux 1 Linux Kernel 2020-01-07 4.9 MEDIUM 4.6 MEDIUM
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.
CVE-2019-19532 1 Linux 1 Linux Kernel 2020-01-07 4.6 MEDIUM 6.8 MEDIUM
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.
CVE-2019-19738 1 Mfscripts 1 Yetishare 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
CVE-2019-19259 1 Gitlab 1 Gitlab 2020-01-06 4.0 MEDIUM 4.3 MEDIUM
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
CVE-2019-19254 1 Gitlab 1 Gitlab 2020-01-06 5.0 MEDIUM 5.3 MEDIUM
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
CVE-2014-1850 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2019-19256 1 Gitlab 1 Gitlab 2020-01-06 5.0 MEDIUM 5.3 MEDIUM
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
CVE-2019-19088 1 Gitlab 1 Gitlab 2020-01-06 7.5 HIGH 9.8 CRITICAL
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
CVE-2019-6027 1 Wpspellcheck 1 Wpspellcheck 2020-01-06 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-20202 1 Ezxml Project 1 Ezxml 2020-01-06 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
CVE-2015-5591 1 Zenphoto 1 Zenphoto 2020-01-06 6.5 MEDIUM 7.2 HIGH
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
CVE-2019-6033 1 Appleple 1 A-blog Cms 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4559 1 Cybercompay 1 Swipehq-payment-gateway-wp-e-commerce 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.
CVE-2019-20200 1 Ezxml Project 1 Ezxml 2020-01-06 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
CVE-2018-7859 1 Dlink 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.
CVE-2019-17568 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-19861 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-19862 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-19863 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-19864 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-3468 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-3469 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-3470 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-3471 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-3472 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.