Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3473 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-6020 1 Alfasado 1 Powercms 2020-01-06 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
CVE-2019-6016 1 Remise 1 Payment Module 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6021 1 Ricoh 1 Limedio 2020-01-06 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
CVE-2018-20451 1 Libdoc Project 1 Libdoc 2020-01-06 4.3 MEDIUM 6.5 MEDIUM
The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.
CVE-2019-9737 1 Ipandao 1 Editor.md 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2019-9537 1 Telos 1 Automated Message Handling System 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9538 1 Telos 1 Automated Message Handling System 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9539 1 Telos 1 Automated Message Handling System 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9540 1 Telos 1 Automated Message Handling System 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-20205 1 Libsixel Project 1 Libsixel 2020-01-06 6.8 MEDIUM 8.8 HIGH
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
CVE-2019-9542 1 Telos 1 Automated Message Handling System 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2018-1300 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2018-1326 2020-01-06 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
CVE-2019-6031 1 Dayz 1 Kinza 2020-01-06 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.
CVE-2015-9540 1 Chamilo 1 Chamilo Lms 2020-01-06 5.8 MEDIUM 6.1 MEDIUM
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
CVE-2019-18781 1 Zohocorp 1 Manageengine Adselfservice Plus 2020-01-06 5.8 MEDIUM 6.1 MEDIUM
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
CVE-2019-6035 1 Yahoo 1 Athenz 2020-01-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
CVE-2013-4621 1 Magdevgroup 1 Magnolia Cms 2020-01-04 7.5 HIGH 9.8 CRITICAL
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
CVE-2012-2736 4 Canonical, Debian, Gnome and 1 more 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more 2020-01-04 3.3 LOW 4.4 MEDIUM
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
CVE-2013-4695 1 Winamp 1 Winamp 2020-01-04 6.8 MEDIUM 7.8 HIGH
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
CVE-2013-4693 1 Xorbin 1 Digital Flash Clock 2020-01-04 4.3 MEDIUM 6.1 MEDIUM
WordPress Xorbin Digital Flash Clock 1.0 has XSS
CVE-2013-4691 1 Sencha 1 Connect 2020-01-04 4.3 MEDIUM 6.1 MEDIUM
Sencha Labs Connect has XSS with connect.methodOverride()
CVE-2013-4665 1 Spbas 1 Business Automation Software 2020-01-04 4.3 MEDIUM 6.5 MEDIUM
SPBAS Business Automation Software 2012 has CSRF.
CVE-2013-4664 1 Spbas 1 Business Automation Software 2020-01-04 4.3 MEDIUM 6.1 MEDIUM
SPBAS Business Automation Software 2012 has XSS.
CVE-2013-4692 1 Xorbin 1 Analog Flash Clock 2020-01-04 4.3 MEDIUM 6.1 MEDIUM
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
CVE-2019-5390 1 Hp 1 Intelligent Management Center 2020-01-04 10.0 HIGH 9.8 CRITICAL
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-19580 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 6.0 MEDIUM 6.6 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
CVE-2019-19581 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 2.1 LOW 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.
CVE-2019-19582 2 Fedoraproject, Xen 2 Fedora, Xen 2020-01-03 2.1 LOW 6.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.
CVE-2019-20221 1 Sitracker 1 Support Incident Tracker 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
CVE-2019-20223 1 Sitracker 1 Support Incident Tracker 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
CVE-2019-20220 1 Sitracker 1 Support Incident Tracker 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
CVE-2019-20222 1 Sitracker 1 Support Incident Tracker 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
CVE-2013-3246 1 Xnview 1 Xnview 2020-01-03 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
CVE-2014-6420 1 Livefyre 1 Livecomments 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
CVE-2019-6018 1 Netcommons 1 Netcommons 2020-01-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3247 1 Xnview 1 Xnview 2020-01-03 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
CVE-2012-3462 1 Fedoraproject 1 Sssd 2020-01-03 6.5 MEDIUM 8.8 HIGH
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
CVE-2019-16557 1 Jenkins 1 Redgate Sql Change Automation 2020-01-03 4.0 MEDIUM 6.5 MEDIUM
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-16558 1 Jenkins 1 Spira Importer 2020-01-03 6.4 MEDIUM 8.2 HIGH
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.
CVE-2019-16556 1 Jenkins 1 Rundeck 2020-01-03 4.0 MEDIUM 6.5 MEDIUM
Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-16555 1 Jenkins 1 Build Failure Analyzer 2020-01-03 4.0 MEDIUM 6.5 MEDIUM
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
CVE-2019-16554 1 Jenkins 1 Build Failure Analyzer 2020-01-03 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
CVE-2019-16553 1 Jenkins 1 Build Failure Analyzer 2020-01-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
CVE-2019-16552 1 Jenkins 1 Gerrit Trigger 2020-01-03 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
CVE-2019-16551 1 Jenkins 1 Gerrit Trigger 2020-01-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
CVE-2012-5645 2 Fedoraproject, Freeciv 2 Fedora, Freeciv 2020-01-03 7.8 HIGH 7.5 HIGH
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
CVE-2019-16559 1 Jenkins 1 Websphere Deployer 2020-01-03 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
CVE-2019-16560 1 Jenkins 1 Websphere Deployer 2020-01-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.