IDCVSSSummaryLast (major) updatePublished
CVE-2020-9016 5.0
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
16-02-2020 - 22:15 16-02-2020 - 22:15
CVE-2020-9013 5.0
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
16-02-2020 - 21:15 16-02-2020 - 21:15
CVE-2020-9012 5.0
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
16-02-2020 - 20:15 16-02-2020 - 20:15
CVE-2020-9007 5.0
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
16-02-2020 - 20:15 16-02-2020 - 20:15
CVE-2019-20456 5.0
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.
16-02-2020 - 19:15 16-02-2020 - 19:15
CVE-2020-8997 5.0
Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre 2 before February 2020 allow remote attackers to enable write access via a specific NFC unlock command.
16-02-2020 - 18:15 16-02-2020 - 18:15
CVE-2020-8996 5.0
AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.
16-02-2020 - 18:15 16-02-2020 - 18:15
CVE-2020-7050 5.0
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly fla
15-02-2020 - 18:19 15-02-2020 - 18:19
CVE-2020-8129 5.0
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2020-8128 5.0
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2020-6068 5.0
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-5187 5.0
An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execut
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-4392 5.0
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-15594 5.0
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-15592 5.0
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-13967 5.0
iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-13966 5.0
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2019-13965 5.0
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, an
14-02-2020 - 22:15 14-02-2020 - 22:15
CVE-2020-8594 5.0
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
14-02-2020 - 20:22 14-02-2020 - 20:15
CVE-2013-4211 5.0
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
14-02-2020 - 20:22 14-02-2020 - 20:15
CVE-2020-8843 5.0
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions
14-02-2020 - 20:13 14-02-2020 - 19:15
CVE-2020-8612 5.0
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
14-02-2020 - 20:13 14-02-2020 - 19:15
CVE-2020-8858 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parame
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8857 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8856 5.0
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8855 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8854 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8853 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8852 5.0
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8851 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8850 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8849 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8848 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8847 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8846 5.0
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8845 5.0
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8844 5.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2020-8611 5.0
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2019-11215 5.0
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a wr
14-02-2020 - 18:31 14-02-2020 - 18:15
CVE-2019-6195 5.0
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if
14-02-2020 - 18:15 14-02-2020 - 17:15
CVE-2019-6194 5.0
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-6193 5.0
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encr
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-6190 5.0
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on sy
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-20046 5.0
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or ex
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-20045 5.0
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a d
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-19879 5.0
HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2.
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-19758 5.0
A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-19757 5.0
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web
14-02-2020 - 17:24 14-02-2020 - 17:15
CVE-2019-19765 5.0
** REJECT ** Unused CVE for 2019.
14-02-2020 - 17:15 14-02-2020 - 17:15
CVE-2019-19764 5.0
** REJECT ** Unused CVE for 2019.
14-02-2020 - 17:15 14-02-2020 - 17:15
Back to Top Mark selected
Back to Top