CVE & Exploit Intelligence Database

CVE-2020-3315 5.3 MEDIUM EPSS 0.01

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

CWE-693 May 06, 2020

CVE-2020-12142 4.8 MEDIUM EPSS 0.00

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

CWE-668 May 05, 2020

CVE-2020-5887 9.1 CRITICAL EPSS 0.00

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.

CWE-668 Apr 30, 2020

CVE-2020-6442 4.3 MEDIUM EPSS 0.01

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-668 Apr 13, 2020

CVE-2020-11610 8.8 HIGH 1 Writeup EPSS 0.00

An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends.

CWE-668 Apr 07, 2020

CVE-2020-11582 8.8 HIGH EPSS 0.00

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)

CWE-668 Apr 06, 2020

CVE-2020-10867 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

CWE-668 Apr 01, 2020

CVE-2019-14905 5.6 MEDIUM EPSS 0.00

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

CWE-668 Mar 31, 2020

CVE-2020-10238 7.5 HIGH 1 PoC Analysis EPSS 0.03

An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

CWE-668 Mar 16, 2020

CVE-2019-5159 7.8 HIGH EPSS 0.00

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

CWE-668 Mar 11, 2020

CVE-2020-1981 7.0 HIGH EPSS 0.00

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

CWE-377 Mar 11, 2020

CVE-2019-10805 7.5 HIGH EPSS 0.00

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.

CWE-668 Feb 28, 2020

CVE-2019-10790 7.5 HIGH EPSS 0.00

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.

CWE-668 Feb 17, 2020

CVE-2020-8449 7.5 HIGH EPSS 0.04

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CWE-668 Feb 04, 2020

CVE-2020-8121 8.1 HIGH EPSS 0.00

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

CWE-284 Feb 04, 2020

CVE-2020-7912 5.3 MEDIUM EPSS 0.00

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

CWE-668 Jan 30, 2020

CVE-2019-4633 4.3 MEDIUM EPSS 0.00

IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

CWE-668 Jan 28, 2020

CVE-2019-10781 9.8 CRITICAL 1 Writeup EPSS 0.00

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.

CWE-668 Jan 22, 2020

CVE-2019-3682 8.4 HIGH EPSS 0.00

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

CWE-668 Jan 17, 2020

CVE-2019-20149 7.5 HIGH 1 PoC Analysis EPSS 0.00

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

CWE-668 Dec 30, 2019