CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4067 120 DoS Exec Code Overflow 2020-02-11 2020-02-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.
2 CVE-2009-5139 916 2020-02-12 2020-02-14
4.3
None Remote Medium Not required Partial None None
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
3 CVE-2009-5140 307 2020-02-12 2020-02-14
4.3
None Remote Medium Not required Partial None None
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
4 CVE-2010-3917 200 +Info 2020-02-06 2020-02-10
4.3
None Remote Medium Not required Partial None None
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
5 CVE-2010-4658 74 2020-02-07 2020-02-11
5.0
None Remote Low Not required None Partial None
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
6 CVE-2010-4662 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
PmWiki before 2.2.21 has XSS.
7 CVE-2010-4815 20 Exec Code 2020-02-05 2020-02-07
7.5
None Remote Low Not required Partial Partial Partial
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
8 CVE-2010-5304 476 2020-02-05 2020-02-07
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
9 CVE-2011-0220 20 2020-02-05 2020-02-07
4.9
None Local Low Not required None None Complete
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
10 CVE-2011-0525 352 CSRF 2020-02-05 2020-02-07
6.8
None Remote Medium Not required Partial Partial Partial
Batavi before 1.0 has CSRF.
11 CVE-2011-0699 362 DoS Overflow 2020-02-20 2020-02-25
6.9
None Local Medium Not required Complete Complete Complete
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.
12 CVE-2011-1009 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
13 CVE-2011-1069 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
PHPShop through 0.8.1 has XSS.
14 CVE-2011-1084 79 XSS 2020-02-07 2020-02-10
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
15 CVE-2011-1085 352 CSRF 2020-02-07 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
CSRF vulnerability in Smoothwall Express 3.
16 CVE-2011-1086 79 XSS 2020-02-07 2020-02-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
17 CVE-2011-1150 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
18 CVE-2011-1151 89 Sql 2020-02-05 2020-02-07
6.4
None Remote Low Not required Partial Partial None
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
19 CVE-2011-1517 DoS Exec Code 2020-02-05 2020-02-07
7.5
None Remote Low Not required Partial Partial Partial
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
20 CVE-2011-1597 434 Exec Code 2020-02-06 2020-02-10
6.5
None Remote Low ??? Partial Partial Partial
OpenVAS Manager v2.0.3 allows plugin remote code execution.
21 CVE-2011-2054 287 2020-02-19 2020-02-24
6.0
None Remote Medium ??? Partial Partial Partial
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
22 CVE-2011-2343 200 +Info 2020-02-12 2020-02-19
2.1
None Local Low Not required Partial None None
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.
23 CVE-2011-2498 772 DoS 2020-02-20 2020-02-25
4.9
None Local Low Not required None None Complete
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
24 CVE-2011-2499 79 XSS 2020-02-12 2020-02-24
4.3
None Remote Medium Not required None Partial None
Mambo CMS through 4.6.5 has multiple XSS.
25 CVE-2011-3336 400 DoS 2020-02-12 2020-02-18
7.8
None Remote Low Not required None None Complete
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
26 CVE-2011-3629 326 2020-02-04 2020-02-05
5.0
None Remote Low Not required Partial None None
Joomla! core 1.7.1 allows information disclosure due to weak encryption
27 CVE-2011-3642 79 XSS 2020-02-08 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
28 CVE-2011-3901 200 +Info 2020-02-12 2020-02-25
5.0
None Remote Low Not required Partial None None
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
29 CVE-2011-4338 287 2020-02-12 2020-02-25
7.2
None Local Low Not required Complete Complete Complete
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
30 CVE-2011-4661 772 2020-02-12 2020-03-02
4.3
None Remote Medium Not required None None Partial
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
31 CVE-2011-4906 434 Exec Code 2020-02-12 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
32 CVE-2011-4908 434 2020-02-12 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
33 CVE-2011-4912 732 Bypass 2020-02-04 2020-02-05
5.0
None Remote Low Not required None Partial None
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
34 CVE-2011-4915 200 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
35 CVE-2011-4937 200 +Info 2020-02-04 2020-02-05
5.0
None Remote Low Not required Partial None None
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
36 CVE-2011-4938 79 XSS 2020-02-11 2020-02-25
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php.
37 CVE-2012-0055 862 Bypass 2020-02-19 2020-02-28
7.2
None Local Low Not required Complete Complete Complete
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
38 CVE-2012-0063 Exec Code 2020-02-21 2020-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.
39 CVE-2012-0718 2020-02-18 2020-03-04
5.8
None Remote Medium Not required Partial Partial None
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.
40 CVE-2012-0785 400 2020-02-24 2020-03-04
7.8
None Remote Low Not required None None Complete
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
41 CVE-2012-0810 400 DoS 2020-02-12 2020-02-14
4.9
None Local Low Not required None None Complete
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.
42 CVE-2012-0828 787 DoS Exec Code Overflow 2020-02-21 2020-03-05
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
43 CVE-2012-0844 200 +Info 2020-02-21 2020-02-24
2.1
None Local Low Not required Partial None None
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
44 CVE-2012-0951 787 Mem. Corr. 2020-02-12 2020-02-19
4.6
None Local Low Not required Partial Partial Partial
A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry.
45 CVE-2012-1093 59 2020-02-21 2021-02-25
6.9
None Local Medium Not required Complete Complete Complete
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
46 CVE-2012-1124 89 1 Exec Code Sql 2020-02-11 2020-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
47 CVE-2012-1500 79 XSS 2020-02-13 2020-02-24
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
48 CVE-2012-1566 2020-02-07 2020-02-12
5.0
None Remote Low Not required None Partial None
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny.
49 CVE-2012-1567 2020-02-07 2020-02-12
5.0
None Remote Low Not required None Partial None
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate.
50 CVE-2012-1903 79 XSS 2020-02-13 2020-02-24
3.5
None Remote Medium ??? None Partial None
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.
Total number of vulnerabilities : 1395   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.