CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-4908 434 2020-02-12 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
2 CVE-2012-6611 798 2020-02-10 2020-02-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
3 CVE-2013-1359 287 2 Bypass 2020-02-11 2020-02-14
10.0
None Remote Low Not required Complete Complete Complete
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
4 CVE-2013-1360 287 1 Bypass 2020-02-11 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
5 CVE-2013-3091 287 Bypass 2020-02-07 2020-02-10
10.0
None Remote Low Not required Complete Complete Complete
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
6 CVE-2013-3684 434 2020-02-11 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
7 CVE-2013-4267 78 Exec Code 2020-02-11 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
8 CVE-2013-5945 89 1 Exec Code Sql 2020-02-11 2021-04-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
9 CVE-2013-6236 798 2020-02-12 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
IZON IP 2.0.2: hard-coded password vulnerability
10 CVE-2013-7173 120 Overflow 2020-02-13 2020-02-20
10.0
None Remote Low Not required Complete Complete Complete
Belkin n750 routers have a buffer overflow.
11 CVE-2013-7287 326 2020-02-13 2020-02-21
10.0
None Remote Low Not required Complete Complete Complete
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
12 CVE-2014-4981 78 Exec Code 2020-02-17 2020-02-20
10.0
None Remote Low Not required Complete Complete Complete
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
13 CVE-2014-5091 20 1 Exec Code 2020-02-07 2020-02-11
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
14 CVE-2015-0565 119 Overflow 2020-02-25 2020-03-05
10.0
None Remote Low Not required Complete Complete Complete
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
15 CVE-2015-2909 269 2020-02-06 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."
16 CVE-2015-5626 787 DoS Overflow 2020-02-05 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
17 CVE-2015-5627 787 DoS Overflow 2020-02-05 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
18 CVE-2015-5628 787 Exec Code Overflow 2020-02-05 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
19 CVE-2018-14705 287 2020-02-24 2020-03-02
10.0
None Remote Low Not required Complete Complete Complete
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.
20 CVE-2019-4392 798 2020-02-14 2020-02-19
10.0
None Remote Low Not required Complete Complete Complete
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
21 CVE-2019-10590 129 2020-02-07 2020-02-10
10.0
None Remote Low Not required Complete Complete Complete
Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
22 CVE-2019-10787 78 Exec Code 2020-02-04 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
23 CVE-2019-10789 78 2020-02-06 2020-02-07
10.0
None Remote Low Not required Complete Complete Complete
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
24 CVE-2019-14514 78 Exec Code 2020-02-11 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.
25 CVE-2019-15609 78 2020-02-28 2020-03-02
10.0
None Remote Low Not required Complete Complete Complete
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
26 CVE-2019-19994 78 Exec Code 2020-02-26 2020-02-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.
27 CVE-2019-20451 434 Exec Code 2020-02-10 2021-09-09
10.0
None Remote Low Not required Complete Complete Complete
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)
28 CVE-2019-20478 20 Exec Code 2020-02-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
29 CVE-2020-3740 119 Exec Code Overflow Mem. Corr. 2020-02-13 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
30 CVE-2020-3742 787 Exec Code Overflow 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
31 CVE-2020-3743 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
32 CVE-2020-3745 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
33 CVE-2020-3746 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
34 CVE-2020-3749 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
35 CVE-2020-3750 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
36 CVE-2020-3751 416 Exec Code 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
37 CVE-2020-3752 119 Exec Code Overflow 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
38 CVE-2020-3754 119 Exec Code Overflow 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .
39 CVE-2020-3760 74 Exec Code 2020-02-13 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
40 CVE-2020-3762 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.
41 CVE-2020-3763 2020-02-13 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.
42 CVE-2020-3765 787 Exec Code 2020-02-20 2020-02-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
43 CVE-2020-3923 863 2020-02-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.
44 CVE-2020-3924 74 2020-02-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.
45 CVE-2020-4210 78 Exec Code 2020-02-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.
46 CVE-2020-4211 78 Exec Code 2020-02-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.
47 CVE-2020-4212 20 Exec Code 2020-02-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.
48 CVE-2020-4213 78 Exec Code 2020-02-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.
49 CVE-2020-4222 78 Exec Code 2020-02-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.
50 CVE-2020-6760 78 Exec Code 2020-02-06 2020-02-11
10.0
None Remote Low Not required Complete Complete Complete
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
Total number of vulnerabilities : 1395   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.