CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-5159 79 XSS 2020-03-13 2020-03-18
4.3
None Remote Medium Not required None Partial None
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
2 CVE-2011-2487 327 2020-03-11 2021-06-16
4.3
None Remote Medium Not required Partial None None
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
3 CVE-2011-3269 200 +Info 2020-03-09 2020-03-10
5.0
None Remote Low Not required Partial None None
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.
4 CVE-2011-4538 200 +Info 2020-03-09 2020-03-10
5.0
None Remote Low Not required Partial None None
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.
5 CVE-2012-1094 200 +Info 2020-03-10 2020-03-10
5.0
None Remote Low Not required Partial None None
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
6 CVE-2012-1096 295 2020-03-10 2020-03-10
4.9
None Local Low Not required Complete None None
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
7 CVE-2012-1101 DoS 2020-03-11 2022-01-28
2.1
None Local Low Not required None None Partial
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
8 CVE-2013-1753 DoS 2020-03-11 2020-10-21
5.0
None Remote Low Not required None None Partial
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
9 CVE-2013-7487 74 Exec Code 2020-03-21 2020-03-25
6.8
None Remote Medium Not required Partial Partial Partial
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.
10 CVE-2014-1634 89 Sql 2020-03-09 2020-03-10
10.0
None Remote Low Not required Complete Complete Complete
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
11 CVE-2014-2721 276 +Priv 2020-03-19 2020-03-23
9.0
None Remote Low ??? Complete Complete Complete
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
12 CVE-2014-2722 276 +Priv 2020-03-19 2020-03-23
9.0
None Remote Low ??? Complete Complete Complete
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
13 CVE-2014-2723 276 +Priv 2020-03-19 2020-03-23
9.0
None Remote Low ??? Complete Complete Complete
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
14 CVE-2015-1583 352 CSRF 2020-03-02 2020-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
15 CVE-2015-3641 DoS 2020-03-12 2020-03-18
5.0
None Remote Low Not required None None Partial
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
16 CVE-2015-5684 120 Exec Code Overflow 2020-03-27 2020-04-01
10.0
None Remote Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
17 CVE-2015-7333 269 Exec Code 2020-03-27 2020-03-30
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
18 CVE-2015-7334 269 Exec Code 2020-03-27 2020-03-30
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
19 CVE-2015-7335 362 Exec Code 2020-03-27 2020-03-30
6.9
None Local Medium Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
20 CVE-2015-7336 347 Bypass 2020-03-27 2020-04-01
5.0
None Remote Low Not required None Partial None
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
21 CVE-2015-7338 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
22 CVE-2015-7339 434 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
23 CVE-2015-7340 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
24 CVE-2015-7341 434 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
25 CVE-2015-7342 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
26 CVE-2015-7343 79 XSS 2020-03-09 2020-03-10
3.5
None Remote Medium ??? None Partial None
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
27 CVE-2015-7344 79 XSS 2020-03-09 2020-03-09
3.5
None Remote Medium ??? None Partial None
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].
28 CVE-2015-7968 611 File Inclusion 2020-03-09 2020-03-10
4.0
None Remote Low ??? Partial None None
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
29 CVE-2015-8534 269 Exec Code 2020-03-27 2020-03-31
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
30 CVE-2015-8535 22 Exec Code Dir. Trav. 2020-03-27 2020-03-31
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
31 CVE-2015-8536 352 CSRF 2020-03-27 2020-03-31
6.8
None Remote Medium Not required Partial Partial Partial
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
32 CVE-2016-1159 200 +Info 2020-03-09 2020-03-10
4.0
None Remote Low ??? Partial None None
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
33 CVE-2016-1487 502 Exec Code 2020-03-09 2020-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
34 CVE-2016-6918 434 Exec Code 2020-03-09 2020-03-10
7.5
None Remote Low Not required Partial Partial Partial
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
35 CVE-2016-11021 78 Exec Code 2020-03-09 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
36 CVE-2016-11022 78 Exec Code 2020-03-23 2020-03-25
6.5
None Remote Low ??? Partial Partial Partial
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.
37 CVE-2016-11023 89 Exec Code Sql 2020-03-30 2020-03-30
7.5
None Remote Low Not required Partial Partial Partial
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
38 CVE-2016-11024 89 Exec Code Sql 2020-03-30 2020-03-30
7.5
None Remote Low Not required Partial Partial Partial
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
39 CVE-2016-1000111 425 2020-03-11 2020-03-13
5.0
None Remote Low Not required None Partial None
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
40 CVE-2017-10992 502 Exec Code 2020-03-10 2020-03-11
10.0
None Remote Low Not required Complete Complete Complete
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.
41 CVE-2017-12580 426 Exec Code 2020-03-02 2020-03-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.
42 CVE-2017-12842 20 2020-03-16 2020-03-23
5.0
None Remote Low Not required None Partial None
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
43 CVE-2017-18350 120 Overflow 2020-03-12 2020-03-18
4.3
None Remote Medium Not required None None Partial
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
44 CVE-2018-5951 2020-03-02 2020-03-04
7.1
None Remote Medium Not required None None Complete
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
45 CVE-2018-10125 79 XSS 2020-03-16 2020-03-18
4.3
None Remote Medium Not required None Partial None
Contao before 4.5.7 has XSS in the system log.
46 CVE-2018-10704 79 XSS 2020-03-12 2020-03-17
4.3
None Remote Medium Not required None Partial None
yidashi yii2cmf 2.0 has XSS via the /search q parameter.
47 CVE-2018-11838 415 2020-03-05 2020-03-05
7.2
None Local Low Not required Complete Complete Complete
Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20
48 CVE-2018-13060 287 2020-03-16 2020-03-18
5.0
None Remote Low Not required Partial None None
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
49 CVE-2018-13063 862 2020-03-16 2020-03-18
5.0
None Remote Low Not required Partial None None
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
50 CVE-2018-14384 79 XSS 2020-03-02 2020-03-04
3.5
None Remote Medium ??? None Partial None
The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.
Total number of vulnerabilities : 1754   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.