CVE-2014-3484 — Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2)... read CVE-2014-3484
Published: February 19, 2020; 11:15:10 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2012-2629 — Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addne... read CVE-2012-2629
Published: February 19, 2020; 11:15:10 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM

CVE-2020-7942 — Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `... read CVE-2020-7942
Published: February 19, 2020; 04:15:11 PM -05:00

V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM

CVE-2015-7747 — Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as dem... read CVE-2015-7747
Published: February 19, 2020; 04:15:11 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM

CVE-2020-3169 — A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to in... read CVE-2020-3169
Published: February 26, 2020; 12:15:13 PM -05:00

V3.1: 6.7 MEDIUM
    V2: 7.2 HIGH

CVE-2020-1704 — An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this f... read CVE-2020-1704
Published: February 17, 2020; 12:15:14 PM -05:00

V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM

CVE-2013-7324 — Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existin... read CVE-2013-7324
Published: February 17, 2020; 02:15:11 PM -05:00

V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM

CVE-2019-12825 — Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a grou... read CVE-2019-12825
Published: February 17, 2020; 09:15:11 AM -05:00

V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM

CVE-2020-8768 — An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by ex... read CVE-2020-8768
Published: February 17, 2020; 04:15:13 PM -05:00

V3.1: 9.4 CRITICAL
    V2: 7.5 HIGH

CVE-2015-4715 — The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary file... read CVE-2015-4715
Published: February 17, 2020; 02:15:11 PM -05:00

V3.1: 4.9 MEDIUM
    V2: 4.0 MEDIUM

CVE-2019-1950 — A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an... read CVE-2019-1950
Published: February 19, 2020; 03:15:14 PM -05:00

V3.1: 8.4 HIGH
    V2: 7.2 HIGH

CVE-2020-6970 — A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute c... read CVE-2020-6970
Published: February 19, 2020; 04:15:11 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2019-12511 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires... read CVE-2019-12511
Published: February 24, 2020; 02:15:13 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 9.3 HIGH

CVE-2019-11189 — Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerab... read CVE-2019-11189
Published: February 20, 2020; 05:15:11 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2019-14891 — A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for th... read CVE-2019-14891
Published: November 25, 2019; 06:15:11 AM -05:00

V3.1: 5.0 MEDIUM
    V2: 6.0 MEDIUM

CVE-2020-7061 — In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information... read CVE-2020-7061
Published: February 27, 2020; 04:15:18 PM -05:00

V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM

CVE-2020-7062 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upl... read CVE-2020-7062
Published: February 27, 2020; 04:15:19 PM -05:00

V3.1: 7.5 HIGH
    V2: 4.3 MEDIUM

CVE-2020-7063 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on th... read CVE-2020-7063
Published: February 27, 2020; 04:15:19 PM -05:00

V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM

CVE-2019-12512 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be ins... read CVE-2019-12512
Published: February 24, 2020; 02:15:13 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-12513 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will ge... read CVE-2019-12513
Published: February 24, 2020; 02:15:13 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM