CVE-2012-3806 — Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.
Published: January 09, 2020; 05:15:10 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2012-3808 — Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
Published: January 09, 2020; 05:15:10 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2012-3809 — Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
Published: January 09, 2020; 05:15:10 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2012-3810 — Samsung Kies before 2.5.0.12094_27_11 has registry modification.
Published: January 09, 2020; 05:15:10 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2019-6032 — The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Published: December 26, 2019; 11:15:12 AM -05:00

V3.1: 7.4 HIGH
    V2: 5.8 MEDIUM

CVE-2020-0002 — In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: And... read CVE-2020-0002
Published: January 08, 2020; 02:15:12 PM -05:00

V3.1: 8.8 HIGH
    V2: 9.3 HIGH

CVE-2019-11756 — Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
Published: January 08, 2020; 03:15:12 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2020-5510 — PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
Published: January 08, 2020; 01:15:13 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH

CVE-2019-11757 — When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70... read CVE-2019-11757
Published: January 08, 2020; 03:15:12 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2019-20155 — An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying se... read CVE-2019-20155
Published: January 05, 2020; 06:15:11 PM -05:00

V3.1: 8.8 HIGH
    V2: 9.0 HIGH

CVE-2019-20154 — An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML.
Published: January 05, 2020; 06:15:11 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-15602 — The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
Published: January 06, 2020; 12:15:13 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

CVE-2019-9465 — In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not need... read CVE-2019-9465
Published: January 07, 2020; 02:15:11 PM -05:00

V3.1: 5.5 MEDIUM
    V2: 2.1 LOW

CVE-2020-0003 — In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is nee... read CVE-2020-0003
Published: January 08, 2020; 02:15:13 PM -05:00

V3.1: 6.7 MEDIUM
    V2: 3.7 LOW

CVE-2013-3249 — Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vect... read CVE-2013-3249
Published: March 20, 2014; 12:55:11 PM -04:00

    V2: 9.3 HIGH

CVE-2010-5278 — Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_ke... read CVE-2010-5278
Published: October 07, 2012; 04:55:00 PM -04:00

    V2: 4.3 MEDIUM

CVE-1999-1593 — Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this p... read CVE-1999-1593
Published: January 14, 2009; 08:30:00 PM -05:00

    V2: 7.6 HIGH

CVE-2012-0797 — The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
Published: July 17, 2012; 06:20:53 AM -04:00

    V2: 5.5 MEDIUM

CVE-2010-2116 — The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.d... read CVE-2010-2116
Published: May 28, 2010; 04:30:01 PM -04:00

    V2: 6.5 MEDIUM

CVE-2017-7324 — setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
Published: March 30, 2017; 03:59:00 AM -04:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH